Even though employers are concerned about cybersecurity in their workplace retirement savings plans and urge employees to protect their retirement funds, employees seem not to worry. That’s one of the key findings in Alight’s "2025 Hot Topics in Retirement and Financial Wellbeing" report.
More than 3 in 4 employers (76%) report being very or somewhat concerned about retirement plan cybersecurity, significantly higher than the level of concern among employees. Only half of employees were very or somewhat concerned about hackers accessing their retirement accounts, according to the report.
The majority of employers, 79%, said they often communicate to employees the importance of monitoring their accounts, with 68% explaining how employees could establish two-factor authentication and 57% encouraging them to create a long, unique password.
Despite the exhortations, only 40% of retirement plan participants have set up a long, unique password and less than half have implemented two-factor authentication, according to Alight’s research.
Other interesting findings revolve around the implementation of optional provisions of SECURE 2.0. More than 2 in 5 employers (42%) have added self-certification for hardship withdrawals, with another 15% planning to “definitely add” it.
Another popular SECURE 2.0 provision that employers are implementing in their plans is increasing the force-out limit for vested balances up to $7,000. Almost 2 in 5 employers (39%) have already added the provision, with 26% either definitely or likely implementing it in the future.
Emergency savings sidecar accounts were among the least favored optional provisions. Just 1% of employers reported adding a sidecar emergency savings account to their retirement plans. The majority, 69%, said they were unlikely to add it or definitely not adding it.
The annual report is based on responses from 121 organizations employing nearly four million workers. The survey was conducted in the fall of 2024.