Back to Blogs

Why Retirement, Pension, and Group Benefits are Major Targets for Cyber Attacks

Retirement plan participants' financial and personally identifiable information (PII) is stored and exchanged across various parties. As a result, cybersecurity is a serious problem in the context of retirement plans. It’s not simply theoretical, either.

According to a recent Cerulli Associates Inc. report, most small and mid-sized investment retirement plans do not have formal processes for fraud prevention via recordkeeping. According to a recent  survey, over 24 million U.S. citizens have had their retirement accounts taken over by scammers. Such takeovers have exploded to almost 72% in the last year. This has accounted for a 15% boost in losses and costs for consumers.

There is a lot of space to enhance security measurements in the retirement vendor community. Efforts in this regard have been undertaken by the Society of Professional Asset-Managers and Records (SPARK) and the ERISA Advisory Council, among others. However, there is a lot of personal responsibility to be taken by retirement firms and financial advisors. Let’s take a look at the changing cybersecurity environment in the retirement sector.

The Cause of Cybersecurity Threats in the Retirement Industry

The retirement industry is one that is a significant target of cybersecurity attacks. That significance is becoming more and more prominent. Retirement solution companies around the country are struggling to stay in the loop with data protection and modern security. One recent example would be the New York class action complaint against Transamerica Retirement Solutions.

Defendant was also on notice that the federal government has been concerned about data security,” the complaint documents read, “In 2020, during a SPARK Cybersecurity Virtual Event, Tim Hauser, deputy assistant secretary for national office operations at the US Department of Labor’s Employee Benefits Security Administration observed that retirement plan administrators were being targeted for their wealth of personal, private financial information. The warning stated that: ‘When a plan fiduciary is hiring somebody who is going to be responsible for confidential, personal information, or who's going to be running systems to keep track of people's account balances and the like, there's a responsibility to make sure that you've hired that person prudently, that firm prudently...And if you think about plans and the universe I described, that's just shy of $11 trillion, and with personal health and pension data, there are a lot of tempting targets there and what we've seen in our own enforcement actions, especially in our criminal programs, vulnerabilities are taken advantage of.’

Tim Hauser speaks a lot of truth in this quote. In the case of the Transamerica complaint, the plaintiff noted that he did not receive notification of Transamerica’s data breach until over four months after his personal retirement information was accessed. As a result, the plaintiff has suffered significant financial harm through fraudulent purchases.

According to Tim Hauser, the biggest factor behind the growing cybersecurity threat in this sector is a lack of security knowledge from financial advisors who are running the accounts of retirees. As a result, it’s vital for retirement firms and individuals seeking out retirement advisors to make security knowledge a priority.


Plan Sponsers Need to Take a More Intensive Approach to CybersecurityMaking prevention a top priority for HR and retirement business management necessitates collaborating with corporate IT to put measures in place. They should be able to see how data is gathered, stored, and categorized, as well as who has access to it and which regulations apply. Investing in enterprise-wide technologies (such as SideDrawer) is crucial for detecting and preventing intrusions. The response team is well prepared after implementing and testing a catastrophe recovery strategy that incorporates customer benefits. 

Other strategies for retirement plan sponsors, financial advisers, and retirement organizations to strengthen their cybersecurity measures include:

  • Create a procedure for dealing with and resolving cybersecurity concerns. For example, any security weaknesses in the information exchange process between TPAs and recordkeepers might be identified.
  • Make sure you have the right amount of cyber liability insurance in place to assist offset the effects of any prospective assault and make sure it's as comprehensive as possible.
  • Implement policies and procedures to limit access to planning systems, apps, data, and other sensitive information.
  • Document the procedure for migrating plan data, keep a data inventory, keep just the data you need, and redact any data pieces that can be redacted.
  • Delete any records that are no longer needed, and ensure that your providers do the same.
  • Consider hiring an outside firm that specializes in cybersecurity for retirement plans to conduct frequent audits to guarantee that participants' data is secure.

With all these best practices in mind, it’s worth noting that taking cybersecurity seriously in the retirement industry isn’t optional anymore. Transamerica could have easily avoided the outcome outlined in the complaint– and financial advisors can choose to avoid such scenarios in the future as well. It all starts by investing in the right security-focused tools to protect sensitive client information. This is where SideDrawer can be a benefit.


SideDrawer as a Solution in the Retirement Sector

Financial planners and retirement firms need to make security a priority. One way to start is by investing in document management tools that make security a top priority. SideDrawer focuses specifically on cybersecurity for professionals that operate in this sector. There’s no need to sacrifice meaningful engagement with one’s clients to remain security compliant– with SideDrawer, firms and advisors can manage important financial and retirement documents in a collaborative matter that improves client satisfaction while also keeping their sensitive information safe.

SideDrawer applies a number of security features to its platform. AES 256-bit encryption, TLS 1.2 and 1.3 protocols, in-depth permission settings, excellent access controls, and multi-factor authentication are just a few tools our platform utilizes to protect personal retirement data for clients. In a world where cybersecurity threats are at an all-time high, retirement advisors and their clients can significantly benefit from using a secure document management platform like SideDrawer.