First Actuarial picks up Cyber Essentials Plus accreditation
First Actuarial has gained new credentials to help verify its cybersecurity capabilities. The Cyber Essentials Plus accreditation addresses pension scheme trustees' concerns about digital threats.
Pension scheme trustees have been coming under mounting pressure from cybersecurity risks. In late 2023, research from RPC revealed a 4,000% increase in data breach reports to the Information Commissioners Office (ICO), with UK financial services firms reporting 640 cybersecurity breaches to the ICO in the year. This marked a nearly threefold increase on the 187 cybersecurity breaches in the previous period.
This has seen a growing number of players in the sector turn to third-party experts for help. To that end, as First Actuarial looks to protect its clients’ data against cyber threats, it has gained the government-backed Cyber Essentials Plus certification.
Mark Rowlinson, head of IT at First Actuarial, said, “The Cyber Essentials standard provides an excellent baseline of prescriptive technical controls. As such, it dovetails well with ISO 27001, which has a broader scope and is more flexible, focusing on risk-based controls. The certification involves an audit to make sure we have the required controls in place. This includes a scan of our network and devices for any potential vulnerabilities.”
According to another 2024 GOV.UK survey, 70% of medium businesses and 74% of large businesses have experienced some form of cyber security breach or attack in the last 12 months. With cyber criminals never standing still, it is incumbent on organisations to stay one step ahead by making continuous improvements as the threat evolves and changes.
In that regard, Cyber Essentials Plus is the latest addition to First Actuarial’s roster of cybersecurity accreditations, which includes ISO 27001. It goes beyond the foundation level Cyber Essentials, with in-depth technical audits and vulnerability tests carried out by an external certifying body.
Rowlinson added, “We know how worried pension scheme trustees and employers are about cybersecurity. The threat will only increase as more data and processes become digital-first. As a company that handles sensitive personal data, we devote a great deal of time and energy to reinforce our cyber defences. Our aim is to have best practice controls in place at all times, and to do our utmost to secure company and client data. It’s all about giving our clients peace of mind.”