Massive cyberattacks are making the news more frequently, in part because of their potential to wreak devastation on financial systems, health care, and public utilities. Many cyberattacks these days are not the fault of Phil in Accounting accidentally responding to a phishing attack. They're systemic vulnerabilities in computer code and lack of updated server and network security. Whether the attacks work because of insufficient employee training or outdated servers or bad code, there are many types of attacks.
So what cyberattacks are being used against defined contribution retirement plans? The General Accountability Office, watchdog to the federal government, reveals the types in a recent report. It is by no means a comprehensive list of types of attacks, unfortunately.
Recommended For You
Click the arrows in the infographic below to reveal types of retirement plan cyberattacks and their definitions:
In the report, the GAO hammers the DOL for not providing guidance about securing the personally identifiable information that is shared among providers, recordkeepers, and sponsors: "Until DOL clarifies responsibilities for fiduciaries and provides minimum cybersecurity expectations, participants' data and assets will remain at risk."
The GAO report goes on to say that the DOL "has not formally stated whether cybersecurity is a responsibility for plan fiduciaries."
But the more prudent in the retirement industry (and the plaintiffs lawyers seeking class-action lawsuits against plan fiduciaries), are acting on the notion that cybersecurity is a fiduciary responsibility of retirement plan fiduciaries.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.