U.K. pension funds experienced a dramatic spike in cybersecurity breaches over the last year and need to understand their risks and potential liability, according to an analysis by international law firm Reynolds Porter Chamberlain.
While financial service providers reported more than a threefold increase in breaches between June 30, 2022, and June 30, 2023 — 640 compared to 187 — pension funds reported 246 incidents compared to six in the previous cycle.
The law firm analyzed cybersecurity breaches reported to the U.K.'s Information Commissioner's Office. The report released Sept. 25 said that hackers target pension funds because of the amount of valuable and sensitive financial data and their vulnerability to ransom demands because of pension obligations.
Pension trustees are responsible for managing cyber risk, according to guidance from The Pensions Regulator, and can be held liable, said Richard Breavington, a partner and head of cyber and tech insurance for Reynolds Porter Chamberlain, in a release. He recommended that pension funds and other businesses invest in understanding their cyber footprint and have policies and procedures in place.