Cybersecurity has become a prevalent concern in the retirement industry. In part because the Employee Retirement Income Security Act (ERISA) holds no fiduciary functions in managing cybersecurity risk, the retirement industry is in target for cyber-attacks. Surprisingly, many plan breaches are not all due to third-party attackers; rather, it can stem from the misconduct by employees (e.g. falling for a phishing scheme, having an easy password, etc.). Thus, while it is important for plan sponsors and providers to understand the risks of cyber-attacks, plan participants should also be educated on these risks along with cybersecurity best practices.
