News & Content: Member Blog

Does your Prudent Process Include Cybersecurity Risk Mitigation?

Friday, October 18, 2019   (0 Comments)
Posted by: Gary Hotze
Share |

Tom Kret, Senior Retirement Plan Consultant, UBS


There's a good chance you have received a suspicious-looking email before. An email that might say you've won a prize, asks you for personal information, or an alert that someone you know needs financial help. If you've encountered more than one of these, you probably recognize these scams.


Have you ever had a message that looked like it was from a known person or source, such as a family member? Or a financial advisor? How about correspondence from your 401(k)-service provider or sponsor of your retirement plan?


Retirement plans are major targets for cyber hackers, especially considering the $28 trillion held by these plans in the United States.[i]  Today's cyber criminals are often sponsored with significant resources and are continually stepping up their game when targeting organizations managing significant amounts of assets and personal data—such as retirement plans and the entities that service them.

The responsibility of protecting stakeholders' data falls on more than information technology departments.  401(k) plan fiduciary responsibilities include "acting solely in the interest of plan participants".[ii]  Helping to protect the personally identifiable information online is part of that duty.

What's at stake?

The plan sponsor has a fiduciary responsibility to ensure all information is kept safe. The information in plan benefits contains personally identifiable information which can include: name, date of birth, Social Security number, home address, salary, password and general payroll information.

What can Plan Sponsors do?
Given the high level of sophistication from criminals, cybersecurity threats are becoming more complex. The first crucial step to mitigate these risks is asking the right questions of your service provider(s). Below are a few sample questions to begin a dialogue with the organizations servicing your retirement plan(s): 


·       Do you have a comprehensive cybersecurity protocol in place?

·       How is retirement plan information and data protected and maintained on your system?

·       How do you secure data while in transit?

·       Do you have a protocol in place to notify plan sponsors in the event of a breach? 

·       Are there safeguards in place that are part of your contractual agreement with the third party subcontractors and other service providers?

·       When hiring new personnel, do you perform comprehensive background and screening checks?

·       Do you conduct cyber training of your employees? 


As stated, retirement plans are major targets for cyber hackers and it’s vitally important for plan sponsors to pose questions like these of their service providers. There is no perfect solution to eliminating cyberattacks completely, but implementing a prudent process can help to better protect plan assets and reduce liability.


To learn more about this important topic, join us for an in depth live presentation on Cybersecurity Risks for Retirement Plans over a complimentary breakfast:



Thursday November 14, 2019

8:00 am to 10:00am



Marriott – Chicago O'Hare

8535 W. Higgins Road

Chicago, IL  60631



Kevin Rogner, Advisor Consultant, NYLIM


Tom Kret, Senior Retirement Plan Consultant, UBS


RSVP by Friday November 8, 2019

Joe Dinelli, Client Service Associate, 847-277-2106


If you are unable to attend but would like to discuss or receive general information about cybersecurity for retirement plans, contact Tom Kret at 847-277-2123 or via email .



Get in touch

20 N. Wacker Drive, Suite 1200
Chicago, IL 60606

PH: 1.312.435.2805