01 July 2021
The Plan holds large amounts of personal information about our members and other assets which can make us a target for fraudsters and criminals. We are taking steps to protect our members and assets accordingly, which involves putting in protective measures against cyber risk. This is an issue which The Pensions Regulator (TPR) is asking all trustees and scheme managers to address, regardless of the size or structure of their particular scheme.
Cyber risk is broadly defined as the risk of loss, disruption or damage to a scheme or its members as a result of the failure of its information technology systems and processes. It includes risks to information (data security) as well as assets, and both internal risks (e.g. from staff) and external risks (e.g. hacking).
We are taking steps to build our cyber resilience — our ability to assess and minimise the risk of a cyber incident occurring, but also to recover when an incident takes place. We are also collaborating with all relevant parties (including our third party service providers) to define our approach to managing this risk, in line with guidance provided by TPR and other industry experts.
To date we have implemented the following measures:
Our next steps will include assessments of the cyber protection measures that our third party service providers have in place, to ensure that Plan information is adequately protected, no matter where it is held.