Defined contribution plan executives are paying greater attention to — and taking action on — cybersecurity, the latest annual survey of 401(k) plans by the Plan Sponsor Council of America reveals.
Thirty-one percent of the 709 respondents said they had a written cybersecurity policy in 2023 vs. 22.5% in 2020, said a report on the survey, which covered 401(k) plans and combination 401(k)/profit-sharing plans for the 2023 plan year.
The report said 1.3% of respondents reported security breaches in 2023, with the most (4%) occurring in plans with 5,000 or more employees.
Sixty percent of all plans launched a cybersecurity awareness campaign in 2023. In addition, 71.7% of the plans reported using multifactor identification in 2023, up from 67% in 2022.
Mobile technology has become an increasingly popular vehicle for plan transactions, reaching 69.1% of plans in 2023, up from 63.4% in 2022 and nearly double the 36.3% for 2016, the report said.
“The most common transactions available via mobile tech include balance inquiries, investment changes, and contribution changes, whereas loans and distributions are less likely to be accessed this way,” the report said.
Among other results, the report said:
- Managed accounts continue to grow as 50.4% of respondents offered this feature in 2023 vs. 46.9% in 2022 and 43.6% in 2021. The highest percentages are among the largest plans.
- Participants contributed an average of 7.8 % of pay in 2023, up from 7.4% in 2022.
- Employers contributed an average of 4.9% of pay in 2023, up from 4.7% in 2022.
- The percentage of participants with a plan loan outstanding declined to 17.5% in 2023 vs. 18.6% in 2022. The average loan balance dropped to $10,628 from $15,023.
- Participants’ taking a hardship withdrawal rose to 2.1% in 2023 vs. 1.5% in 2022.
Thirty-four percent of the survey respondents had 1,000 or more employees; the rest ranged between 50 employees and 999 employees.
