Pensions industry underestimating threat of cyber crime, experts warn
The pensions industry worldwide is underestimating the risks posed by cyber crime, and too few experts are available to help tackle the problem, internet security experts have claimed.
Speaking at the World Pension Summit in The Hague, Lloyd Komori, vice-president of risk management at Canada’s €43bn Ontario Municipal Employees Retirement System (OMERS), argued that internet crime was one of the industry’s biggest risks.
“Of all external and non-investment-related risk for pension funds, this is the scariest,” he said, adding that his pension fund had listed cyber crime in the top three of its “risk shortlist”.
According to Komori, pensions funds acknowledge cyber security risk but do not seem to act “as if there is an enormous shortage of security experts”.
He pointed out that hackers are often after not just money but also valuable information.
Phil Zimmermann, a US-based expert on encryption, took pains to emphasise that cyber criminals were far ahead of the business world.
“Hacking is no longer a matter of adolescents in black T-shirts,” he said. “It is now carried out by countries with political and commercial interests that are in full attack mode.”
Neither Zimmermann nor Komori was able to produce concrete examples of cyber attacks on pension funds or asset managers.
But Zimmermann said this was logical, “as the chance is very small this would be published because of the immense reputational damage it would cause”.
Victoria Wang, senior lecturer on cyber crime at Portsmouth University, highlighted that cyber thieves operated everywhere there is money, including the pensions sector.
She said that, since the UK introduced the option of a lump-sum payment at retirement, cases of internet fraud at the expense of retirees – tricked into making fake investments – had doubled within a short period.
Zimmermann said the pensions sector could tackle cyber crime by investing in their own IT systems, as well as in start-ups in the security sector.
“Pension funds could achieve attractive returns, as the cyber-security sector is to grow into a €158bn industry within the next five years,” he said.