An increase in the frequency of digital breaches among financial organizations is pushing institutional investors to take the necessary steps to prevent cyberattacks, says Sebastien Betermier, executive director at the International Centre for Pension Management.
The complexity of the industry as well as the investment patterns of Canadian pension funds can create increased risk in a landscape where these organizations are increasingly targeted by digital attacks. When assessing their vulnerabilities, plan administrators must think not just of their prevention strategies but also how to handle a breach situation, he says, adding it’s important that organizations consider input from their legal, central risk oversight and information technology teams when developing a strategy.
“One of the sources of complexity for Canadian plans is that they tend to be more direct investors . . . when you’re investing directly in the firms, you have potential cyber threats on your own liability.”
Indeed, the risk of cyberattacks is magnified because of how business takes place. Because of their involvement as investees in other organizations, pension funds are at risk of attacks not just against their own organization but to all the partners they work with. “You [need to] have a structure that [assumes] you’re likely to have [a breach.] It’s not if, it’s when.”
A 2023 survey by PricewaterhouseCoopers found the cost of cyberattacks increases depending on the size of the organization. It noted firms valued at more than US$10 billion reported breaches costing an average of US$7.2 million, while companies valued under $1 billion reported an average of US$1.9 million in damages. More than 40 per cent of business leaders surveyed admitted to not understanding complex cybersecurity risks presented by cutting-edge technology such as generative artificial intelligence, enterprise blockchain, quantum computing and virtual or augmented reality.
A cybersecurity breach can also strain the relationship between a plan sponsor and its members, says Betermier. “I always like to say that one of the pension funds’ greatest assets is not how much money they manage, but it’s the trust they have with the participants. When [there’s] a breach, it creates a trust issue, because suddenly your information is compromised.”
Read: Climate, cybersecurity risks increasing for federally regulated pension plans: OSFI outlook