Pensions Regulator warns over third party risk


PwC shares that in April 2023, an outsourcing firm that administers pension funds for large organisations experienced a cyber incident which serves as a reminder for trustees of the need to address third party risk as part of robust cyber security and business continuity planning.

In a statement after the incident, the impacted firm said there had been limited data exfiltration from its affected server estate, which might include customer, supplier or colleague data. As a result of this, pension schemes that use this administrator will need to consider writing to their members about potential data loss.

According to PwC, the incident is also a warning for the wider pensions industry and the Pensions Regulator has reminded trustees that they are responsible for the security of their members’ data, highlighting its best practice cyber security guidance for minimising risk and building greater cyber resilience.

Read more on their website.