Global menu

Our global pages


Cyber security and pension schemes


Who should attend

Pension scheme trustees, compliance professionals and staff responsible for pension issues. NB this focusses on the data protection law implications and ICO/TPR reporting requirements – not technical IT security/ forensics.


The Pensions Regulator has issued guidance on cyber security, highlighting the need for trustees to be aware of their “responsibilities in respect of cyber resilience” and to “receive regular training and have access to skills and expertise to understand and manage cyber risk”. 

A pension scheme is a tempting target and a cyber breach is a bigger risk than you might think. This virtual course, draws upon real examples, to describe the types of threat your scheme may face, including hacking and theft or corruption of member data. Under data protection law, trustees are ‘data controllers’. This course will remind you of your obligations to keep data secure and help identify gaps or weaknesses in scheme procedures and protocols.

Since the start of UK lockdown, the proportion of attacks targeting home workers has increased from 12% of malicious email traffic to more than 60%. Now more than ever there is a need for organisations to manage new and emerging cyber threats. There has been a rapid shift to remote working for staff administering schemes. Guidance from the ICO (June 2020) on spotting suspicious links/emails will be useful to many in the Pensions industry.


9:30 start

Types of cyber attack on schemes

  • no one wants to admit to them: but these are the issues we handle

Types of breach and the steps to take

  • phishing attack
  • malware attack
  • third party breaches: who is responsible?

The obligation on ‘data controllers’

  • types of personal data breach
  • the requirement to report, to whom and when
  • TPR expectations of trustees
  • ICO investigation and enforcement risks

Governance: plan for the worst

  • high tech problems can have low tech solutions

Administration agreements

  • ensuring cyber security is properly addressed under your administration agreement

12:30 close

Download the full Cyber security and pension schemes programme.


Lorna Doggett, Legal Director, Eversheds Sutherland

Lorna is an expert in GDPR as it applies to pension schemes.  She is the "go to" on data privacy for our Pensions practice.  Lorna has a wealth of experience advising and training trustees on data privacy matters.

Gemma Hanley, Legal Director, Eversheds Sutherland

Gemma is a Legal Director in our Human Resources Practice Group and specialises in pensions. She has over 17 years' experience, advising trustees and employers in relation to the full spectrum of pensions issues including scheme closure and benefit redesign, funding and investment issues, scheme mergers, corporate reorganisations and routine governance and compliance issues. Gemma is a regular speaker as Eversheds Sutherland public courses as well as at North East groups of the PMI and PSLA.

Simon Lightman, Partner, Eversheds Sutherland

Simon advises both trustees and administrators on pensions administration agreements and related platform and software licensing arrangements. Simon was previously Commercial and Legal Director for a leading provider of pensions administration services.

John Inglese, Associate, Eversheds Sutherland

John advises a broad range of clients in relation to data privacy matters, including transparency requirements, advice on the underlying lawful bases for processing personal data, data sharing agreements, data sharing with public authorities and international transfers of personal data. He also advises on freedom of information law.

Cost: £225

All prices are exclusive of VAT

Group discount:

10% discount for delegate 2 and subsequent delegates.

Online payment discount: 10%

Select a date

Forthcoming events and seminars