Skip to main content Skip to Footer


Four misperceptions weaken pension systems cyber security

Learn how pension systems can do more to protect member data.


Pension and retirement systems have become a prime target for cyber criminals. These systems store large amounts of personally identifiable information (PII) that contains Social Security numbers and other details specific to an individual’s identity. Weak legacy systems make it easier to infiltrate pension systems. Furthermore, pension agencies share data with other organizations, thus lowering their own protective barriers.

The reality is that everyone has a chance of being attacked at some point. The questions are when; will hackers be able to access sensitive data; and if so, are you prepared to remedy it quickly? Pension systems must shed false thinking about their level of security risk. Instead, they should do their due diligence to protect themselves and their member data as heartily as they can.


Hackers have proven that a basic level of security isn’t enough. One US federal agency experienced a data breach in 2015 that compromised PII data and other valuable information for 21.5 million people. Hackers stole manuals about IT assets, which serve as a blueprint to the agency’s networks. This is a prime example of how insufficient security in the public sector can lead to breaches that go undetected long enough for hackers to get in, do harm and plan the next attack before even being noticed.

Key Findings

Many pension agencies believe they are secure, likely because a breach hasn’t yet struck them. The reality is that agencies are not secure as large quantities of the PII they store sit on old legacy platforms. These outdated systems create a frail protective layer. In the case of one state revenue department, 1970s equipment contributed to a data breach that exposed Social Security numbers of 3.8 million taxpayers—plus credit card and bank account data. Security gaps caused by legacy platforms will continue to widen in the digital age. As more agencies explore digital possibilities and engage with members through mobile and other emerging technologies, they will increase their exposure to cyber risk.


Security certainly has a cost, but those costs could be contained if improvements are made incrementally. Pension systems should prioritize the highest risks and protect the most vulnerable systems first. Each improvement would have the power to exponentially enhance the security posture of an agency.

Most importantly, the price of inaction is immense as a data breach can open the doors for future attacks, hurt member trust, create legal issues and have regulatory implications—and the cost of fixing it can be catastrophic.


To understand potential vulnerabilities, pension systems must identify their strengths and weaknesses, and enable teams to define the right plan for securing the agency for the future. While results may be surprising, it is better to identify those vulnerabilities now, than to be truly surprised when a hacker strikes later.

A cyber security assessment can help pension organizations understand their current security standing, and how they can make enhancements with existing and new technology.

Stay In The Know

Receive e-mails from Accenture featuring new content that matches your interests.

Visit the subscription center to make your selections and subscribe to New from Accenture.