Following the announcement by The Pensions Regulator’s (TPR) chief executive Lesley Titcomb that third party administrators must be held to account on cyber security within the pensions industry, it is even clearer that the issue of cyber security needs to be at the forefront of risk management policy regardless of if technology platforms are in house or outsourced.
If a company has a cyber footprint that extends beyond their own systems and are relying on third parties to hold and process data, they must ensure that those companies operate to acceptable standards in terms of cyber security and data protection.
Reliance on key third parties needs to be actively managed through regular dialogue and review of the controls that they operate on your behalf. This is a sometimes neglected area which can be complicated by the lack of appropriate performance indicators and defined service levels and security models.
Activities such as regular security assessments and audits are required if businesses are to mitigate their exposure to potentially critical disruptions to their privacy and operations through the activities of their agents. Organisations that have been let down by partners that they rely upon is, unfortunately, a common occurrence, and businesses need to take steps to reduce risk to ensure data assets are secure.
Join our cyber security in the pensions sector webinar to hear more about steps that can be taken to mitigate against such risk.