Plan sponsors are paying more attention to cybersecurity as threats continue to evolve and the Department of Labor investigates cybersecurity procedures.
"We're seeing more threats and increased complexity in threats and so it has become a growing focus for us over the years," said Michael J. Colleran, chief operating officer and general counsel at Maine Public Employees Retirement System, Augusta.
The $18.7 billion pension fund has had an external cybersecurity vendor — now Tyler Technologies Inc. — for about 11 years, Mr. Colleran said. The fund pays close to $300,000 annually, including $140,000 to Tyler Technologies and roughly the same to Presidio Networked Solutions LLC, its managed services provider, to safeguard plan assets and information of its more than 150,000 retirees and beneficiaries, Mr. Colleran added.
MainePERS interacts with Tyler Tech- nologies daily and receives system monitoring, training, penetration testing and vulnerability assessments, according to Mr. Colleran. "That gives us access to expertise that stays current on threats and the best practices for protecting against those threats," he added. "That would be something that would be very difficult, if not impossible, for us to maintain in-house." The pension fund also has an in-house IT team that includes a security analyst, he added.
On the defined contribution side, attention paid to cybersecurity among plan sponsors has increased over the last year, due in large part to Department of Labor guidance issued in April 2021, sources said. The guidance covered all ERISA-covered plans, but especially satisfied a need among DC plan sponsors for how to handle their cybersecurity responsibilities.
"The plan sponsor community writ large was hungry for this guidance and largely acted immediately to implement it in the majority of cases," said Ben Taylor, Los Angeles-based senior vice president and head of tax-exempt DC research at Callan LLC.