Updated with correction
CalPERS’ staff has been reaching out to its members to encourage them to use two-factor security since the summer with slower adoption than anticipated, Marcie Frost, CEO of the $401.4 billion pension plan said in an interview Tuesday.
The next question is whether CalPERS executives should make two-factor security measures mandatory, she said in an interview.
Theresa Taylor, who was re-elected Tuesday as board vice president for a second one-year term, said during a cybersecurity presentation that a report to the board last year revealed that few members were using two-factor identification.
In response, Ms. Frost said that staff had since been spreading the word in favor of two-factor security. CalPERS is also asking members for their mobile numbers and email addresses so they can be notified in the event of account changes.
"It really takes all of us to protect cybersecurity," she said. "We've reached out to members to let them know."
The result is that members usage of these security measures are increasing.
The board also discussed the growing use of cybersecurity insurance.
"The trend with organizations of all sizes is that they are getting cybersecurity insurance," said Aravind Swaminathan, partner at law firm Orrick Herrington & Sutcliffe, who presented the cybersecurity session. He has been advising CalPERS on cybersecurity issues since 2015.
Mr. Swaminathan spoke in response to a question from California Controller Betty T. Yee, who also is a CalPERS board member, on whether more pension plans are buying cybersecurity insurance so that they could gain economies of scale.
Pension plans and other organizations need to choose the right insurance for the appropriate risk, said Mr. Swaminathan, who is a global co-chairman of Orrick's cyber, privacy and data innovation team.
"Cybersecurity is cheap compared to other types of insurance because the insurance companies are just trying to gain market share," he said.
Ms. Frost said she could not comment on whether or not CalPERS has cybersecurity insurance.