401khelpcenter.com Logo

COLLECTED WISDOM™ on Cybersecurity Risks and Liabilities

This is a collection of articles, papers, and commentaries on cybersecurity risks and liabilities for employers, retirement plan sponsors and fiduciaries.

This archive contains not only the most current material on the topic, but also older items that are still relevant, provide background, perspective or are germane to the topic.

If you find a broken link or an items that you feel is outdate, irrelevant or no longer appropriate, please let us know.

To subscribe to our free weekly newsletter, enter your email address below then click the "Join" button.

Email Address:



Vendor Process Reviews Are Crucial to Retirement Plan Cybersecurity

Abstract: Many retirement plan fiduciaries do a lackluster job monitoring the cybersecurity performance of the vendors they work with on a daily basis. A digital security expert says, "the behavioral and human element of data protection is always the most challenging part."

Source: Plansponsor.com, July 2019

Cybersecurity and Employee Benefit Plans

Abstract: The threat of a cyberattack is prevalent throughout the business world. Given the highly sensitive data held within employee benefit plans, it should come as no surprise that they have become a major target for hackers. Protecting participants’ personally identifiable information is a responsibility no longer limited to IT departments. Plan sponsors, fiduciaries and service providers of all employee benefit plans have an obligation to establish strong information systems practices to help prevent these attacks.

Source: Schneiderdowns.com, June 2019

Implementing Cybersecurity Best Practices for Plan Participants

Abstract: Cybersecurity has become a prevalent concern in the retirement industry. Surprisingly, many plan breaches are not all due to third-party attackers; rather, it can stem from the misconduct by employees. Therefore, it is in the best interest of plan sponsors to provide guidelines to their participants so these vulnerabilities can be prevented.

Source: Planpilot.com, June 2019

Driving Cybersecurity With Participants and Providers

Abstract: Among a plan sponsor's responsibilities, encouraging and enforcing cybersecurity are not the first tasks that come to mind. But, as modern technology takes over the common workplace, the concept of cybersecurity for retirement plans has started to see attention. Plan sponsors should evaluate providers' cybersecurity practices, but there are also steps they and plan participants can take to safeguard retirement accounts.

Source: Planadviser.com, May 2019

Cybersecurity Retirement Risks Trouble Benefits Leaders

Abstract: The $5 trillion in retirement plans have become a "tempting target" for hackers to access sensitive information held by plan providers in the industry, so two legislators asked the Government Accountability Office to examine data protections, processes and procedures within the private retirement system.

Source: Workforce.com, May 2019

Defend Your Retirement Plan Against Cyber Crime

Abstract: To a cyber criminal, the retirement plan industry looks like a big candy store with over five trillion dollars in liquid assets. It's up to plan sponsors to not only recognize the risk of cyber crime, but also proactively defend their retirement plans and participants. This article and podcast discusses what plan sponsors and participants can do to protect this important benefit.

Source: Francisinvco.com, May 2019

Cybersecurity Risk Management and 401k Auto Features

Abstract: Cybersecurity risk management is no longer an issue plan sponsors can ignore. Auto-portability may be an answer to one of the 401k plan sponsors' cybersecurity risk management concerns. Yes, cybersecurity risk management solutions may be available via the 401k auto features that knowledgeable retirement plan advisors have been touting for the past 5 years. Surprisingly, the technology that makes 401k auto-portability possible may also enhance existing industry best practices that protect plan participants' personal data.

Source: 401ktv.com, May 2019

Cybersecurity Breaches and Plan Advisor Assistance

Abstract: Defined contribution plans and their participants are not immune to the threat of cybersecurity breaches. Each data transmission to your recordkeeper or payroll provider, for example, creates risk. Plan sponsors and Retirement Plan Committees should be asking each other, "are we doing all we can to strengthen our retirement plan against cybersecurity breaches by keeping cybercriminals from hacking our participants' accounts?"

Source: 401ktv.com, May 2019

SPARK Clears Up Definitions for Retirement Plan Cybersecurity

Abstract: Reading the words "cyber security breach" and "cyber fraud" on the news, email, or in general can alone cause panic. But what constitutes a security breach, and how a recordkeeper should inform a plan sponsor about cyber-related events continue to be unclear throughout the industry. The SPARK Institute's Data Security Oversight Board worked with definitional examples from national cyber standards, international regulations, state privacy laws, and client contracts and gathered insights from the plan consultant representatives on the board.

Source: Planadviser.com, May 2019

Is Cybersecurity an ERISA Fiduciary Responsibility?

Abstract: Plan sponsors and service providers already take seriously their responsibilities to protect participant data, but where are the lines of responsibilities and accountability in the event of a breach?

Source: Napa-net.org, May 2019

Settlement in Vanderbilt 403b Case Raises Plan Data Questions

Abstract: The extent to which individuals should have control over their personal information and the data they generate in the on-line world has seized center stage in our national conversation. A new proposed settlement in Cassell v. Vanderbilt Univ. highlights the importance of these issues in the retirement plan marketplace.

Source: Groom.com, April 2019

Senate Committee Eyes Lack of Guidance on ERISA Cybersecurity

Abstract: There is no definitive answer to the question of whether the sponsor of a benefit plan is subject to the fiduciary standards of ERISA with respect to implementing cybersecurity measures to protect participants' financial data. Acknowledging a complete lack of guidance, a Senate committee sent a letter to the U.S. Government Accountability Office requesting guidance from the GAO on issues related to cybersecurity and the private retirement system.

Source: Truckerhuss.com, April 2019

Best Steps to Avoid a Cyber Attack on Your 401k Plan

Abstract: With everything from pizza deliveries to multi-million dollar deals being handled online, it should come as no surprise that hackers might target you 401k plan. However, security breaches don't stop with an unknown party simply accessing your participants' personally identifiable information. Hacks also can lead to unauthorized withdrawals of funds from 401k plans. This article provides some best practices for avoid this type of costly breach.

Source: Hallbenefitslaw.com, March 2019

Changing Cybersecurity Baselines?

Abstract: A recent FTC Cybersecurity proposal is significant to the retirement plan community for several reasons. First, the Proposal, if finalized, could raise the baseline for plan fiduciaries when developing prudent cybersecurity programs. Second, the Proposal builds on the increased interest in cybersecurity by regulators, Congress, and the states. Expect that other GLBA regulators, such as the banking regulators or the SEC may consider incorporating elements of the Proposal into their own regulations or guidelines.

Source: Groom.com, March 2019

Cybersecurity Best Practices for Employee Benefit Plans

Abstract: Employee benefit plans typically gather, use, and maintain confidential data about plan participants. Employers, plan sponsors, and fiduciaries must use cybersecurity best practices to protect this information. This article exploreS some cybersecurity techniques applicable to employee benefit plans.

Source: Hallbenefitslaw.com, March 2019

Expansion of Technology Will Increase Cyber Security Threats

Abstract: Aon released its 2019 Cyber Security Risk Report, which details the greatest cyber security threats and challenges organizations are currently facing. Among other risk areas shared are expansion of data into mobile devices and sharing of data with third-party vendors and service providers.

Source: Plansponsor.com, February 2019

Lawmakers Ask GAO to Examine Cybersecurity of Retirement System

Abstract: A letter to Gene Dodaro, Comptroller General of the U.S. Government Accountability Office (GAO), identifies 10 questions federal lawmakers would like the GAO to answer, following its examination.

Source: Plansponsor.com, February 2019

Identity Theft: The Rising Threat to Retirement

Abstract: The day starts as any other. A distribution form comes in for processing. It has a participant signature. The spousal consent section is completed and notarized. The Plan Administrator has signed the form. No problem. So, you process the $450,000 in-service distribution and give it no further thought. Three days later, the real participant calls in a panic wondering where his money went. Yikes. As a third party administrator (TPA), what can you do to help thwart this brazen, growing band of thieves? Do you have an obligation to do anything? What if your firm is acting as an ERISA 3(16) delegated fiduciary? Lot of questions, but we have no concrete guidance from any federal agency.

Source: Ferenczylaw.com, February 2019

Cybersecurity "Patchwork" Leaving Retirement Industry Vulnerable

Abstract: The retirement industry has no unified cybersecurity approach to protect sensitive data and an amalgam of federal and state regulations don't offer any clear approach for security within the retirement space, industry sources said.

Source: Pionline.com, February 2019

Are Cybercriminals Targeting Your 401k?

Abstract: To a cybercriminal, the 401k industry looks like a big candy store with over $5 trillion in liquid assets and largely automated systems. Armed with your name, social security number, date of birth, address and any personal information available on social media, your 401k account is vulnerable. Not surprisingly, since these large-scale data breaches have occurred, industry insiders report a sharp increase in the number of attempts to steal 401k assets. Here are some steps you should take now to protect your 401k assets.

Source: Francisinvco.com, January 2019

Benefit Plan Cybersecurity Considerations: A Recordkeeper and Plan Perspective

Abstract: The U.S. has no comprehensive national law governing cybersecurity and no uniform framework for measuring the effectiveness of protections, though retirement plan record keepers maintain the personally identifiable information on millions of workers. Plan sponsors frequently engage consultants and attorneys to help them secure sensitive data, but more work is necessary to engage a larger discussion around this issue. The SPARK Institute has outlined a flexible approach for an independent third-party reporting of cyber security capabilities with several key control objectives.

Source: Pensionresearchcouncil.wharton.upenn.edu, December 2018

Your 401k Might Be a Target for Hackers

Abstract: Retirement plans are a relatively new frontier for cyber fraud, but many in the industry say that such heists are becoming more common. Retirement plans have yet to be the target of the kind of system-wide hacks that make headlines, such as the Equifax breach last year. Still, hackers are getting ever-more sophisticated in their approaches.

Source: Barrons.com, December 2018

Mitigating the Risk of Cyber Attacks to Your Employee Benefit Plan

Abstract: Cybersecurity risks, such as phishing techniques, malware and ransomware attacks, facing employee benefit plans are no different than those facing corporations, and in fact, may be even more significant. As a plan sponsor and those charged with governance, you have a responsibility with respect to management and oversight of the plan, including understanding risks to the plan, even risks of cyberattacks.

Source: Schneiderdowns.com, November 2018

Video: Benefit Plan Cybersecurity Considerations

Abstract: Tim Rouse of SPARK, Allison Itami of Groom Law Group, and Ben Taylor of Callan Consulting discuss "Benefit Plan Cybersecurity Considerations: A Recordkeeper and Plan Perspective" at the 2018 PRC Symposium.

Source: Youtube.com, September 2018

Cybersecurity: Are Your Plan Participants Protected

Abstract: The best way to secure plan participants' information and assets is to establish an effective cybersecurity strategy. Organizational policies and training will ensure cybersecurity understanding and consistent practices across the board. The most effective cybersecurity strategy includes both a prevention plan as well as a response plan of action against a breach.

Source: Planpilot.com, September 2018

Cybersecurity: The Industry's Next Frontier

Abstract: Cybersecurity fraud was once a problem reserved for the largest government agencies, credit card companies and banks. However, as these organizations have hardened their security capabilities, fraudsters have shifted their focus to the next tier of banks, as well as financial firms that play in the brokerage, retirement and insurance spaces. Many of these firms are now scrambling to learn from the big banks and quickly implement similar or next generation cybersecurity methods and capabilities.

Source: Newportgroup.com, September 2018

Protecting Employee Benefit Plans With Cyber Insurance

Abstract: This article outlines reasons employers should consider obtaining cyber insurance, protections that a plan should include, possible drawbacks, and best practices for finding the plan with the appropriate coverage.

Source: Spencerfane.com, August 2018

Can Your 401k Be Hacked?

Abstract: While hacking is nothing new, the pace of large-scale cyberattacks has accelerated significantly. More worrisome for many plan sponsors, the focus of cyberattacks in the defined contribution world has shifted from hardened targets like recordkeepers and custodians to plan sponsors, which often lack the extensive cybersecurity defenses of their vendors.

Source: Forbes.com, July 2018

Your Plan Will Face a Cyber Attack. Here's How to Prepare

Abstract: One of the most difficult challenges for plan sponsors is determining where to start in their efforts to defend against increasingly sophisticated cyber attacks. This article is designed to assist plan sponsors with formulating and executing their strategy to protect their information and their assets.

Source: Callan.com, July 2018

Cybersecurity and Retirement Plans

Abstract: This article discusses whether retirement plans are really at risk and, if so, why. It concludes with some helpful hints and practical advice to reduce cybersecurity risks, some of which are tips employers can share with retirement plan participants.

Source: Passwordprotectedlaw.com, July 2018

Cyber Liability Insurance for Employee Benefit Plans: Hackers, Malware, and Phishing

Abstract: Employee benefit plans rely on a variety of service providers to administer benefits. Those providers maintain a plethora of participant data and protect plan assets for the benefit of participants. When a plan is attacked, the fallout can be overwhelmingly expensive and burdensome to correct. Many plan sponsors are purchasing cyber liability insurance coverage to supplement their data security measures. Understanding those policies -- and their exclusions -- is important for sponsors who are exploring such coverage.

Source: Spencerfane.com, June 2018

Cyber Fraud: Real Ideas to Address Virtual Crime

Abstract: The advent of electronic banking, plan administration, and account information access make it possible for cyber criminals to plunder assets, absent protections. Experts at the recent 2018 SPARK Institute National Conference held in National Harbor, MD addressed online threats to financial assets -- virtual, but also very real.

Source: Asppa.org, June 2018

Cybersecurity and Employee Benefit Plans

Abstract: Benefit plans are uniquely susceptible to cyber-risks because they store large amounts of sensitive employee information and share it with multiple third parties. This 5-minute podcast discusses cybersecurity issues impacting employee benefit plans. It reviews the developing legal framework in cybersecurity and outline practical tips that plan sponsors and recordkeepers may use to secure plan data.

Source: Erisapracticecenter.com, June 2018

Cybersecurity and Employee Benefit Plans: Questions and Answers

Abstract: This 8-page document was prepared by the EBPAQC to help plan auditors understand cybersecurity risk in employee benefit plans, and to discuss cybersecurity risk, responsibilities, preparedness, and response with plan clients.

Source: Aicpa.org, May 2018

Employers Unprepared for 401k Plan Data Breaches

Abstract: The U.S. retirement model has become of increasing interest to foreign hackers, typically the perpetrators of large-scale data breaches. However, companies, plan sponsors and plan participants are unaware or underprepared for the ramifications of a cyberattack, experts warn.

Source: Benefitnews.com, April 2018

Defend Your Retirement Plan From Cyberattacks

Abstract: Retirement plans are notorious targets for these attacks because they involve a high volume of sensitive information that is invaluable to criminals with malicious intent. Plan participant and financial information is generally shared with many different parties, making it more vulnerable to such threats. This article discusses current risks as well as some useful tips for protecting plan participants' information.

Source: Planpilot.com, March 2018

Securing Your Organization's Data

Abstract: Data security is a major concern for all organizations. There are many elements involved in protecting your own employees’ and your clients’ personally identifiable information. Conducting a self-assessment and developing your organization’s internal policies are a good starting point. But it is important to recognize that the job of data protection will never be complete; there will always be new items to add to your security to-do list.

Source: Cammackretirement.com, February 2018

Cybersecurity and ERISA Retirement Plans: The Financial Consultant's Role

Abstract: There is no explicit cybersecurity duty that applies to consultants under ERISA. Despite this, plan consultants need to become educated on the cybersecurity landscape surrounding plans, in order to assist plan sponsor clients in fulfilling their fiduciary duties.

Source: 401ktv.com, February 2018

Retirement Plans and Cybersecurity

Abstract: Cybersecurity is a topic that is routinely grabbing headlines across industries, and employee benefit plans are not immune to the risks of cybercrime. The best efforts to reduce these risks are multi-faceted approaches to protecting sensitive information, with employers, their plan participants, and their benefit providers all working in tandem to safeguard personal data.

Source: Sentinelgroup.com, February 2018

Preparation and Practice: Keys to Responding to a Cybersecurity Incident

Abstract: Despite constant advances in available cybersecurity measures, there is no such thing as perfect security, and companies must be prepared to respond to a significant cybersecurity incident at a moment's notice. This article describes some key steps companies can take to respond to a cybersecurity incident in a swift, efficient, and effective manner.

Source: Cov.com, February 2018

Advisers Are Apparently Ignoring Cybersecurity Threats

Abstract: Only 27% of RIAs surveyed by TD Ameritrade suggest that cybersecurity issues, even when very broadly defined, are likely to impact client portfolios during 2018; experts suggest this is just wishful thinking.

Source: Planadviser.com, January 2018

401k Plan Data, Can It Be Hacked?

Abstract: Failure to deal with cybersecurity issues could be a fiduciary breach under these rules and fiduciaries could have personal liability for the resulting losses, for example, if hackers are able to steal plan assets or fraudulently obtain distributions online by pretending to be participants. Participants whose personal accounts are hacked might also have claims against fiduciaries who failed to protect their data.

Source: 401ktv.com, January 2018

How Wall Street Hopes to Thwart 401k Hackers

Abstract: The industry-led project, called Sheltered Harbor, already is known to back up data for savings and checking accounts. But quietly, it's wrapping in data on retail brokerage accounts at some of the nation's largest firms, according to participants. And ultimately, the goal is to expand it to an even heftier pool of 401k accounts and pension funds, whose breach could upend global markets.

Source: Bloomberg.com, January 2018

Evolving Cybersecurity Landscape Pressures Plan Sponsors

Abstract: Being fiduciaries under ERISA, retirement plan officials are tasked with monitoring and managing cybersecurity risk as they invest participant dollars. As outlined in a new report from Corporate Insight, "Trends in Online Security: 1996 to Today," this is no simple task, and it has grown markedly more complex in the last two decades as the role of big data technology has ramped up in the retirement industry.

Source: Plansponsor.com, December 2017

Thwarting Cyber Attacks on Retirement Plans

Abstract: A stolen identity, a few clicks, and there it is, a handsome retirement plan balance, ripe for the picking. If only someone had done something to prevent it all. A recent blog entry offers some ideas on how to do that, as does the IRS.

Source: Ntsa-net.org, December 2017

Protecting Retirement Plans From Identity Theft

Abstract: Identity theft and related crimes are on the rise, and they can have a devastating impact on employer-sponsored 401k plans. Plans can have very large balances compared to other cyber targets such as bank accounts, and therefore, have become quite attractive to cyber criminals. Cybercrime related to retirement plans can occur because of threats such as phishing, ransomware, "social engineering," and wire transfer fraud, among others.

Source: Icemiller.com, November 2017

Cybersecurity as It Relates to Retirement Plan Data

Abstract: As cybersecurity threats increase, so should plan fiduciary efforts to combat these threats. Fiduciaries can work with service providers to strengthen existing protections and can work internally to create and document procedures that demonstrate prudent process.

Source: Groom.com, November 2017

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know-and Do

Abstract: The loss of employee personal information due to a cyber breach is an ever-increasing concern to all employers. No organization or industry is immune from cyber threats, including benefit plan sponsors and plan service providers. This article analyzes cybersecurity issues for retirement plans.

Source: Poynerspruill.com, October 2017

Five Cybersecurity Best Practices

Abstract: Regulators want to ensure advisors safeguard client and business information online. Implement these best practices to reduce the risk of your data being compromised.

Source: Morningstar.com, September 2017

Retirement Plans at Risk for Identity Theft

Abstract: While many cyber threats have special names, your retirement plan's data may be most at risk from common things an employees do every day that put themselves at risk for identity theft. It is those common things, discarding paperwork with personal information, postings on various websites and other information that can be available in the public domain that identity thieves may use to gain access to an individual employee's retirement plan account. Retirement plan accounts have been stolen by identity theft in several incidents.

Source: Winstead.com, September 2017

401k Cybercrime: Key to Keeping a Plan Safe Is Not Delegating Fiduciary Responsibilities

Abstract: Some employers delegate the two fiduciary roles that approve cash disbursements (from their 401k plan) to their provider. In the author's view, this outsourcing of fiduciary authority makes a 401k plan more vulnerable to cybertheft.

Source: Employeefiduciary.com, September 2017

Cybersecurity Must Be C-Suite Concern at RIAs, Brokers and Managers

Abstract: Cybersecurity attorney and former SEC staffer Marlon Paz suggests it is absolutely essential for advisory firms to have a senior executive "not just appointed but also empowered" as the chief information security risk officer.

Source: Planadviser.com, September 2017

Cybersecurity More Than an Individual Concern

Abstract: Cybersecurity is a special concern for the financial industry, a lawyer who handles cybersecurity cases said recently. But its importance goes well beyond the integrity of clients' and plan participants' sensitive information, it pervades inter-corporate business functions as well.

Source: Ntsa-net.org, September 2017

Cybersecurity and Online Privacy Issues for Employee Benefit Plans

Abstract: When most plan participants think about security involving their retirement plan, they are typically thinking along the lines of financial security and how their investments perform. However, like other financial institutions, retirement accounts are subject to cyber threats that could threaten users' privacy and other account information.

Source: Bsllp.com, August 2017

How to Guard Benefits Plans From Cyberattacks

Abstract: Cyberattacks -- including incidents of ransomware -- are making headlines almost daily. Because employee health and retirement plans are often top targets, HR professionals should take precautions to defend against these assaults, especially since breaches can also result in penalties and fines.

Source: Shrm.org, August 2017

Three Tips for Better 401k Plan Cybersecurity

Abstract: With trillions of dollars in assets to safeguard, the retirement services industry is now intensely focused on the issue of cybersecurity. This article provides three tips retirement plan participants use to protect their retirement savings.

Source: 401kspecialistmag.com, July 2017

Is Cybersecurity a Fiduciary Duty?

Abstract: Fiduciary duties and functions have been discussed over the last few years. But a recent blog entry suggests that cybersecurity should be added to them.

Source: Asppa.org, July 2017

Cybersecurity: Are Public Defined Contribution Plans at Risk?

Abstract: Given the continuing need for plans to adopt ever-greater levels of technology for administrative efficiency, the risk of inadvertent disclosure of personal information is escalating. Regardless of the investment made in protecting systems and data transmissions, plans remain vulnerable to human error and malicious or criminal actions.

Source: Nagdca.org, June 2017

Fiduciary Obligations to Safeguard Plan Participants' Data

Abstract: There have been numerous instances of high-profile cybercrime cases over the past couple of years spurring lively discussions in the ERISA community about the potential threat this type of crime poses to plan assets and personal data of plan participants and beneficiaries.

Source: Truckerhuss.com, June 2017

Plan Sponsors Growing Fiduciary Responsibilities for Cybersecurity

Abstract: This is the slide deck from a presentation on plan sponsors growing fiduciary responsibilities for cybersecurity given at the SPARK Institute's National Conference, June 1-2, 2017.

Source: Winstead.com, June 2017

SEC Issues Ransomware Risk Alert Highlighting Cybersecurity Best Practices

Abstract: The SEC published a Risk Alert regarding the "WannaCry" ransomware worm that infected hundreds of thousands of computers in over 150 nations earlier this month. The Alert provides background and resources and additionally highlighted cybersecurity best practices.

Source: Sutherland.com, May 2017

Data Breach Risks for 401k and Retirement Plans

Abstract: There has been a recent spike in attacks on 401k and retirement plans by cyber criminals. A data breach is a disruptive event. For plan fiduciaries, there are several factors that create heightened risk.

Source: Jonesday.com, April 2017

What Retirement Plan Sponsors and Employers Need to Know About Cybersecurity Risk and Liabilities

Abstract: Many employers historically were only concerned with privacy and security for health plans under the Health Insurance Portability and Accountability Act and state laws. However, cybersecurity should also be a consideration for every retirement plan fiduciary. To preserve fiduciary protection while making required disclosures electronically, retirement plan fiduciaries should consider whether their duties of loyalty, prudence and to administer the plan for the exclusive benefit of the participants might require them to protect their participants' personal information.

Source: Winstead.com, April 2017

Cybersecurity More Than an Individual Concern

Abstract: Cybersecurity is a special concern for the financial industry, a lawyer who handles cybersecurity cases said recently. But its importance goes well beyond the integrity of clients' and plan participants' sensitive information, it pervades inter-corporate business functions as well.

Source: Asppa.org, March 2017

Addressing Retirement Plan Cybersecurity

Abstract: It's not really new that cybersecurity is a concern for employers. But it shouldn't be ignored, especially in the context of retirement plans, since plan participants' personal and financial information is maintained and shared by multiple parties.

Source: Asppa.org, March 2017

Cybersecurity Risks and Liabilities for Employers, Retirement Plan Sponsors and Fiduciaries

Abstract: Many employers historically were only concerned with privacy and security for health plans under the privacy regulations. However, there are other references to protecting participant information in ERISA and employee information that should not be overlooked. Cybersecurity should be a consideration for every employer and retirement plan fiduciary.

Source: Winstead.com, February 2017

Cybersecurity Considerations for Employee Benefit Plans

Abstract: One of the most significant challenges that face employee benefit plans is the reliance on service providers to manage daily activities of the plan. As a result, employee benefit plans typically share sensitive employee data and beneficiary and employer information with these service providers. Based upon historical cybersecurity breaches, third parties can be considered the weakest cybersecurity link.

Source: Schneiderdowns.com, February 2017

ERISA Advisory Council Makes Recommendations on Cybersecurity

Abstract: The ERISA Advisory Council on Nov. 10 issued recommendations on actions the DOL can take regarding cybersecurity and making workplace retirement accounts more secure.

Source: Asppa.org, November 2016

DC Plans Ask About Cybersecurity Insurance, but Not for Them

Abstract: Defined contribution service providers generally have cybersecurity insurance when they take on recordkeeping and other duties, but DC plan sponsors themselves are more likely to be lacking such coverage. There is no legal requirement for plan sponsors or service providers to have cyber insurance, but it's best practice.

Source: Pionline.com, October 2016

DC Plans Face Threats to Crucial Data

Abstract: Cybersecurity issues are not really unique in defined contribution. Hackers are getting smarter and are getting better at decrypting. DC plans need to get smarter overall in protecting online sites like banking and DC portals. But there are specific issues to defined contribution plans when it comes to cybersecurity.

Source: Pionline.com, October 2016

401k Service Providers and Cybersecurity: Questions to Ask

Abstract: 401k plan fiduciaries have an obligation to secure and keep private the personally identifiable information of plan participants and beneficiaries. Part of this essential task is ensuring that plan service providers take cybersecurity preparedness and plan data protection seriously.

Source: 401khelpcenter.com, October 2016

Podcast: Cybersecurity and 401k Plans: Real or Theoretical Risk?

Abstract: This podcast discusses the evolving world of cyber risk or cyber threats and how they can impact 401k and other employer benefits plans.

Source: 401kfridays.com, October 2016

ERISA Cybersecurity Threats and the Role of Human Resources

Abstract: With the increasing threat to organizations from data breaches, HR plays a critical role in helping prevent and minimize the risk from cyber theft. This 21-minute podcast addresses how to identify potential cybersecurity problems, workforce challenges in data protection, and the use of policies, training and employee education that are designed to protect private and sensitive data.

Source: Littler.com, September 2016

Cybersecurity and the Role of ERISA Fiduciaries

Abstract: Recent technological advancements, especially in the area of cybersecurity, have only now become the focus of most ERISA fiduciaries. Due to the increasing frequency and sophistication of cyber-related threats to employee benefit plans, their trustees and third-party plan administrators and the potential financial repercussions, compliance with ERISA fiduciary standards will require implementation of a prudent cyber risk management strategy. This article is dedicated to understanding cybersecurity issues in the context of ERISA benefit programs.

Source: Pillsburylaw.com, September 2016

ERISA Advisory Council Highlights Importance of Cybersecurity Oversight

Abstract: The 2016 ERISA Advisory Council is gathering to study ways to encourage benefit plan sponsors and managers to adopt strategies that minimize the exposure of plan participants' data from cyber-attack. This article touches on what the Council is considering

Source: Gtlaw.com, August 2016

SEC Continues to Focus on Cybersecurity for Investment Advisers

Abstract: As in 2015, the Securities and Exchange Commission Examination Priorities for 2016 identify cybersecurity as an area of "potentially heightened [market-wide] risk."

Source: Ria-compliance-consultants.com, August 2016

Plan Advisers Take More Interest in Recordkeepers' Cybersecurity Practices

Abstract: In an era when costly cyberattacks and data breaches are becoming more common, 401k plan advisers are beginning to scrutinize data-security practices at recordkeeping firms. RK clients also have heightened concerns about securing the personal data of their employees.

Source: Investmentnews.com (registration may be required), July 2016

ERISA and Cybersecurity

Abstract: Data breaches are also causing benefit plan administrators and other fiduciaries under ERISA to consider whether their ERISA responsibilities include securing online plan data from cyberattacks, especially as to 401k and other benefit plans that are not subject to HIPAA. Although definitive guidance has not been provided, fiduciaries would be well-advised to proceed on the assumption that cybersecurity is an ERISA issue.

Source: Passwordprotectedlaw.com, June 2016

Fiduciary Risk in Data Privacy and Cybersecurity

Abstract: Retirement plans store extensive personal data on each participant and beneficiary. This data ranges from Social Security numbers and addresses to dates of birth, bank account and financial information, and other records and is stored physically and in electronic forms for years, if not decades. Retirement plan fiduciaries must take precautions to help ensure that they have fulfilled their fiduciary duties with respect to data privacy and cybersecurity.

Source: Morganlewis.com, April 2016

Cybersecurity's Impact on TPAs

Abstract: A recent announcement by the ERISA Advisory Council that it will be focusing on how cyber-related threats affect TPAs is addressed in a recent legal advisory from Pillsbury Law.

Source: Asppa.org, April 2016

An Overview of Cybersecurity Issues Affecting Retirement Plans

Abstract: In order to minimize a retirement plan's overall cyber risk profile, its sponsor(s) must implement a cyber risk management strategy, including focusing on evaluating its third-party service providers' cybersecurity programs, performing periodic assessments of such programs, and ensuring that the retirement plan has mitigated risks from losses in the event of a cyber attack.

Source: Pillsburylaw.com, February 2016

401khelpcenter.com, LLC is not the author of the material referenced in this digest unless specifically noted. The material referenced was created, published, maintained, or otherwise posted by institutions or organizations independent of 401khelpcenter.com, LLC. 401khelpcenter.com, LLC does not endorse, approve, certify, or control this material and does not guarantee or assume responsibility for the accuracy, completeness, efficacy, or timeliness of the material. Use of any information obtained from this material is voluntary, and reliance on it should only be undertaken after an independent review of its accuracy, completeness, efficacy, and timeliness. Reference to any specific commercial product, process, or service by trade name, trademark, service mark, manufacturer, or otherwise does not constitute or imply endorsement, recommendation, or favoring by 401khelpcenter.com, LLC.

About | Glossary | Privacy Policy | Terms of Use | Contact Us

Creative Commons License
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.