As the number of cyber-attacks continue to grow at an unprecedented rate in the pensions industry (and beyond), the need for pension schemes to build their cyber resilience is stronger than ever.

Our specialist cyber security team can provide legal support to help manage and reduce your pension scheme cyber risk, building your scheme’s cyber resilience to best prepare you for ‘when’ (rather than ‘if’) a cyber-incident takes place.

We can assist your pension scheme with meeting the requirements set out in the General Code of Practice relating to cyber security and business continuity, as well as meeting the expectations of the Pensions Regulator which are set out in its cyber guidance.

We can provide you with practical hints, tips, and measures to support you on your journey towards cyber security starting with our Cyber Security Compliance Checklist.

This document provides a checklist of tasks to ensure trustees meet minimum standards with regards to managing cyber risk. These tasks form part of our Cyber Security Package offering which you can find more details on below.

Areas of focus

Our Cyber Security Package is made up of the five elements set out in the table below.

These steps are designed to meet the minimum requirements around cyber governance as set out in the updated General Code of Practice (due to come into force from March 2024) and as part of trustees’ ensuring that they have an effective system of governance in relation to cyber security. This package is aimed at schemes with little or no existing cyber resilience and can be offered at a fixed price.

This package marks the start of a good cyber governance journey for pension schemes. We are well placed to advise schemes on the next steps that they can take.

Contact our Pensions team

Please contact Richard Pettit or Samantha Howell for further information about our Cyber Security Package, including information about our fixed price.

Cyber Security Policy

This comprehensive document sets out how the pension scheme manages and mitigates its cyber risk. 

Cyber Security Incident Response Plan

This plan sets out how trustees will respond to a cyber incident, including what support trustees will need and where it would come from.

Cyber Security Best Practice Framework and Assessment

This document supports trustees in building their pension scheme’s cyber resilience in line with best practice. It then enables them to assess and monitor their pension scheme’s cyber resilience. 

Cyber Hygiene Quick Reference Guide

This is a quick reference guide which:

  • Provides an overview of the pension scheme’s approach and key cyber documents;
  • Sets out practical tips which trustees can refer to on a day-to-day basis; and
  • Contains contact details for key advisers and stakeholders in the event of a cyber incident.

Basic cyber security training

Trustees should receive regular cyber security training, to ensure they understand the nature and impact of cybercrime and its evolving threats. Trustees should be aware of and familiar with the Pensions Regulator’s guidance on cyber security principles. 

Developing our cyber security package offering which is designed so that pension schemes meet the minimum expectations in accordance with the Pensions Regulator’s guidance and the updated General Code of Practice.

Advising several clients who were affected by the Capita cyber incident in 2023, including assisting trustees with their incident response plans, notifications to relevant regulators (notably the ICO and the Pensions Regulator) and communications with members.

Advising clients on other cyber incidents, both within the public and private domain, including in relation to legal privilege.

Advising clients in relation to potential claims arising from the impact of cyber security incidents, including insurance claims.

Advising clients on the data protection and cyber security aspects of their third-party contracts (particularly administration contracts) to reflect best practice and changing trends within the pensions industry.

Providing high-quality training on the legal aspects of cyber security as part of the PMI’s accredited Cyber Training course.

Providing high-quality cyber security training for pensions schemes, tailored to their specific needs. This has included high-level training, in-depth training and ‘war games’ training.

Providing high-quality cyber security training for the pensions industry, including for other pensions professionals, professional trustees and multipliers.

Meet the team
Richard Pettit

Richard Pettit Partner

  • Pensions Regulatory
  • Pensions Services
  • Pensions in Northern Ireland
Samantha Howell

Samantha Howell Senior Associate

  • Pensions Services
  • Pensions Legal Advice
  • Public Sector Pension Schemes
A photo of David Varney

David Varney Partner

  • Data Protection and Cybersecurity
  • Technology and Communications
  • Outsourcing
Amy Khodabandehloo

Amy Khodabandehloo Director

  • Dispute Resolution
  • Professional Negligence 
  • Commercial Contract Disputes

On-demand webinars

Webinar: Cyber security for pension schemes - the blue hats and the red hats

Webinar: Cyber Security and Pension Schemes


Human error in data breaches – principles and rules employers should follow

What does the Capita cyber incident mean for pension schemes?

TPR’s draft cyber controls module: an analysis with a view to the future

Key contact

Richard Pettit

Richard Pettit Partner

  • Pensions Regulatory
  • Pensions Services
  • Pensions in Northern Ireland

Subscribe to news and insight

Burges Salmon careers

We work hard to make sure Burges Salmon is a great place to work.
Find out more