Skip to main content

Your browser is out of date, and unable to use many of the features of this website

Please upgrade your browser.

Ignore

This website requires cookies. Your browser currently has cookies disabled.

Set your privacy preferences

We use necessary cookies to make our website work. Cookies are small files stored on your device. We also use optional cookies to improve our services and tell us if you have seen our advertising. The data we collect is anonymised. Are you happy to accept these cookies?

Cyber security incidents and costs at TPR

FOI reference - FOI-370
Date - 13 May 2025

Request

You have requested the following information:

  • Details of any/all cyber security incidents within the last 5 years.
  • Details of any/all qualifications held by employed parties directly involved in cyber security provisions.
  • Details of any contracts maintained by the Board of the Pension Protection Fund in relation to cyber security provisions.
  • Details of direct spend in relation to cyber security.
  • Details of strategic KPIs/KRIs that impact cyber security.

On 9 April 2025 you provided the following clarification of the third point of your request:

  • Details of any contracts maintained by the Pensions Regulator in relation to cyber security provisions.

Response

I confirm that we hold the information you have requested. Please find details below.

Details of any/all cyber security incidents within the last 5 years

TPR defines a cyber security incident as a cyber security event which has been determined to have an impact on the organisation, prompting the need for response and recovery.

No cyber security incidents have occurred at TPR within the last five years.

Details of any/all qualifications held by employed parties directly involved in cyber security provisions

Please find details below of the qualifications held by TPR staff who are directly involved in our cyber security provisions:

  • Cyber First Responder
  • CISMP
  • Microsoft Certified Azure Security Engineer
  • Systems Security Certified Practitioner
  • ISO27001 Lead Implementor

Details of any contracts maintained by the Pensions Regulator in relation to cyber security provisions

TPR maintains an ongoing contract with NCC Group in relation to our cyber security provisions.

Details of direct spend in relation to cyber security

Details of contracts TPR has awarded, and our spend over £25,000, can be reviewed on our website.

Please find details below of TPR’s direct staff costs for the past four year which relate to Cyber Security.

Year  Cost (£)
2021/22
 127,771.58
2022/23
 239,748.15
2023/24
 283,603.29
2024/25
 290,990.13

Nb. The above costs do not cover TPR staff whose roles may involve an element of cyber security work but this is not the main focus of their role. TPR does not record these costs.

Details of strategic KPIs/KRIs that impact cyber security

We do not have strategic KPIs/KRIs which impact cyber security.

Back to top