Skip to main content

Your browser is out of date, and unable to use many of the features of this website

Please upgrade your browser.

Ignore

This website requires cookies. Your browser currently has cookies disabled.

Set your privacy preferences

We use necessary cookies to make our website work. Cookies are small files stored on your device. We also use optional cookies to improve our services and tell us if you have seen our advertising. The data we collect is anonymised. Are you happy to accept these cookies?

Cyber security guidance revised to help tackle threat

Ref: PN23-25

Issued: Monday 11 December 2023

The Pensions Regulator (TPR) is calling on trustees to report significant cyber-related incidents as part of updated guidance to tackle the ongoing threat posed by cyber criminals.

Pension schemes are at risk of being targeted by cyber-attacks because of the large amounts of personal data and assets they hold.

TPR’s latest guidance helps trustees and scheme managers meet their duties to assess the risk, ensure controls are in place, and respond to incidents. The guidance will also be of use to scheme suppliers and advisers.

For the first time, TPR is asking trustees and scheme providers to report significant cyber incidents, so it can build a better picture of the cyber risk facing the industry and its members.

Interim Director of Regulatory Policy, Analysis and Advice Louise Davey said: “Cyber risk is complex, evolving and requires a dynamic response. It’s a very real threat as we have seen from events this year.

“We want industry to work openly and collaboratively together, and with us, to address the challenges of cyber threats and have a clear plan for when things go wrong. Doing so will make us all more resilient to attacks. As part of this, we want to hear about cyber-related incidents so our understanding of issues improves in real time.”

Notes for editors

  • TPR is asking schemes, their advisers and providers to report significant cyber incidents to us on a voluntary basis, in an open and cooperative way, as soon as reasonably practicable. A significant cyber incident is likely to result in:
    • a significant loss of member data
    • major disruption to member services
    • a negative impact on a number of other pension schemes or pension service providers
  • TPR is the regulator of work-based pension schemes in the UK. Our statutory objectives are:
    • to protect members’ benefits
    • to reduce the risk of calls on the Pension Protection Fund
    • to promote, and to improve understanding of, the good administration of work-based pension schemes
    • to maximise employer compliance with automatic enrolment duties
    • to minimise any adverse impact on the sustainable growth of an employer (in relation to the exercise of the regulator’s functions under Part 3 of the Pensions Act 2004 only)

Press contacts

Matt Adams

Senior Media and Parliamentary Manager
pressoffice@tpr.gov.uk
01273 662086

Out of hours

This is for journalists only with a media enquiry. The below number will divert to our on call media officer.
pressoffice@tpr.gov.uk
01273 648496

Share this page

  • Facebook
  • Linked In
  • Twitter
Back to top