Trustees open to cyber risks by not responding to NCSC reporting changes

Pension scheme advisors are being urged to review their cyber incident monitoring and reporting frameworks in light of the changes to weekly threat reporting that have been made by the National Cyber Security Centre (NCSC).  A change at the end of  last year in the reporting framework from the NCSC has meant that threat and incident analysis is no longer available from their usual reporting sources.

Stephen Wright, Head of IT with Trafalgar House said: “The change in NCSC threat reporting frameworks, which came into effect at the end last year, significantly alter the way advisories are issued and reported. Cybersecurity has fast become one of the biggest threats to schemes. Data breeches, scamming, ransomware, fraud – these have all become the stuff of trustee nightmares. And the sophistication of those threats is evolving rapidly, so it is important that schemes stay as far ahead of them as possible with comprehensive and proactive defence measures. It’s also imperative to check-in regularly with advisors that their measures are robust, and reports are undertaken frequently to demonstrate progression of mitigation of all vulnerabilities. A onetime spot check is simply not enough in this environment.

“There are some immediate actions schemes could, and should, take:

  • Verify cyber threat analysis updates: Confirm that all your advisers are proactively updating and refining their cyber threat analysis reports. It’s crucial that they regularly review and enhance their threat intelligence capabilities to protect against evolving cyber threats.
  • Enquire about intelligence sharing participation: Directly question your advisers on their involvement with intelligence sharing networks, such as the Cyber Information Sharing Partnership (CiSP). Participation in such frameworks is essential for staying informed about imminent threats and adopting best-practice responses.
  • Clarify threat identification and management: Gain a clear understanding of the mechanisms your advisers use to detect relevant cyber threats and incidents. Request detailed explanations on how these are integrated into their active risk management processes, ensuring a robust defence mechanism is in place.
  • Demand comprehensive and ongoing threat reporting: Insist on receiving frequent, detailed reports covering the spectrum of threat management activities—highlighting ongoing, resolved, and potential threats. These reports should demonstrate a continuous commitment to cyber security, reflecting an adaptive and responsive strategy to evolving cyber threats.
  • Check the procedures your advisors have in place – are they robust enough? Are they being constantly evaluated and updated?! What are vulnerability scores? Do they adequately protect their business and client data?”

Wright added: “Sadly, the issue of cyber security isn’t going anywhere but the good news is there is a lot that schemes can do to stay ahead of the curve and protect members.”

    Read more

    Latest News

    Read More

    Business ethics v the bottom line

    22 December 2024

    Newsletter

    Receive the latest HR news and strategic content

    Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

    Latest HR Jobs

    Location : Malvern Contractual hours : 35 hours per week Basis : Full Time, Permanent The job requirements are detailed below. Where applicable the skills,

    University of Nottingham – HR Business Partnering & Emp Relations Salary: £34,866 to £46,485

    HRUCSalary: £36,964 to £39,023 per annum including London Weighting

    Swansea University – Human ResourcesSalary: £26,038 to £28,879 per annum

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read the latest digital issue of theHRDIRECTOR for FREE