Dutch regulator: Schemes must increase control of data security

Related Categories

Dutch pension funds aren’t sufficiently in control of data security and outsourcing risks, according to regulator De Nederlandsche Bank (DNB).

In its newsletter it said that they must evaluate security more often, stop information leaks more quickly and be more alert regarding outsourcing risks, in particular the use of cloud storage.

DNB checked an unspecified number of pension funds for 54 criteria.

The supervisor noted that, compared to 2010, pension funds had improved on safety in programming software, increased the risk-awareness of their staff and improved co-operation on cybersecurity expertise.

However, it emphasised that pension funds must increase their investments in the quality of IT risk management, the monitoring of outsourced tasks, the testing of adjustments and “patch management”.

IT risk management needed more frequent evaluation and maintenance, DNB said, to prevent falling behind on “continuously changing cyber-risks”.

DNB found that no more than 60% of software security patches were installed within two days of being issued, and that full cover was only reached in 60 days, which it deemed “too long”.

The regulator announced an additional survey into data security, which would include an assessment of how quickly a pension fund was able to return to business as usual following a hack.

Drawing on another survey, the watchdog noted that pension funds and insurers increasingly outsourced data storage to cloud-based providers without a sufficient view on data security, continuity or the quality of the outsourcing partner.

It found that pension funds often weren’t aware that their data were stored in the cloud, which must be reported to DNB.

The supervisor said its survey had been an eye-opener to the sector, quoting a participating institution as saying that it had changed from “subconsciously incapable to consciously incapable”.

Related images

  • Netspar to branch out into artificial intelligence, big data

Have your say

You must sign in to make a comment


Your first step in manager selection...

IPE Quest is a manager search facility that connects institutional investors and asset managers.

  • DS-2497

    Closing date: 2019-01-09.

  • QN-2498

    Asset class: Fixed Income Investment Grade.
    Asset region: Global Developed Markets.
    Size: $50m.
    Closing date: 2019-01-07.

  • DS-2499

    Closing date: 2019-01-02.

  • DS-2500

    Closing date: 2019-01-10.

Begin Your Search Here