£29m cost of the Capita cyber incident: the latest update on the long-lasting repercussions of cyber attacks in the pensions industry

This website will offer limited functionality in this browser. We only support the recent versions of major browsers like Chrome, Firefox, Safari, and Edge.
Pensions Age recently published an article with an update on the Capita cyber incident which took place in March 2023. Although the original incident took place almost two and a half years ago, the article highlights that Capita is still being financially impacted by the incident.
Pensions Age reports that Capita has incurred cumulative net costs of £29.3 million in relation to the cyber incident. It is reported that in H1 2025 Capita has accrued £3 million in costs which has been spent on specialist professional fees, remediation efforts, and investments in cyber security infrastructure in order to navigate the effects of the attack and prevent further costly attacks from occurring.
Despite the huge cost already incurred by Capita, the article goes on to suggest that a final conclusion of the incident may still be some time away, noting the ICO has yet to publish its decision regarding the incident.
We have previously commented on the long-lasting repercussions of a cyber-attack. The Pensions Age article is a reminder that cyber incidents can have very long tails, with implications causing headaches for affected parties and schemes for potentially years, not to mention the cost implications can be extremely significant. It is therefore critical that pension schemes implement and maintain robust cyber security policies and procedures and that this continues to be a high-priority and recurring item on the agendas of trustees and sponsors alike.
It remains the case – as recommended by the Pensions Regulator - that pension schemes should prepare for when rather than if a cyber incident occurs.
Details of Burges Salmon’s experience in advising pension schemes in relation to cyber security can be found on our dedicated webpage which includes a link to our Cyber Security Compliance Trustee Checklist.
If you have any queries in relation to cyber security for pension schemes or anything else, please contact Richard Pettit or Samantha Howell.