Combatting Cybersecurity Threats

Combatting Cybersecurity Threats

January 25, 2022
Share |

Nearly one-third of retirement plan recordkeepers expect to increase their cybersecurity staff, according to a recent survey.

According to findings in the latest Cerulli Edge U.S. Retirement Edition, the threat of retirement account fraud has increased in recent years — particularly during the remote work environment. As a result, 31% of plan recordkeepers intend to increase staffing capacity to address cybersecurity initiatives.

According to the Cerulli report, the Internet Crime Control Complaint Center of the Federal Bureau of Investigation reported 791,790 cybercrime complaints in 2020 — a 69% jump in total complaints from 2019. Cybersecurity crimes in 2020 resulted in financial losses of more than $4 billion. Although many recordkeepers have not experienced a data breach yet, many believe it’s just a matter of time as the techniques employed by cybercriminals get more sophisticated. One fraud surveillance expert at a large defined contribution (DC) recordkeeper suggested to Cerulli that older participants tend to be the most frequent targets for cyberattacks, partly because they typically have higher account balances than younger employees, but also because criminals may perceive them to be less technologically savvy than younger participants.

Implementing new technologies, such as biometric log-in credentials like thumbprints or facial recognition, is one part of building an effective cybersecurity practice. To prove effective, Cerulli suggests that providers will need to play an active role in encouraging participants to adopt these technologies and enhance the security of their accounts and personal information on their own. Moreover, recordkeepers should look to evaluate the cybersecurity practices of the service providers with whom they exchange or share participant data.

In April, the U.S. Department of Labor (DOL) released cybersecurity guidance for recordkeepers, plan fiduciaries and participants. The guidance includes tips for plan sponsors to evaluate the cybersecurity practices of recordkeepers and other retirement plan service providers and tips plan sponsors and/or service providers should relay to plan participants for their part in keeping their accounts safe (in June, the DOL began conducting retirement plan cybersecurity audits). In addition, the SPARK Institute published cybersecurity best practices last July, which provide specific recommendations for mitigating retirement account fraud. The report offers suggested practices to be implemented by plan fiduciaries, participants and service providers with regard to authenticating accounts, establishing and re-establishing account access, protecting contact data and communications, conducting fraud surveillance and developing custom reimbursement policies.


At Diversified Financial Advisors, we believe with the right plan design, we can create successful retirement outcomes for your business and employees.

We are happy to help, if you have any questions or would like additional insight, please feel free to reach out to me at joe@diversifiedfa.com or 800.307.0376.

Disclosure: This material was created for educational and informational purposes only and is not intended as ERISA, tax, legal or investment advice. Investment Advice and 3(38) Investment Fiduciary services offered through Diversified Financial Advisors, LLC, a Registered Investment Advisor. 3(16) Administrative Fiduciary Services provided by PISTL Service Corporation. Discretionary Trustee services provided by Printing Industries 401k Trustees. If you are seeking investment advice specific to your needs, such advice services must be obtained on your own separate from this educational material. 

RP-754-1221 Tracking #1-05221503 (Exp. 12/22)