Cybersecurity Breaches and Plan Advisor Assistance
Cybersecurity breaches are on the rise, and the stakes continue to rise as well. No one or no organization can ever be 100% fully confident that they are insulated from a cybersecurity attack. Even Amazon founder Jeff Bezos has become a victim to multiple cybersecurity breaches. Cybersecurity breaches are normally costly and very expensive. The attacks are unsettling and can take considerable time to correct. It is now common knowledge that well-executed cybersecurity breaches can be devastating.
Defined contribution (DC) plans and their participants are not immune to the threat of cybersecurity breaches. Each data transmission to your recordkeeper or payroll provider, for example, creates risk. According to the Ponemon Institute, just over half (52%) of cybersecurity data breaches are due to malicious or criminal attacks by hackers. However, the other 48% can be attributed to negligence and system failures. Every retirement plan participant relies on the expertise of their plan sponsor to protect the retirement assets of the company retirement plan. Participants are counting on their investments to provide an income during their post-work years. What’s more, they’re counting on you to protect those assets from becoming vulnerable to a cybersecurity attack. Plan sponsors and Retirement Plan Committees should be asking each other, “are we doing all we can to strengthen our retirement plan against cybersecurity breaches by keeping cybercriminals from hacking our participants’ accounts?”
As plan sponsors are seeking a methodology, process or service regarding cybersecurity and how to prevent cyber attacks, they should start by including their own firm’s IT department while simultaneously enlisting assistance from the retirement plan financial advisor. (If you are plan partners with an experienced and knowledgeable retirement plan advisor, the advisor should already be talking to you, and your retirement committee, about cybersecurity risk the latest advances in prevention.) Retirement plan fiduciaries and benefit committee members must demonstrate a cybersecurity awareness of knowing what you and your service providers can, and should, and are doing to prevent a breach. If that is not the case, it is time for you to raise the conversation regarding cybersecurity breaches. If your plan advisor cannot provide the answers you’re looking for when it comes to implementing effective cybersecurity measures, that should be a wake-up call, for interviewing advisors who can.
It is critical for all plan sponsors to have an in-depth conversation with your plan advisor about cybersecurity strategies and tactics. It is always a good idea to create a strong process for reviewing all participant accounts, and for knowing what to look out for when it comes to identifying suspicious or fraudulent activity and cybersecurity risks. Retirement plan fiduciaries who have been victims to cybersecurity breaches would tell you, should always consider yourself, your firm and your retirement plan, as vulnerable.