CYBERCRIME THREATS

As Trustees, it is your responsibility to protect members which includes protecting against Cyber fraud.


  • Do you understand Cyber risks, attack types and Red Flags?
  • Do you know how strong your Pension Scheme Cyber defences are right now? 
  • Do you have the right processes and controls in place? 
  • Are you monitoring and reporting Cyber risks?
  • If you don't understand it, how can you make informed decisions about Cyber Risks?


Sign up below for a free brochure that will help you demystify Cyber Security and enhance your Cyber Resilience

*By signing up you agree to receive our monthly newsletters. You can opt out at any time


Can you meet PRAG Guidelines & are you cyber ready?


Every Trustee should act now on PRAG guidance on Cyber Security (last issued in Oct-20), which outlines 3 main action areas:

computer

Understanding the nature of the scheme's vulnerabilities to Cybercrime


computer

Ensuring the scheme is resilient to Cybercrime


computer

Ensuring if attacked, the scheme remains able to fulfil key functions


It also recommends that schemes should consider obtaining independent verification that these actions are being followed- just like an independent audit of financial accounts.  Suppliers protection levels also need to be considered.  We are here to help with this.


Every pension scheme holds a huge amount of sensitive, private and confidential data and assets, known as “crown jewels” which makes them attractive targets for cyber criminals.  Cyber criminals want your crown jewels.  Data is the new gold, criminals seek to gain access and extract (exfiltrate) data to sell it or leak onto the dark web, to hold or freeze access to your systems causing operational disruption, and they may potentially hold you to ransom to pay monies to them to regain access. 

The threat of Cybercrime is real and is happening now, with the frequency of attacks over the COVID landscape having increased significantly. Attacks are also becoming more sophisticated.  This problem of Cybercrime is not going away, if anything it’s going to get even worse as technology continues to advance with Artificial Intelligence, Machine Learning and greater adoption of the Cloud technologies.  Threats change as technology changes, making it more difficult to safeguard.

As there is no solution to Cybercrime, it is essential to get to grips and understand what Cyber Risk is, how attacks happen, what the red flags are and how to become more cyber resilient. Cyber Security is not an annual tick box exercise, it’s a way of life.  You need to continually monitor and enhance your Cyber Security posture. It’s essential to build a strong security aware culture and take a holistic approach to all round scheme protection to reduce the impact of an attack.


What are the costs of a Cyber Incident?

Costs associated with a Cyber incident or Data breach can be truly significant, here are a few to mention:

Downtime Impact


Remediation Costs


Restoration Costs

Providing you can use your backups




Impact on Cyber insurance premium renewals


Cost of a post mortem investigation

to understand how the incident happened, when, for how long, what was impacted and to what extent


Brand damage and loss of member confidence


Ransom Costs


Member compensation claims


Potential fines



Ransoms: Pay or Not to Pay?


Are you clear on your ethical stance to paying a ransom?

It’s not illegal to pay a ransom but payment encourages criminals to continue to do it.  A crisis is not the time to decide.  If you are going to pay a ransom, do you have the funds to pay and access to Cryptocurrencies?

Act Now, “be proactive not reactive when it comes to Cyber Security”. You need to plan for a cybercrime. We are here to help demystify Cyber Security, to show you what, when, who, where and how.



Here at Assure UK in Partnership with Lockdown Cyber Security we can help you by providing:


check_circle

Comprehensive Cyber Security Health Check report

Our analysis provides an independent objective review of your organisations Cyber position.  It is very important to understand your pension scheme’s vulnerabilities and cyber risks and how to address them, in what order.


check_circle

Bounce Back Faster

It’s essential you develop processes to respond to incidents to bounce back faster and mitigate down incident costs and downtime.  Keeping as many scheme’s core functions going during an incident is critical to scheme operations.


check_circle

On-site presentation of your results

You receive the full benefit of our experience through a personal presentation and discussion of your scheme’s results


check_circle

Value

Our holistic review internally across your people, process, technology and environment and externally will enable you to improve your Cyber Resilience.


check_circle

Security Awareness Training

Training staff is key, as most successful cyber-attacks are the result of human error.  Your people are your weakest link, so it’s important to build security aware culture, a strong human firewall.  Lockdown Cyber Security works in partnership with ICAEW to provide Cyber Security training for Accountants and Business Leaders.  So are well placed to train Trustees in Cyber Security.


check_circle

Straightforward approach

We implement practical Cyber risk based solutions that align to the way your pension scheme operates



check_circle

Our digital tool kit

We can help you achieve a sensible, working balance between the Cyber Security needs of your pension scheme and the demands of regulations.


star
star
star
star
star

As an FD with the responsibility for managing the IT department, in my opinion, cyber security represents one of the key risks in any organisation and should therefore be managed at the highest level... I would highly recommend ICAEW colleagues attend the course. it will provide you with the knowledge and motivation to ensure your organisation maintains its ongoing resilience to ever more widespread and sophisticated cyber threats.


– Kerry Davies - Director of Finance and IT at Severn Hospice
After recently attending Lockdown Cyber Security training course in Partnership with ICAEW "Cyber Security for Accountants"