Global menu

Our global pages


Forthcoming events and seminars


Cyber security and pension schemes

Who should attend

Pension scheme trustees, compliance professionals and staff responsible for pension issues. NB this focusses on the data protection law implications and ICO/TPR reporting requirements – not technical IT security/ forensics.


The Pensions Regulator has issued guidance on cyber security, highlighting the need for trustees to be aware of their “responsibilities in respect of cyber resilience” and to “receive regular training and have access to skills and expertise to understand and manage cyber risk”. 

A pension scheme is a tempting target and a cyber breach is a bigger risk than you might think. This course, draws upon real examples, to describe the types of threat your scheme may face, including hacking and theft or corruption of member data. Under data protection law, trustees are ‘data controllers’. This course will remind you of your obligations to keep data secure and help identify gaps or weaknesses in scheme procedures and protocols.


09:00 registration and coffee, 09:30 start

Types of cyber attack on schemes

  • no one wants to admit to them: but these are the issues we handle

The obligation on ‘data controllers’

  • types of personal data breach
  • the requirement to report, to whom and when
  • TPR expectations of trustees
  • ICO investigation and enforcement risks

Types of breach and the steps to take

  • phishing attack
  • malware attack
  • theft or loss of personal data by the administrator on unencrypted laptop
  • third party breaches: who is responsible?

Governance: plan for the worst

  • high tech problems can have low tech solutions

16:30 close

Download the full Cyber security and pension schemes programme.


Details of our course speaker are contained in the PDF above.

Annual training course brochure

You can open an interactive version of our training course brochure. Alternatively, register to receive regular course updates.