More than half of defined contribution plan executives say they are very confident in their providers' cybersecurity policy, and almost all said their data hadn't been compromised, said a survey issued Tuesday by Deloitte Consulting.
The firm found that 59% of DC plan executives said they were very confident in their providers' cybersecurity practices, while another 30% said they were somewhat confident. Only 1% was not confident; 10% were not sure.
Ninety-three percent of DC plan executives said their data hadn't been compromised. Four percent said the data had been compromised within the past year; 2% said the data had been compromised one to five years ago; and 1% said the data had been compromised more than five years ago.
“Larger employers (are) more likely to experience this serious issue,” said a report describing the survey results. Nine percent of plans with more than 10,000 participants had their data compromised within the past year.
The report also said 17% of plan executives have never reviewed providers' cybersecurity policy and procedures, while 3% said they had conducted a review more than five years ago.
Most plans, 55%, have reviewed the cybersecurity program within the last year, while 25% reviewed it one to five years ago. “Smaller employers are less likely to have cybersecurity on their radar than larger employers,” the report said.
The online survey, conducted earlier this year, covered 398 401(k) and 403(b) plans; 24% had assets of $1 billion or more, 40% had assets between $100 million and $1 billion, and the rest were less than $100 million.
Also, 27% of plans had more than 10,000 participants; 44% had between 1,000 and 10,000; and the rest had fewer than 1,000.
The Deloitte survey was conducted in conjunction with the International Foundation of Employee Benefits Plans and the International Society of Certified Employee Benefit Specialists.