One of the most remarkable findings of Callan’s 2019 Defined Contribution Trends report is that cybersecurity is not a top priority for many plan sponsors.
Plan fees, participant communication, financial wellness, fund/manager due diligence, and six other items were given higher priority than addressing cyberthreats.
One can only hope plan sponsors have already implemented data protection systems and processes at an organizational level and have audited their service providers—recordkeepers, trustees, advice providers, and so on—to ensure adequate measures have been taken to secure participants’ personal data.
Cyberattacks on plan sponsors are increasing
The reality is that retirement plans experience cyberattacks.
The Callan Institute’s DC Observer reported, “…the focus of cyberattacks in the defined contribution (DC) world has shifted from hardened targets like recordkeepers and custodians to plan sponsors, which often lack the extensive cybersecurity defenses of their vendors.”
Cyberattacks can come in many forms. According to a December 2018 Pension Research Council Working Paper, they can include:
- Phishing: Cybercriminals pretend to be a trusted financial…
