Cybersecurity breaches reported by British financial services companies more than tripled in the 12-month period ending June 30, with the pension sector reporting the biggest increase at 4,000%.

Research from lawyers, Reynolds Porter Chamberlain uses data from the Information Commissioner’s Office (ICO).

It shows that U.K.-based financial companies reported 640 cybersecurity breaches between 30 June, 2022, and 30 June 30, 2023, up from 187 during the same period a year earlier.

This included a total of 246 cybersecurity breaches reported by pension firms, up from just six during the previous 12-month period.

Hackers target pension plans because they hold an enormous amount of valuable, sensitive financial data, which makes them potentially vulnerable to ransom demands.

Company trustees should note they can be held liable for a failure to manage digital risk appropriately even if security is outsourced.

“Cybersecurity is fundamental to pension scheme trustees’ legal duties,” said Richard Breavington, partner and head of cyber and tech insurance at the law firm. “It’s a cause for concern that so many financial services firms, especially pension schemes, have suffered some form of cyber-attack, resulting in a data breach.”

Breavington added “the assumption might sometimes be that major financial services businesses have robust cyber defenses so that they are impervious—that certainly hasn’t stopped hackers continuing to try.”

According to the Government Department of Science Innovation and Technology many common cybersecurity threats are relatively unsophisticated. Advise includes “cyber hygiene” measures such as updating malware protection, cloud back-ups, robust passwords, restricted administrative rights and network firewalls.