401khelpcenter.com Logo

COLLECTED WISDOM™ on Cybersecurity Risks and Liabilities

This is a collection of articles, papers, and commentaries on cybersecurity risks and liabilities for employers, retirement plan sponsors and fiduciaries.

This archive contains not only the most current material on the topic, but also older items that are still relevant, provide background, perspective or are germane to the topic.

If you find a broken link or an items that you feel is outdate, irrelevant or no longer appropriate, please let us know.

To subscribe to our free weekly newsletter, enter your email address below then click the "Join" button.

Email Address:



Data Breach Risks for 401k and Retirement Plans

Abstract: There has been a recent spike in attacks on 401k and retirement plans by cyber criminals. A data breach is a disruptive event. For plan fiduciaries, there are several factors that create heightened risk.

Source: Jonesday.com, April 2017

What Retirement Plan Sponsors and Employers Need to Know About Cybersecurity Risk and Liabilities

Abstract: Many employers historically were only concerned with privacy and security for health plans under the Health Insurance Portability and Accountability Act and state laws. However, cybersecurity should also be a consideration for every retirement plan fiduciary. To preserve fiduciary protection while making required disclosures electronically, retirement plan fiduciaries should consider whether their duties of loyalty, prudence and to administer the plan for the exclusive benefit of the participants might require them to protect their participants' personal information.

Source: Winstead.com, April 2017

Cybersecurity More Than an Individual Concern

Abstract: Cybersecurity is a special concern for the financial industry, a lawyer who handles cybersecurity cases said recently. But its importance goes well beyond the integrity of clients' and plan participants' sensitive information, it pervades inter-corporate business functions as well.

Source: Asppa.org, March 2017

Addressing Retirement Plan Cybersecurity

Abstract: It's not really new that cybersecurity is a concern for employers. But it shouldn't be ignored, especially in the context of retirement plans, since plan participants' personal and financial information is maintained and shared by multiple parties.

Source: Asppa.org, March 2017

Cybersecurity Risks and Liabilities for Employers, Retirement Plan Sponsors and Fiduciaries

Abstract: Many employers historically were only concerned with privacy and security for health plans under the privacy regulations. However, there are other references to protecting participant information in ERISA and employee information that should not be overlooked. Cybersecurity should be a consideration for every employer and retirement plan fiduciary.

Source: Winstead.com, February 2017

Cybersecurity Considerations for Employee Benefit Plans

Abstract: One of the most significant challenges that face employee benefit plans is the reliance on service providers to manage daily activities of the plan. As a result, employee benefit plans typically share sensitive employee data and beneficiary and employer information with these service providers. Based upon historical cybersecurity breaches, third parties can be considered the weakest cybersecurity link.

Source: Schneiderdowns.com, February 2017

ERISA Advisory Council Makes Recommendations on Cybersecurity

Abstract: The ERISA Advisory Council on Nov. 10 issued recommendations on actions the DOL can take regarding cybersecurity and making workplace retirement accounts more secure.

Source: Asppa.org, November 2016

DC Plans Ask About Cybersecurity Insurance, but Not for Them

Abstract: Defined contribution service providers generally have cybersecurity insurance when they take on recordkeeping and other duties, but DC plan sponsors themselves are more likely to be lacking such coverage. There is no legal requirement for plan sponsors or service providers to have cyber insurance, but it's best practice.

Source: Pionline.com, October 2016

DC Plans Face Threats to Crucial Data

Abstract: Cybersecurity issues are not really unique in defined contribution. Hackers are getting smarter and are getting better at decrypting. DC plans need to get smarter overall in protecting online sites like banking and DC portals. But there are specific issues to defined contribution plans when it comes to cybersecurity.

Source: Pionline.com, October 2016

401k Service Providers and Cybersecurity: Questions to Ask

Abstract: 401k plan fiduciaries have an obligation to secure and keep private the personally identifiable information of plan participants and beneficiaries. Part of this essential task is ensuring that plan service providers take cybersecurity preparedness and plan data protection seriously.

Source: 401khelpcenter.com, October 2016

Podcast: Cybersecurity and 401k Plans: Real or Theoretical Risk?

Abstract: This podcast discusses the evolving world of cyber risk or cyber threats and how they can impact 401k and other employer benefits plans.

Source: 401kfridays.com, October 2016

ERISA Cybersecurity Threats and the Role of Human Resources

Abstract: With the increasing threat to organizations from data breaches, HR plays a critical role in helping prevent and minimize the risk from cyber theft. This 21-minute podcast addresses how to identify potential cybersecurity problems, workforce challenges in data protection, and the use of policies, training and employee education that are designed to protect private and sensitive data.

Source: Littler.com, September 2016

Cybersecurity and the Role of ERISA Fiduciaries

Abstract: Recent technological advancements, especially in the area of cybersecurity, have only now become the focus of most ERISA fiduciaries. Due to the increasing frequency and sophistication of cyber-related threats to employee benefit plans, their trustees and third-party plan administrators and the potential financial repercussions, compliance with ERISA fiduciary standards will require implementation of a prudent cyber risk management strategy. This article is dedicated to understanding cybersecurity issues in the context of ERISA benefit programs.

Source: Pillsburylaw.com, September 2016

ERISA Advisory Council Highlights Importance of Cybersecurity Oversight

Abstract: The 2016 ERISA Advisory Council is gathering to study ways to encourage benefit plan sponsors and managers to adopt strategies that minimize the exposure of plan participants' data from cyber-attack. This article touches on what the Council is considering

Source: Gtlaw.com, August 2016

SEC Continues to Focus on Cybersecurity for Investment Advisers

Abstract: As in 2015, the Securities and Exchange Commission Examination Priorities for 2016 identify cybersecurity as an area of "potentially heightened [market-wide] risk."

Source: Ria-compliance-consultants.com, August 2016

Plan Advisers Take More Interest in Recordkeepers' Cybersecurity Practices

Abstract: In an era when costly cyberattacks and data breaches are becoming more common, 401k plan advisers are beginning to scrutinize data-security practices at recordkeeping firms. RK clients also have heightened concerns about securing the personal data of their employees.

Source: Investmentnews.com (registration may be required), July 2016

ERISA and Cybersecurity

Abstract: Data breaches are also causing benefit plan administrators and other fiduciaries under ERISA to consider whether their ERISA responsibilities include securing online plan data from cyberattacks, especially as to 401k and other benefit plans that are not subject to HIPAA. Although definitive guidance has not been provided, fiduciaries would be well-advised to proceed on the assumption that cybersecurity is an ERISA issue.

Source: Passwordprotectedlaw.com, June 2016

Fiduciary Risk in Data Privacy and Cybersecurity

Abstract: Retirement plans store extensive personal data on each participant and beneficiary. This data ranges from Social Security numbers and addresses to dates of birth, bank account and financial information, and other records and is stored physically and in electronic forms for years, if not decades. Retirement plan fiduciaries must take precautions to help ensure that they have fulfilled their fiduciary duties with respect to data privacy and cybersecurity.

Source: Morganlewis.com, April 2016

Cybersecurity's Impact on TPAs

Abstract: A recent announcement by the ERISA Advisory Council that it will be focusing on how cyber-related threats affect TPAs is addressed in a recent legal advisory from Pillsbury Law.

Source: Asppa.org, April 2016

An Overview of Cybersecurity Issues Affecting Retirement Plans

Abstract: In order to minimize a retirement plan's overall cyber risk profile, its sponsor(s) must implement a cyber risk management strategy, including focusing on evaluating its third-party service providers' cybersecurity programs, performing periodic assessments of such programs, and ensuring that the retirement plan has mitigated risks from losses in the event of a cyber attack.

Source: Pillsburylaw.com, February 2016

401khelpcenter.com, LLC is not the author of the material referenced in this digest unless specifically noted. The material referenced was created, published, maintained, or otherwise posted by institutions or organizations independent of 401khelpcenter.com, LLC. 401khelpcenter.com, LLC does not endorse, approve, certify, or control this material and does not guarantee or assume responsibility for the accuracy, completeness, efficacy, or timeliness of the material. Use of any information obtained from this material is voluntary, and reliance on it should only be undertaken after an independent review of its accuracy, completeness, efficacy, and timeliness. Reference to any specific commercial product, process, or service by trade name, trademark, service mark, manufacturer, or otherwise does not constitute or imply endorsement, recommendation, or favoring by 401khelpcenter.com, LLC.

Press Center | Glossary | Privacy Policy | Terms of Use | Contact Us

Creative Commons License
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.