mast image

Special Report

Impact investing


Pension funds falling short on cybersecurity, regulator warns

Related Categories

The risk of data security incidents is increasing as pension funds insufficiently factor cybersecurity into their risk assessments, Dutch pensions supervisor De Nederlandsche Bank (DNB) has warned.

In its annual security monitor, the regulator said that financial institutions, including pension funds, insufficiently evaluated their risk management in this area, or failed to anticipate developments in data security.

“As cybersecurity threats increase and change, evaluating and anticipating is crucial,” said DNB.

It said it was remarkable that concrete threats – such as phishing, ransomware and hacking – received “little attention”.

The watchdog also noted that pension funds often did not have sufficient knowledge of security measures at their outsourced service providers.

“As a consequence, schemes are unable to show they are in control, or make clear that measures are effective,” DNB said.

DNB added that sometimes a scheme knew how outsourcing partners had organised their security, but lacked insight into mutual dependencies.

This raised questions about whether all measures combined would be sufficient for the entire investment chain.

Last year, DNB warned that pension funds’ view on data security often fell short of the requirements, sometimes because of data stored in ‘the cloud’.

The regulator also drew attention to access rights, highlighting that schemes often lacked formal procedures for processes such as authorisation of access to data.

Further reading:



Briefing: Cyberwar without end
Daniel Ben-Ami explores how financial institutions are faring in the cyber arms race against criminals

Asset managers urged to collaborate on cybersecurity
Investment firms should share resources and invest in new technologies, says the UK’s trade body for the sector

Pensions industry underestimating threat of cyber crime, experts warn
The pensions industry worldwide is underestimating the risks posed by cyber crime, and too few experts are available to help tackle the problem

Related images

  • Cybersecurity

Have your say

You must sign in to make a comment


Your first step in manager selection...

IPE Quest is a manager search facility that connects institutional investors and asset managers.

  • QN-2543

    Asset class: Search of an Asset manager / Advisor managing / Advising a risk-based equity derivatives overlay program.
    Asset region: Global Developed Markets Equities, Global Emerging Markets Equities, Swiss Equities.
    Size: CHF 700-2100 million.
    Closing date: 2019-06-17.

  • QN-2544

    Asset class: Transitional Real Estate Debt.
    Asset region: North America (USA/Canada).
    Size: $50-100mn.
    Closing date: 2019-06-17.

  • QN-2546

    Asset class: Real Estate Equity Fund (non listed).
    Asset region: Europe.
    Size: Total CHF 600m, approx. CHF 100-300m per fund investment.
    Closing date: 2019-06-28.

Begin Your Search Here