This website will offer limited functionality in this browser. We only support the recent versions of major browsers like Chrome, Firefox, Safari, and Edge.

Cyber security, data protection and AI

We have specialist lawyers with cyber security, data protection and artificial intelligence (AI) experience, who can help your pension scheme to build its cyber resilience, respond to a cyber incident and assess the risks and opportunities from AI.

Go to section
Overview Cyber security package Our team Our work What others say Insights

As the number of cyber-attacks continues to grow in the pensions industry (and beyond), the need for pension schemes to build cyber resilience, comply with data protection requirements, and navigate AI challenges is stronger than ever.

Our specialist cyber security, data protection and AI team provides tailored legal support to help manage and reduce your pension scheme’s cyber risk. We can help to build your scheme’s cyber resilience to best prepare you for ‘when’ (rather than ‘if’) a cyber incident occurs (in line with the Pensions Regulator’s expectations).

We assist pension schemes in meeting the cyber security, scheme continuity and risk management requirements of the General Code of Practice, as well as the expectations of the Pensions Regulator as set out in its specific cyber security guidance.

We can also help you comply with data protection requirements, such as the UK GDPR, with safeguarding personal data and with responding to incidents and addressing breaches effectively.

We can provide you with practical hints, tips, and measures to support you on your journey towards cyber security starting with our Cyber Security Compliance Checklist.

This document provides a checklist of requirements to ensure trustees meet minimum standards with regards to managing cyber risk. These requirements form part of our Cyber Security Package, providing trustees with practical steps to meet minimum cyber security standards.

With AI set to disrupt the pensions industry, we can help trustees, sponsors and providers assess and mitigate risk to ensure that your AI systems are compliant, secure and transparent.

Cyber Security Compliance Checklist

Cyber security package

Our Cyber Security Package is made up of five elements, specifically designed to meet the minimum requirements around cyber governance, as set out in the updated General Code of Practice that came into force in March 2024.

This Cyber Security Package helps trustees ensure they have an effective system of governance (ESOG) related to cyber security. As a potential high likelihood and high impact risk, cyber security is an important aspect of a scheme’s ESOG and own risk assessment (ORA). The Package is particularly aimed at pension schemes with little or no existing cyber resilience and is available at a fixed price.

This Package marks the start of a good cyber governance journey for pension schemes, and we are well placed to advise on the next steps to enhance your scheme’s resilience on an ongoing basis (in line with the expectations in The Pensions Regulator’s cyber security guidance).

Please contact Richard Pettit or Samantha Howell for further information about our Cyber Security Package, including information about our fixed price.

Cyber Security Policy This comprehensive document sets out how the pension scheme manages and mitigates its cyber risk.
Cyber Security Incident Response Plan This plan sets out how trustees will respond to a cyber incident, including what support trustees will need and where it would come from. 
Cyber Security Best Practice Framework and Assessment This document supports trustees in building their pension scheme’s cyber resilience in line with best practice. It then enables them to assess and monitor their pension scheme’s cyber resilience.
Cyber Hygiene Quick Reference Guide This is a quick reference guide which: provides an overview of the pension scheme’s approach and key cyber documents; Sets out practical tips which trustees can refer to on a day-to-day basis; and Contains contact details for key advisers and stakeholders in the event of a cyber incident. 
Basic cyber security training Trustees should receive regular cyber security training, to ensure they understand the nature and impact of cybercrime and its evolving threats. Trustees should be aware of and familiar with the Pensions Regulator’s guidance on cyber security principles. 

Our team

View all
01
05

Examples of our work

Cyber incident response

We have advised multiple pension scheme clients affected by cyber incidents (including the Capita cyber incident), including assisting with incident response plans, regulatory notifications, member communications and legal privilege.

Cyber security package development

Development of a comprehensive cyber security package aimed at helping pension schemes meet the Pensions Regulator’s guidance and updated General Code of Practice on minimum cyber governance standards.

Pensions industry cyber security training

Delivery of tailored cyber security training to pension schemes, including in-depth sessions and ‘war game’ exercises to simulate incidents and improve response readiness for trustees and pensions professionals. We have also delivered PMI-accredited training on the legal aspects of cyber security to pensions professionals, trustees and industry stakeholders.

Advising in relation to cyber claims

We advise on disputes arising from the impact of cyber security incidents, including insurance claims.

AI training

Discussed developing AI disruption with industry stakeholders including developing training for sponsors, trustees and providers on how to assess and mitigate AI risks.

Third-party contract review for cyber security and data protection

We review and update third-party contracts, particularly administration contracts, to reflect best practice and address evolving cyber security and data protection standards within the pensions industry.

01
06

What others say

“Highly competent team with specialist pensions expertise. A sound balance of pragmatic and protective legal advice.”

Legal 500 UK 2024

01
01

Insights

01
08