Author(s):
Andrea Boctor, Adam Kardash, Jonathan Marin, Julien Ranger, David Stamp, Jonathan Wypych, Olivia Suppa, Omar Sunderji
May 9, 2023
In managing large amounts of personal and confidential member information, pension plan administrators are becoming increasingly susceptible to cyberattacks. The adoption of new technologies and further digital transformation means the attack surface is also expanding. Managing this risk was the central focus of discussion during Osler’s Annual Pension and Benefits in-person and virtual seminar.
The first session on managing IT and cybersecurity risk was hosted by associate Olivia Suppa, with panelists Adam Kardash, partner, Privacy and Data Management; Jonathan Marin, partner, Pension and Benefits; Ali Arasteh, Head of Canada, Mandiant Consulting, and Giorgio Scocco, Managing Director, Data and Technology, University Pension Plan.
A second session exploring legal developments potentially impacting pension plans in 2023 featured panelists Andrea Boctor, partner and Chair of the Pensions and Benefits group; Julien Ranger, partner, Pensions and Benefits group; David Stamp, partner, Litigation and Jonathan Wypych, associate, Omar Sunderji, an associate in the Pensions and Benefits group introduced both sessions.
Under pension legislation, pension plan administrators have an overarching duty of care to proactively manage and mitigate material risks. Best practices for managing cybersecurity risks include:
- Regularly reviewing and assessing controls in place to ensure they are appropriate and up-to-date.
- Ensuring the necessary skills are in place, whether internally or through external resources, (to have the capability for understanding and managing the risks).
- Ensuring roles and responsibilities relating to cybersecurity risk management are clear and understood, and
- Having a proactive strategy in place to effectively respond to potential incidents.
Watch the entire seminar