Management Consulting

Aon conducted a comprehensive assessment of over 100 UK pension schemes through its Pension Cyber Scorecard, revealing a mixed state of cyber resilience across the industry. The schemes varied significantly in their preparedness to handle cyber threats, with around 60% having a defined cyber strategy and 75% of trustees receiving training on cyber risks. However, fewer than 20% had documented cyber hygiene policies, indicating a gap in formalized practices. The tailored solution provided by Aon involved the use of the Pension Cyber Scorecard, which serves as a benchmarking tool for trust-based pension schemes to evaluate their cyber resilience. This tool not only assesses current practices but also offers a roadmap for improvement, helping schemes transition from novice to proficient in their cyber controls. Aon emphasized the importance of ongoing assessments, as the nature of cyber risk is continually evolving. Key findings from the assessment highlighted that while 90% of schemes conducted checks on their administrators' cyber controls, many lacked specialist expertise in evaluating these checks. Additionally, over 90% had a data breach policy, yet a significant number still transmitted sensitive information via unencrypted emails. Only 40% had a robust incident response plan, despite regulatory guidance recommending such measures. Alarmingly, over 60% had not evaluated the potential financial impact of a cyber attack, and a mere 2% had cyber insurance. The results underscored that larger schemes tended to perform better in terms of cyber resilience, but Aon concluded that the key factor was not size but rather 'cyber maturity'—the awareness and proactive engagement of trustees in addressing cyber risks. This insight is crucial for pension scheme sponsors, who bear the financial and reputational consequences of cyber incidents, highlighting the need for them to understand how their schemes are managing these risks.