Aon finds that cyber risk is an increasingly relevant topic for pension schemes

Published on Tue, 31/10/2023 - 15:44

A pensions sector risk survey from Aon highlights little common ground for trustees and sponsors.

The latest Global Pension Risk Survey from Aon has found that investment return was ranked as the highest risk for both trustees and sponsors.

The survey, which has just been released by the firm, found that while both sponsors and trustees agreed on the top threat to their schemes being able to pay member benefits as they came due, there was little common ground on the placing of other hazards.

Trustees said that their second highest-rated risk was interest rate and inflation risk, followed by longevity, regulatory, liquidity, covenants, and governance/operational risks.

Among sponsors, the second highest-rated risk was longevity, followed by regulatory, interest rate and inflation, liquidity, governance/operational risk, and covenant risk.

The authors of the report wrote: “It was interesting that investment return was ranked the highest risk. While this is clearly an important factor for schemes relying on asset returns to fill deficits, for well-funded de-risked schemes, we might expect the priority to be exceeded by others.”

The authors also reflected on the fact that trustees rated interest rate and inflation risk much higher than did sponsors, and attributed it to ‘recency bias’ following the fallout from the gilts crisis of last year.

They also pointed to the ranking of governance and operational risk.

They wrote: “Governance/operational risk was ranked low — and lower by trustees than by sponsors. Arguably, this could include cyber risk, which, conversely, was ranked as the number one risk by risk decision makers responding to Aon’s Global Risk Management Survey that assesses business risks. Cyber risk is discussed in more detail in the ‘hot topics’ section of this report.”

The ‘hot topics’ section of the report found that nearly seven out of ten respondents had highlighted an increased focus on cyber risk, with roughly the same amount having made a provisional GMP equalisation method decision. At the same time, just over a fifth of schemes had a trustee EDI policy in place.

The authors referred to the 2019 iteration of this survey, saying that back then only three per cent of respondents had reported an impact on their scheme arising from a cyber attack.

They added: “By 2021, we reported that this risk was no longer theoretical and there were numerous examples of schemes, sponsors and providers being impacted in a way that affected the scheme — seven per cent reported that they had suffered a cyber incident. Fast forward another two years and this statistic now stands at an alarming fourteen per cent. Put another way, the number of schemes impacted by a cyber incident has doubled every two years — and that is before the impact of the recent high profile attack is fully reflected in the survey data.”