The safe and effective digital administration of pension schemes is facing up to new challenges in the shape of cybercrime.
In part five of our Digital Admin series, we look at how cyber risks are viewed among industry leaders and the progress being made to mitigate against such threats.
Cyber risk is increasingly driving schemes towards considering changes. This was apparent in our conversations, but also from the survey data. While each scheme will state that cyber security is of great importance, that doesn’t mean there is consensus about how it should be addressed.
Gillian Bell senior administration consultant, third party administration, Hymans Robertson: said, “Another obstacle to digital transformation is cyber, and we're constantly having to keep up to date and revise our software to remain cyber compliant.”
As schemes move towards a DC environment, savers are increasingly asked to do more to help their scheme stay on top of data. Self-service systems, where they exist, are quite crude and little has been done to understand what information savers wish to see in these portals and platforms or what they might want to see that might improve their engagement.
Timothy Jenkins, senior team manager, digital comms and governance, Rhondda Cynon Taf County Borough Council: “We're constantly seeking new developments in software to make the savers’ experience as smooth as possible, but also in a manner which can aid us in the back office, not hinder us.
“This means we don’t always make anything really straightforward for the saver, but given level of complexity in the back office, it needs to address both.”
There exist many more risks today, including the addition of threats from cyber criminals. But this should not discourage schemes from embarking on change.
One argument suggests that the more that goes online, the more a scheme is exposed to cyber risk. However, others argue that retaining partial processes online – such as old self-service portals – on increasingly obsolete platforms, will only increase the risk from cyber criminals.
Of course, going fully digital doesn't necessarily satisfy, or even protect every saver. It will not be easy, or even possible, to ensure that every saver will be able to use two factor authentication on a self-service account.
Is it even possible that all will have smartphones to enable this, or even have email to set up their account in the first place?
These may not be insurmountable odds, particularly as increasing numbers of older savers engage with digital media.
But maintaining security will become more difficult in the future, particularly with an ageing working population that is more likely to phase retirement while continuing to work.
The Capita data incident in 2023 has convinced most that a more robust policy towards cyber risk – and therefore digital administration – will improve security overall, not weaken it. One scheme summarised it as: “Just because you will still be a target is not a good reason for not being hot on cyber risk”.
But the fact is every scheme is starting from a different place and a general improvement at each will not bring the industry in step. While the road may be fraught with challenges, a robust approach to cyber risk and a commitment to digital innovation can ultimately enhance security and improve the overall experience for savers.
This article is part five of a series that analyses the survey findings and the current position of digital pension administration in the UK. The full whitepaper is available to view here.
Read Part One - Digital pension administration in 2024 - where are we at?
Read Part Two - Digital pension administration in 2024 - ambition v progress
Read Part Three - Digital pension administration in 2024 - what the industry experts say
Read Part Four - Digital pension administration in 2024 – the factors influencing adoption