Cyber crime threat to pensions
Beckett Frith, October 24, 2017
Pensions data can be obtained by determined hackers
Organisations should be taking the threat of cyber criminals obtaining their pensions data very seriously, according to Ian Bell, a partner and head of pensions, travel and tourism at RSM UK.
Speaking at the PLSA’s annual conference, he warned that such information can be obtained by determined hackers. “This is professional, organised crime,” he said. “Data can be stolen to order if somebody thinks they can make financial gain from obtaining it.”
He reported that his researchers had found pensions data available online. “We know that 40% of firms have faced a cyber attack in the past 12 months,” he said. “Pensions data is not immune to this problem, and we have found some for sale on the so-called ‘dark web’ already.”
One of the best ways to protect against such threats is to ensure your pensions trustees are following the correct protocols. “Using your home computers or a personal email address is not cyber-friendly,” he said. “If any data is lost you need to be able to respond very quickly.”
John Dembitz, a member of the PLSA board, said the scope of the problem could be huge. “Cyber crime has been estimated to have cost the economy £500 billion,” he said. “But it could be anything up to £2.1 trillion. That’s a staggering amount.”
Speaking at the same event, Margaret Snowdon, chair of the Pension Liberation Industry Group, warned that offline scammers are a perennial threat to pensions savers.
"What we see is just the tip of the iceberg," she said. "I am fairly confident we have seen around £1 billion lost to scammers."
She warned that simply telling staff to be wary of such scams is not enough, as some fraudsters will groom their victims and try to make them suspicious of their trustees. "The scammers tell them what to say when the trustee tries to help," she said. "It's difficult to change their minds when you and I talk to them, but a good way to get through to them is to encourage them to talk to TPAS [The Pensions Advisory Service].
"If we could stop just 25% of people walking towards a scam then that would be good for the nation," she added.
In August the government announced new measures to protect private pension savers from being conned. Only active companies that produce regular, up-to-date accounts can now register pension schemes.