Pension funds falling short on cybersecurity, regulator warns

Related Categories

The risk of data security incidents is increasing as pension funds insufficiently factor cybersecurity into their risk assessments, Dutch pensions supervisor De Nederlandsche Bank (DNB) has warned.

In its annual security monitor, the regulator said that financial institutions, including pension funds, insufficiently evaluated their risk management in this area, or failed to anticipate developments in data security.

“As cybersecurity threats increase and change, evaluating and anticipating is crucial,” said DNB.

It said it was remarkable that concrete threats – such as phishing, ransomware and hacking – received “little attention”.

The watchdog also noted that pension funds often did not have sufficient knowledge of security measures at their outsourced service providers.

“As a consequence, schemes are unable to show they are in control, or make clear that measures are effective,” DNB said.

DNB added that sometimes a scheme knew how outsourcing partners had organised their security, but lacked insight into mutual dependencies.

This raised questions about whether all measures combined would be sufficient for the entire investment chain.

Last year, DNB warned that pension funds’ view on data security often fell short of the requirements, sometimes because of data stored in ‘the cloud’.

The regulator also drew attention to access rights, highlighting that schemes often lacked formal procedures for processes such as authorisation of access to data.

Further reading:



Briefing: Cyberwar without end
Daniel Ben-Ami explores how financial institutions are faring in the cyber arms race against criminals

Asset managers urged to collaborate on cybersecurity
Investment firms should share resources and invest in new technologies, says the UK’s trade body for the sector

Pensions industry underestimating threat of cyber crime, experts warn
The pensions industry worldwide is underestimating the risks posed by cyber crime, and too few experts are available to help tackle the problem

Related images

  • Cybersecurity

Have your say

You must sign in to make a comment


Your first step in manager selection...

IPE Quest is a manager search facility that connects institutional investors and asset managers.

  • QN-2563

    Asset class: Mid & Small Cap Equities.
    Asset region: Global.
    Size: USD $130m.
    Closing date: 2019-09-27.

  • QN-2564

    Asset class: Large Cap Growth Equities.
    Asset region: Global Developed Markets.
    Size: USD $130m.
    Closing date: 2019-10-04.

Begin Your Search Here