Combatting Cybersecurity Threats

Nearly one-third of retirement plan recordkeepers expect to increase their cybersecurity staff, according to a recent survey

According to findings in the latest Cerulli Edge U.S. Retirement Edition, the threat of retirement account fraud has increased in recent years — particularly during the remote work environment. As a result, 31% of plan recordkeepers intend to increase staffing capacity to address cybersecurity initiatives.

According to the Cerulli report, the Internet Crime Control Complaint Center of the Federal Bureau of Investigation reported 791,790 cybercrime complaints in 2020 — a 69% jump in total complaints from 2019. Cybersecurity crimes in 2020 resulted in financial losses of more than $4 billion. Although many recordkeepers have not experienced a data breach yet, many believe it’s just a matter of time as the techniques employed by cybercriminals get more sophisticated. One fraud surveillance expert at a large defined contribution (DC) recordkeeper suggested to Cerulli that older participants tend to be the most frequent targets for cyberattacks, partly because they typically have higher account balances than younger employees, but also because criminals may perceive them to be less technologically savvy than younger participants.

Implementing new technologies, such as biometric log-in credentials like thumbprints or facial recognition, is one part of building an effective cybersecurity practice. To prove effective, Cerulli suggests that providers will need to play an active role in encouraging participants to adopt these technologies and enhance the security of their accounts and personal information on their own.

Moreover, recordkeepers should look to evaluate the cybersecurity practices of the service providers with whom they exchange or share participant data.

In April, the U.S. Department of Labor (DOL) released cybersecurity guidance for recordkeepers, plan fiduciaries and participants. The guidance includes tips for plan sponsors to evaluate the cybersecurity practices of recordkeepers and other retirement plan service providers and tips plan sponsors and/or service providers should relay to plan participants for their part in keeping their accounts safe (in June, the DOL began conducting retirement plan cybersecurity audits). In addition, the SPARK Institute published cybersecurity best practices last July, which provide specific recommendations for mitigating retirement account fraud. The report offers suggested practices to be implemented by plan fiduciaries, participants and service providers with regard to authenticating accounts, establishing and re-establishing account access, protecting contact data and communications, conducting fraud surveillance and developing custom reimbursement policies.

To view TRA’s cybersecurity webinar: Demystifying DOL’s Guidelines, click here.

Be sure to register for TRA’s Cybersecurity: DOL’s Three Points of Lights Webinar on March 16, 2022. Click here to register.



Consider TRA's 3(16) Fiduciary Services & Plan Administration

To alleviate the day-to-day administrative burdens of yours or your clients retirement plans.