Cybersecurity Due Diligence Key to Minimizing 401k Reputational Risk

‘The greater the number of parties sharing participant data, the more complicated securing that data becomes’
Recordkeeper cybersecurity
© Stevanovicigor | Dreamstime.com

Abbott Labs and recordkeeper Alight highlighted the extreme importance of strict cybersecurity standards, and now more recordkeepers are getting the message.

Nearly one-third of recordkeepers expect to increase their cybersecurity staff, responding to an increased threat of retirement account fraud, research and consulting firm Cerulli Associates found.

More than three-quarters (79%) of retirement specialist advisors indicate cybersecurity is a very important factor when selecting a recordkeeper.

Yet, less than two-thirds of small-to-mid-sized plan advisors have a formal written process for conducting due diligence on recordkeepers’ fraud prevention practices, according to Cerulli’s findings.

Plan fiduciaries without the in-house expertise to properly evaluate recordkeepers’ cybersecurity programs and practices should seek to leverage their plan sponsor’s IT specialists or consider working with a third party to aid them through this component of the request for proposal process.

To stay current with cybersecurity best practices, Cerulli recommends recordkeepers evaluate their cybersecurity measures within the context of the guidance issued by the Department of Labor and Spark Institute.

“It is important for recordkeepers and plan fiduciaries to acknowledge that an effective cybersecurity program should be more than just an IT initiative,” Shawn O’Brien, senior analyst with Cerulli, said in a statement. “Rather, effective cybersecurity practices should permeate every aspect of a provider’s business, including its customer engagements, account management, website development, and data transmission and warehousing.”

Innovation

Implementing new technologies, such as biometric log-in credentials (i.e., thumbprints or facial recognition), is one part of building an effective cybersecurity practice. To prove effective, providers will need to play an active role in encouraging participants to adopt these technologies and enhance the security of their accounts and personal information on their own.

Furthermore, recordkeepers should look to evaluate the cybersecurity practices of the service providers with whom they exchange or share participant data.

“Ultimately, the greater the number of parties sharing participant data for a given plan, the more complicated securing that data [becomes],” O’Brien concluded. “Implementing the proper procedures, controls, and software, as well as evaluating the security of shared service providers, are crucial to retaining clients and mitigating reputational damage.”

John Sullivan
+ posts

With more than 20 years serving financial markets, John Sullivan is the former editor-in-chief of Investment Advisor magazine and retirement editor of ThinkAdvisor.com. Sullivan is also the former editor of Boomer Market Advisor and Bank Advisor magazines, and has a background in the insurance and investment industries in addition to his journalism roots.

Related Posts
Total
0
Share