A New Job for Plan Sponsors: Cybersecurity



The more every business (and person in it) uses technology, the bigger the “attack surface” for cybercrime becomes. Last year’s massive MOVEit data breach, compromising data at over 600 businesses, sounded an alarm: whether or not they want the job, cybersecurity is now inherently a priority for every business owner–and benefit plan sponsor. 


Working At The Intersections

Just as technology is critical to every business, so too is cybersecurity, and as national risk management expert, Richard Clarke, reminds us, retirement plan sponsors have an additional compelling reason to lean further into the work of cybersecurity policies and procedures: “Given that any person involved in the management of an employee retirement or benefits plan can be held personally liable for a fiduciary breach under ERISA law, they must roll up their sleeves to work at the intersections of plan management and technology.”


Indeed, as cyberthreats, and the sophistication of criminals grow, so too do the responsibilities of plan sponsors. An important starting point is to “assess and reassess” the current cybersecurity vulnerabilities of the plan against “independently developed criteria.” This review, with documented follow up action, should be performed annually, since change is a constant. Experts additionally advise plan sponsors to take these fundamental steps toward data breach protection:


1.Formal training and policy: Employee benefit plans of all sizes need a cybersecurity policy statement explicitly written to align with the Employee Benefits Security Administration’s (EBSA) guidance. …Official cyber policies have grown to the same importance as investment policy statements … .Policy should include the use of multi-factor authentication and mandatory staff training….

2.Third-party solution provider policy and standards:….Implement strict cybersecurity guidelines for hiring, monitoring, and re-hiring tech vendors of retirement plan services, health care plans, payroll operations, and any other service provider that takes possession of personally identifiable information…..

3.Cyber breach response plan: ….Planning prevents incidents from spiraling into disasters and is one of the best practices specifically recommended by EBSA…. The breach response plan will enable a plan sponsor to immediately engage legal counsel as well as to employ cyber insurance and covered services, assemble a cross functional team; and perform an analysis of root causes.

Button Up With Protections Too

Even while diligently digging into cybersecurity protocols and best practices for the business and plan, benefit sponsors are advised to take extra precautions, given the very real threat of lawsuits related to the protection of data: 


Attorneys and consumers have become increasingly aware they can sue the companies or the plan sponsor individuals if data is compromised. Plan sponsors cannot afford to overlook the scrutiny of insurance requirements in vendor contracts and should confirm where the responsibility lies in handling a cyberattack and understanding the full spectrum of potential company and personal liability.In today’s tech-driven business world, plan professionals are well-advised to insulate themselves against personal exposure for third-party claims of not meeting fiduciary obligations by obtaining fiduciary liability insurance.”


Ensure your personal and business assets are shielded from the repercussions of fiduciary breach allegations, including those resulting from cyber incidents, with affordable Fiduciary Liability Insurance from Colonial Surety Company, where a one-year policy, inclusive of 50k Cyber Liability Insurance, costs less than an hour of ERISA defense attorney fees.


Colonial Surety’s affordable Fiduciary Liability & Cyber Liability Insurance packages are specifically designed to help plan sponsors with:



  • DOL Compliance: The Department of Labor stresses the importance of Cyber Liability Insurance, considering its absence as a fiduciary breach. Our coverage not only safeguards the plan but also protects your business.




  • Comprehensive Protection: All our packages include Fiduciary Liability Insurance, ensuring your business and personal assets are shielded from the repercussions of fiduciary breaches.




  • Cost-Control: Our packages are available for 1, 2, and 3-year terms, providing flexibility and locked-in rates.



Get buttoned up in minutes today, as you opt to add liability insurance to your ERISA Bond:


Fiduciary and Cyber Liability Insurance HERE