Just group PLC | Annual Report and accounts 2022
PRINCIPAL RISKS AND UNCERTAINTIES continued
HOW THIS RISK AFFECTS JUST
JUST’S EXPOSURE TO THE RISK
OUTLOOK AND HOW WE MANAGE OR MITIGATE THE RISK
Our IT systems are central to conducting our business from delivering outstanding customer service to the financial management of the business. We maintain a framework of operational resilience and disaster recovery capabilities so that we can continue to operate the business in adverse circumstances. Protecting the personal information of our customers and colleagues is a key priority. Internal controls and our people are integral to protecting the integrity of our systems, with our multi-layered approach to information security supported by training, embedded company policies and governance. We continue to invest in strategic technologies to strengthen data security and overall resilience. In 2022 we have made enhancements to network architecture and implemented data centre upgrades. Our email system has been made more resilient to malicious attacks, including emerging types of ransomware. A specialist Security Operations Centre monitors all our externally facing infrastructure and services, with threat analysis, incident management and response capabilities. The Group’s cyber defences are subject to regular external penetration tests to drive enhancements to our technology infrastructure. The development of in-house systems and our use of third-party systems is tightly controlled by technical teams following established standards and practices. A high proportion of longevity risk on new business Just writes is reinsured, with the exception of Care business for which the risk is retained in full. Most of the financial exposure to the longevity risks that are not reinsured relate to business written prior to 2016. Reinsurance treaties include collateral to minimise exposure in the event of a reinsurer default. Analysis of collateral arrangements can be found in notes 27 and 29 of the Annual Report and Accounts. Mortality experience continues to be volatile and significantly above pre-pandemic levels.
The cyber threat to firms is expected to continue at a high level in the coming years with evolving sophistication. We will continue to closely monitor evolving external cyber threats to ensure our information security measures remain fit for purpose. 2023 will see further investments in cyber-attack countermeasures, to enable consistent delivery of required security standards. This will include the replacement of the Security Incident Event Management tool to increase security. Other new technologies will be evaluated during the year. Just’s new Chief Information Security Officer will implement a revised information security team structure and approach.
3 Cyber and technology IT systems are key to serving customers and running the business. These systems may not operate as expected or may be subject to cyber-attack to steal or misuse our data or for financial gain. Any system failure affecting the Group could lead to costs and
disruption, adversely affecting its business and ability to serve its customers, as well as reputational damage.
STRATEGIC PRIORITIES 1, 2, 3, 4, 5
TREND STABLE
Experience and insights emerging since mid-2021 indicate that COVID-19 and the aftermath of the pandemic, will have a material and enduring impact on mortality for existing and future policyholders. Our current assumption about these changes has been incorporated into Just’s pricing across our Retirement Income and Lifetime Mortgage products and will be updated as more information becomes available.
4 Insurance risk In the long-term, the rates of mortality suffered by our customers may differ from the assumptions made when we priced the contract.
STRATEGIC PRIORITIES 1, 3, 4
TREND STABLE
64
Powered by FlippingBook