Home > News > Risk > Pension Funds Mount Defenses Against Growing Cyberthreats
Risk

Pension Funds Mount Defenses Against Growing Cyberthreats

Security is ‘top of mind,’ as attacks have grown and insurance is more costly.
By Danielle Walker

Art by Irene Servillo

Pension funds must foster a collaborative environment—both across internal departments and with industry peers—to defend against growing cyberthreats, sources share.

“Cybersecurity, identity theft, hacking into our systems—they are all top of mind for public pension plans,” says Hank Kim, executive director and counsel for the National Conference on Public Employee Retirement Systems, a trade association for public pension funds. “There is a constant dialogue, including at industry conferences, held on these topics [so we are] on top of the latest threats and countermeasures to these threats.”

In addition to his role at NCPERS, Kim is vice chair of the $2.2 billion Fairfax County Uniform Retirement System. He notes that pension funds are coordinating efforts across their legal, communications, information technology, benefit services and broader administration teams to determine how to best defend against cyberattacks.

In fact, NCPERS acts as a resource for member plans, who use its platform to connect with peers, share concerns and sometimes crowdsource solutions to cyberthreats, Kim says. He says data theft of personally identifiable information is a top concern.

Want the latest institutional investment industry
news and insights? Sign up for CIO newsletters.

“To the extent that plans are custodians of PII, they want to make sure that is secure,” Kim notes. “Bad actors can pose as some of their members to illegally change benefits to go from the rightful beneficiaries to themselves.”

Types of PII that pension funds would typically maintain include Social Security numbers, addresses, names and financial account information needed to pay or administer member benefits.

In phishing attacks, scammers often use emails—or sometimes text messages or phone calls—to trick individuals into sharing sensitive information, like passwords or financial data.

Laura Arnott, director with cybersecurity expertise at Vigilant Compliance LLC, a firm serving the investment management industry, says phishing scams remain a top cyberthreat across industries—with pension no exception, given they collect participant data.

Pension funds “have lots of personal data, and that’s what the attackers are after,” Arnott exaplins. “PII, that kind of data … that’s what they’re able to monetize.”

Types of Threats

Last year, the country’s two largest pension funds, the California Public Employees’ Retirement System and the California State Teachers’ Retirement System, experienced data breaches after hackers targeted a cybersecurity vendor for both plans, according to a report by The Sacramento Bee.

The breach, carried out by a ransomware group, ultimately exposed the personal data of a combined 1.2 million retirees and beneficiaries, the report stated.

Arnott notes that while ransomware—malware that encrypts critical files or renders IT systems unusable—is certainly a concern for pension funds, phishing scams are still the more prevalent attack method, especially as scammers get better at making emails look like legitimate messages from trusted sources.

In phishing scams, “attackers are typically trying to get the credentials of an individual, then get into a system and move around in that system,” Arnott says. “Phishing is still extremely prevalent, and it seems to be getting more and more realistic.”


Cyberinsurance

In an attempt to reduce the financial burden associated with cyberattacks, many businesses and organizations have, in the last decade or so, begun purchasing cyberinsurance, according to Kim. However, it is still debatable whether such insurance is accessible for the average pension fund.

“The consensus is: To the extent that there is a market for cyberinsurance, [pension] plans think it’s a good thing to have,” Kim says. But, he adds, “from the years just preceding COVID, with all the ransomware attacks that occurred, the cyberinsurance market has gone completely upside down. It’s very difficult to get cyberinsurance.”

In the early to mid-2010s, it was fairly easy to get insured, because “insurance companies knew there was a threat, but there weren’t many claims made,” Kim explains. “In or around 2015 and 2016, there were a lot of ransomware attacks,” which contributed to shifts in the insurance industry.

Today, cyberinsurance providers charge “astronomical premiums” and require much more proof that the insured will have an appropriate defense in place to prevent breaches, Kim says.

One of NCPERS’ affinity programs offers cyberinsurance to member pension plans, but the process of getting coverage has changed drastically over the years.

“When we first started offering cyberinsurance around 2010, a plan could get insured by answering some basic questions,” Kim says. “That is no longer the case, and even if the plan shores up every weak point, the insurance premium is very, very expensive.”

Tags: , , , ,

Home > News > Asset Allocation > Yale Endowment Achieves 5.6% Return in 2024 Fiscal Year
Asset Allocation

Yale Endowment Achieves 5.6% Return in 2024 Fiscal Year

Assets managed by the university’s office of investments rose to $41.4 billion.
By Matt Toledo



The endowment of Yale University returned 5.6% in fiscal 2024, the university announced late last week, marking the second-lowest return out of its Ivy League peers. Assets managed by the Office of Investments increased to $41.4 billion, with investment gains of $2.3 billion. 

The endowment distributed $2 billion during the fiscal year to support university operations and received $231 million in gifts. After gifts, investment returns and distributions, assets of the endowment increased by $700 million.  

Yale CIO Matt Mendelsohn attributed the returns to a lag in the returns of private markets assets. Yale and its former CIO, the late David Swensen, are known for pioneering the “Yale model,” a portfolio strategy highly allocated to alternative investments, particularly illiquid, private market investments.  

“Given our significant allocation to private assets, we expect to lag during periods of strong public market performance, particularly when exit markets for private assets are depressed,” Mendelsohn said in a statement. “As always, we remain focused on achieving investment success over the long term, knowing that doing so is likely to bring stretches of short-term underperformance.” 

Want the latest institutional investment industry
news and insights? Sign up for CIO newsletters.

Yale’s endowment return trailed all other Ivy League institutions except Princeton, which returned 3.9% in the period. In fiscal 2023, the Yale endowment returned 1.8%, and it returned 0.8% in 2022, two weak years for returns in the private markets.  

Despite recent weakness in private market returns, Yale’s endowment returned an annualized 9.5% and 10.3%, respectively, over the past 10- and 20-year periods. The endowment noted in its announcement that these returns exceeded a 70/30 portfolio by 3.8% over both the 10- and 20-year periods.  

Related Stories: 

Princeton’s 3.9% Return Lapped by Ivy League Peers 

Harvard Assets Reach $53B With 9.6% Return, Endowment Remains World’s Largest 

Cornell Endowment Returns 8.7% for Fiscal 2024 

Tags: , , ,

«