With $10 trillion in 401(k) and other defined contribution retirement assets to safeguard, retirement industry regulators are intensely focused on the issue of cybersecurity.

The latest developments signifying regulatory resolve include enforcement actions by the Securities and Exchange Commission (SEC), who in August 2021 sanctioned 8 firms in three separate actions (links here, here and here), for failing to have cybersecurity policies and procedures in place, potentially leading to compromised private client data. 

The Setting Every Community Up for Retirement Enhancement (SECURE) Act of 2019, passed by the House of Representatives on May 23, has the potential to make a positive impact on Americans’ retirement readiness. One of the bill’s key provisions involves removing restrictions on open multiple employer plans (MEPs), which would make it less costly for small businesses to offer retirement savings plans to employees.

In this series, I identify five key reasons why an auto portability program serves the best interests of plan participants.

Previously:   In Part 1, I examined the dramatically improved participant outcomes that will result from a program of auto portability.  In Part 2, I described how auto portability, by enhancing and extending automatic rollover programs, represents an enhanced standard of participant care.  In Part 3, I presented evidence that the adoption of auto portability could lead to a reduction in plan expenses.  In Part 4, I addressed how auto portability could enhance 401(k) participants’ financial wellness.

In part 5, my final installment of the series, I explain how auto portability can mitigate retirement-related cybersecurity risks.

When evaluating their defined contribution plans, plan sponsors understandably look at standard benchmarks such as rate of participation, average deferral percentage, and average account balance. However, given the highly mobile nature of today’s American workforce, sponsors should also consider tracking the average percentage of retirement savings that participants retain during their job tenure, and when they leave to join another employer.

All companies that manage personal consumer data, regardless of where they are based or what industry they are part of, are right to be concerned about cybersecurity. The scope and scale of cyberattacks continue to increase around the world, as last year’s breach compromising 50 million Facebook users demonstrated.

To readers aware of the ongoing, intense media focus on cyberattacks, it should come as no surprise that multiple studies show that the frequency and sophistication of cyberattacks is increasing, rising dramatically in 2017.

Born out of crisis, the modern Computer Security Incident Response Team, or CSIRT (pronounced ‘see-sert’) is responsible for coordinating the response to an organization’s computer security incidents. 

Everyone, it seems, is concerned about cybersecurity these days, and with good reason. Each week seems to bring a new round of headlines, making it clear that identity theft and criminal cyber activity have become persistent features of our lives. 

The victims of cyber-crime can be wide-ranging, including governments, industry sectors, corporations of all sizes and individuals. The sources of cyber threats are equally diverse, originating from rogue nation-states, crime cartels, “lone wolf” hackers and even disgruntled employees.

 With attention-grabbing headlines about major security breaches occurring almost daily, plan sponsors need to be assured that their service providers are on guard 24-7, protecting sensitive information and intellectual property, wherever it may reside.

Gaining Comfort That an External Plan Service Provider Has Adequate Security and Controls