Unbreakable is not a challenge

Can you hear it? The distant rumbling sound of 19,000 articles and webinars thundering over the horizon on the subject of resilience. Brace yourself: it’s going to be tough.

The immediate catalyst for these is the CrowdStrike disaster, which as a result of a bug in a software update brought down 8.5 million Windows machines last week. That disrupted the operations of some pension scheme systems, including some payroll functions. For many trustees, it just got real.

But it wasn’t the first time the question of resilience arose for pension schemes. In a massively underreported incident, Google Cloud managed to delete the online account of UniSuper, an Australian pension fund, as a result of an “unprecedented misconfiguration”. More than half a million pensioners were cut off from their accounts for a week. As wardrobe malfunctions go, that’s pretty spectacular.

When pension scheme trustees think of online threats, they tend to imagine maladjusted teenage hackers or malevolent criminals. They don’t tend to imagine a software update going wrong or Google pressing Alt-F4 on their pension scheme account.

We need to stop compartmentalising like this. The categories of online threats run into each other. It doesn’t matter to your pensioners whether your pension scheme is down because you’re a victim of ransomware or because you forgot to put 50p in the electricity meter. If it’s down, it’s down. We need to start looking at outputs rather than categorising the inputs.

This is the starting point for any discussion about online resilience of pension schemes. The problem is not piecemeal (though solutions may be). The problem can be expressed simply: how do trustees keep their online pension scheme presence up and functioning properly at all times?

The answer is something on which trustees need expert advice. The scheme needs a proper audit of every step of each online process to work out the points of reliance and to identify whether alternatives are available and viable. Few trustees are equipped even to identify a good portion of the risks, never mind what counter-measures to take.

There will be plenty of trustees who hadn’t heard of CrowdStrike till last week, never mind understand that they had systems depending on it. That’s reasonable too. Trustees are not experts in every area, nor should they try to be. Their role is to make sure that experts are on hand to cover the risks.

What trustees can usefully do for themselves is put preconceptions to one side. Not all crises are going to be caused deliberately. For that matter, not all bad actors are going to be incompetent (why do all phishing exercises seem to assume that the phisher is unable to spell or hide their tracks? It leaves staff members very vulnerable to an exploit pulled off efficiently). What can the trustees do to mitigate the risks? Are there failsafes that they can put in place?

When we work online, we enter a new world, a world with new opportunities and new threats. You don’t have to be a Luddite to worry about the threats, just as you don’t need to be a landlubber to worry about drowning at sea. If anything, the more you know about the environment, the more concerned you should be.

The online world offers huge opportunities to pension schemes and their members, both engaging and empowering the membership. Alongside those opportunities are risks. If trustees don’t make the effort to address them, they are likely to find themselves all at sea.