DC Plan Cybersecurity

DC Plan Cybersecurity

Protecting Participants’ Data — and the Plan — Requires a Multifaceted Strategy

Protecting defined contribution (DC) plan data is a high priority. It is also a growing challenge given that data breaches are increasingly common.

DC plan sponsors must be vigilant, because the personally identifiable information (PII) they safeguard is a tempting target for cybercriminals.

Yet, for DC plans, business process failures are a more likely source of data breaches.

Fortunately, there are steps DC plan sponsors can take to manage cybersecurity risk effectively.

We recommend a nine-part strategy that includes:

  • Creating an information security policy and an incident-response plan;
  • Minimizing requests for and use of PII;
  • Training staff regularly;
  • Assessing the IT environment;
  • Mandating use of encryption for data-at-rest and
    data-in-motion;
  • Assessing recordkeepers’ technology;
  • Reviewing recordkeepers’ security procedures;
  • Setting up and regularly reviewing system activity logs; and
  • Maintaining adequate levels of cyber liability protection.
Report — September 2018

Public Sector Letter, “DC Plan Cybersecurity: Protecting Participants’ Data — and the Plan — Requires a Multifaceted Strategy”

<em>Public Sector Letter</em>, “DC Plan Cybersecurity: Protecting Participants’ Data — and the Plan — Requires a Multifaceted Strategy” Read the publication
Submit an RFP

Contact an Expert

Julian Regan

Julian Regan
Public Sector Market Leader and Senior Vice President

Contact Julian