Check out the new enhancements to On-Demand Reporting!

Now it's easier than ever to find, customize, run and subscribe to the reports you need.

Watch our video to learn more.

Marquee Header

Continuous protection. Always evolving.

From plan sponsors to participants, cybersecurity is on everyone’s mind---and everyone expects you to protect their data. Here's what we're doing to help protect privacy and prevent fraud.

55% of consumers say companies should have primary responsibility for the security of their online and mobile accounts. TeleSign Consumer Account Security Report, 2016.

Looking to be better informed about cybersecurity? Do you want to know if your provider is taking all the steps necessary to protect your data? We’ve compiled the 10 critical cybersecurity questions to ask.

Cybersecurity is a responsibility we take very seriously–and these are the measures we take.



Our security strategy is informed by frequent board and committee briefings, executive tabletop sessions, periodic security briefings and an established business continuity plan.



Our associates are carefully vetted and thoroughly trained in security awareness and primary incident protection.



We employ advanced network and data protection, identity, and access management, plus cybersecurity data analysis.



Ongoing risk assessment management and testing are vital parts of our best practises.


Vigilance and Monitoring

We continuously monitor plan and transaction activity, around the clock, every day of the year.

Plan and Participant Security

Our sophisticated systems continually monitor and assess both plan and participant account activity—because data privacy and security are two of our highest priorities.

Our Account Protection Program

The T. Rowe Price Account Protection Program is designed to assure plan sponsors and participants that their accounts are protected in the event of fraud. Under the Program, we’ll restore eligible account losses caused by unauthorized activity* when plans and participants follow some best practices.

  • Boost login protections
  • Monitor accounts and raise concerns in a timely manner
  • Look out for suspicious emails
  • Take precautions at home
  • Browse with vigilance
  • Contact us, cooperate with security measures, and stay informed

Maintain access to T. Rowe Price systems

  • Monitor, update and remove (if applicable) user access in a timely manner, using permissions to enable only those functions that each user needs
  • Use security provisions to minimize visibility of confidential information such as Social Security numbers

Use secure methods to send files and download data

  • Always send files using secure methods approved by T. Rowe Price
  • Use on-demand reporting to access data
  • Limit downloading from systems

Take precautions to protect assets

  • Establish a robust plan for monitoring threats and maintaining and securing assets
  • Train and support employees in protecting assets 

Employ strict vendor controls

  • Maintain a strict vendor vetting program, including limiting vendor access to plan and participant data to the information that’s required for the vendor’s role
  • Establish an oversight structure to ensure that vendors comply with standards for data protection.

* Plan sponsors and participants should contact us immediately if they suspect a potential breach or fraudulent activity. All reported concerns will be thoroughly investigated to determine program applicability. The Account Protection Program may not apply if the security best practices outlined in this document are not followed.

Strengthening Participant Interactions Online and By Phone

Multi-Factor Authentication

Multi-Factor Authentication provides an additional layer of security to normal login requirements and call center interactions. It requires participants to provide information that only they have access to: a code they must enter to authenticate their log in. 

Multi-Factor Authentication will be required of all participants before the end of 2019. 


Voice Biometrics

The voice biometrics process passively authenticates callers as they naturally engage with the call center. This new tehnology evaluates several criteria for each caller, including voice, caller behavior, call location, and device, beginning with their first interaction with our call center. If the call seems suspicious, the system will automatically trigger additional authentication procedures. 


Cybersecurity is a top priority.

From more secure login information to continuous threat evaluation, we’re always working to keep your information and accounts safe—because we know how important security is to you.

Contact your T. Rowe Price representative to find out how we can take your plan to the next level.