Combatting Cybersecurity Threats

Combatting Cybersecurity Threats

January 03, 2022

Nearly one-third of retirement plan recordkeepers expect to increase their cybersecurity staff, according to a recent survey. 

According to findings in the latest Cerulli Edge U.S. Retirement Edition, the threat of retirement account fraud has increased in recent years — particularly during the remote work environment. As a result, 31% of plan recordkeepers intend to increase staffing capacity to address cybersecurity initiatives.  

According to the Cerulli report, the Internet Crime Control Complaint Center of the Federal Bureau of Investigation reported 791,790 cybercrime complaints in 2020 — a 69% jump in total complaints from 2019. Cybersecurity crimes in 2020 resulted in financial losses of more than $4 billion. Although many recordkeepers have not experienced a data breach yet, many believe it’s just a matter of time as the techniques employed by cybercriminals get more sophisticated. One fraud surveillance expert at a large defined contribution (DC) recordkeeper suggested to Cerulli that older participants tend to be the most frequent targets for cyberattacks, partly because they typically have higher account balances than younger employees, but also because criminals may perceive them to be less technologically savvy than younger participants.  

Implementing new technologies, such as biometric log-in credentials like thumbprints or facial recognition, is one part of building an effective cybersecurity practice. To prove effective, Cerulli suggests that providers will need to play an active role in encouraging participants to adopt these technologies and enhance the security of their accounts and personal information on their own. Moreover, recordkeepers should look to evaluate the cybersecurity practices of the service providers with whom they exchange or share participant data. 

In April, the U.S. Department of Labor (DOL) released cybersecurity guidance for recordkeepers, plan fiduciaries and participants. The guidance includes tips for plan sponsors to evaluate the cybersecurity practices of recordkeepers and other retirement plan service providers and tips plan sponsors and/or service providers should relay to plan participants for their part in keeping their accounts safe (in June, the DOL began conducting retirement plan cybersecurity audits). In addition, the SPARK Institute published cybersecurity best practices last July, which provide specific recommendations for mitigating retirement account fraud. The report offers suggested practices to be implemented by plan fiduciaries, participants and service providers with regard to authenticating accounts, establishing and re-establishing account access, protecting contact data and communications, conducting fraud surveillance and developing custom reimbursement policies.  


For plan sponsor use only, not for use with participants or the general public. This information is not intended as authoritative guidance or tax or legal advice. You should consult with your attorney or tax advisor for guidance on your specific situation. 

Kmotion, Inc., 412 Beavercreek Road, Suite 611, Oregon City, OR 97045; 

©2021 Kmotion, Inc. This newsletter is a publication of Kmotion, Inc., whose role is solely that of publisher. The articles and opinions in this publication are for general information only and are not intended to provide tax or legal advice or recommendations for any particular situation or type of retirement plan. Nothing in this publication should be construed as legal or tax guidance; nor as the sole authority on any regulation, law or ruling as it applies to a specific plan or situation. Plan sponsors should consult the plan’s legal counsel or tax advisor for advice regarding plan-specific issues.