Advising pension scheme trustees on cyber security and data breach planning

BRIEF

Infinite Global was appointed to advise two major pension funds in relation to their cyber security and data breach preparedness strategies. Working in collaboration with the forensics team of a leading UK accounting firm, our task was to help fund trustees understand the nature of the cyber risk they faced and how breaches were likely to occur. Further, we advised regarding how risks can be mitigated and prepared for, as well as how an active data breach should be managed in order to minimise commercial, legal and reputational harm.

APPROACH

Working with our partner firm, we analysed both funds’ existing cyber security and data breach protocols, providing risk analysis and recommendations for how plans should be augmented and bolstered. From there, we devised and facilitated interactive data breach simulation workshops for trustees of both funds, designed to immerse individuals in the realities of an active data breach.

Using a mix of pre-determined ‘storylines’ for the simulated scenarios which evolved over the course of the sessions (reflecting trustees’ real-time decision-making in tackling the simulated breaches), we were able to provide a realistic ‘war game’ environment which accurately conveyed the uncertainty and complexity of real-world crisis management.

OUTCOME

In both cases, client feedback was extremely positive. In particular, trustees testified to the importance of fully understanding the varied and easily-overlooked sources of potential data breach. Further, they were able to realise the critical importance of having comprehensive data breach response plans in place, supported by appropriate training and awareness raising – not only within the funds themselves, but across their value chain of advisors and scheme managers.