Savings come with a lot of emotional attachment; retirement savings are considered as one’s lifeline. Majority of the participants find their advisors through referrals and 70% of respondents say that they switch advisors if they feel low levels of trust. Cybersecurity is an important factor in building and maintaining trust.
In a recent conversation among Michelle Steele, VP of Customer Experience at OneAmerica; Jamie McInnes, President and CEO of Oculus Partners; Anu Mandava, Head of Architecture at CUNA Mutual Group and Chandrasekaran Vaidyanathan (VC), co-founder and head of strategy at Congruent, cybersecurity was a hot topic.
As the retirement plan industry grows, managing more and more assets, the cyber security risks also compound. “As we explore the next level of usability, we will need to integrate with external tools. This brings in a different level of cybersecurity challenges,” says VC of Congruent.
For plan sponsors, cost of the data breach includes the costs involved in detecting the extent of the breach, recovering data, and restoring systems integrity. Moreover, under ERISA (Employee Retirement Income Security Act), plan sponsors are responsible for ensuring security of their clientele’s data and money — any breach will also come with penalties.
In today’s blog post, we draw from our experts’ opinion to bring you your top five cybersecurity action items for 2021.
Take accountability for data security
Plan sponsors are expected to have a thorough understanding of their participants’ data, parties that have access, how the data is controlled/encrypted and how it is stored across its process lifecycle. “As we work towards delivering better customer experiences, we need to set up a strong foundation for the data we collect from our users,” says Michelle of OneAmerica.
This goes far beyond just the participants’ personal and transactional data. “This also includes external data from social media etc. that we need to deliver 360-degree experiences,” Jamie adds.
Have high testing standards
Employ certified and qualified partners for your cybersecurity needs. Apart from standard mandatory security requirements, certifications from trusted external security experts will be a value add. In addition, test frequently, with strategies like system resiliency testing, threat detection systems, penetration testing etc., of all external entities involved. Set up a detailed reporting system with a clearly defined hierarchy of user profiles, within your internal and third-party ecosystems.
Train your people
Data breaches often happen at the end-user level. To prevent these, adequately train all users who have direct or indirect access to retirement plans. Plan sponsors are also responsible for periodically educating participants about cyberthreats. For instance, Michelle’s team at OneAmerica “ensures associates understand how to recognize phishing, how to secure data on their laptops, on the cloud etc.”
Many insurance policies do not have a comprehensive cybersecurity coverage. Ensure that the participant’s retirement account is adequately covered for cyberthreats and opt for riders for additional coverage when in need. You must also ensure that the plan fiduciaries, recordkeepers and third-party administrators have adequate insurance coverage for participant’s plan at all levels.
Treat cybersecurity as an ongoing initiative
Sometimes service providers prioritize other initiatives like customer experience, cost savings etc. over cybersecurity. This can be fatal. It is important that service providers find the balance between cybersecurity — which is now a default expectation and cost of doing business — and other business priorities, on an ongoing basis. You need to think about it as an important factor across touchpoints, leveraging tools from cloud, AI etc. to implement cybersecurity.
“Moreover, cybersecurity is not something you do once and get done. It is one of those things you have to continue dealing with. It continues to evolve,” warns Anu of CUNA Mutual Group.
If you’re a service provider in the retirement plan industry looking to strengthen your cybersecurity position, speak to a Congruent consultant today. Our teams will help identify your risks, build risk mitigation strategies as well as make cybersecurity a sustainable prerogative for you.