With a total of over $10 trillion of retirement savings now accumulated in employer sponsored retirement plans, the stakes for safeguarding them are high indeed. The dollars and data require ever better cybersecurity–and ultimately, the trust of workers is on the line.
Cyber Threats: An Ever Present Risk
As if protecting the retirement nest eggs of employees is not a big enough responsibility for plan sponsors, industry experts remind us that when we consider the big picture, the stakes are in fact even higher. Gregg Levinson senior director for retirement at WTW, offers this perspective: “The risk is substantial: It is the integrity of the defined contribution system, broadly….For vendors, it is their own integrity [and the] ability to protect their assets and their business model, [whereas] for employers, it is being able to also protect their employee assets and their employee relations.” Given the stakes, it is no wonder, as Plan Sponsor reports, that while businesses have much to worry about, cybersecurity continues to hover near the very top of the list:
Guarding against online threats is—for the ninth straight year—among the top three business concerns for leaders. Some 58% of 1,200 representatives of companies of all sizes worry some or a great deal about cyber risks, ranking vulnerability to attack just below medical cost inflation (60%) and broad economic uncertainty (59%), found the 2023 Travelers Risk Index….More than half of business leaders surveyed…say it is inevitable their business will be a victim of a cyberattack. Allison Itami, a principal in Groom Law Group, says the risk for plan sponsors ranges widely. “The data is at risk, assets are at risk, the reputation of the plan sponsor can be at risk or [that of] the service provider….Also, fundamentally, the trust or the goodwill and the relationship can be at risk: There is a lot on the line if somebody were to lose access to their retirement savings.”
Cyber threats come in many forms, at many times–making them an ever present concern. Consider for example, that according to data from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency,
“47% of U.S. adults have had personal information exposed by cybercriminals; and the Facebook accounts of 600,000 individuals are hacked every single day.” Summing up the risks for businesses that sponsor retirement plans, Matthew Petersen, executive director of the National Association of Government Defined Contribution Administrators says:
What’s at risk is really as broad as the different types of attacks that are out there, and they do run the gamut: from actually taking money out of an account to getting personally identifiable information and passwords that you could use to trade on the dark web or access other types of accounts….The risk is broad; the risk is hard to measure. It can touch any aspect of the organization and any aspect of the [DC] plan.….Anywhere in the chain of custody of information, there is vulnerability….Whether you are talking about the end user—the person actually trying to access their account—whether you are talking about the administrator themselves, whether you are talking about a party who is connected to the administrator through software, there are really any number of vulnerabilities throughout the system.”
Because cyber incidents can rapidly blow into fiduciary breach allegations, plan sponsors are advised to be proactive about protection strategies. Levinson for example urges: “Smart practice…is to incorporate cybersecurity into [the] fiduciary oversight model and make sure [DC plans are] following key steps both from a process standpoint, an IT standpoint and [down the line]….But it is not just an HR issue. It is an IT issue, it is a business issue, it is a communications issue.” Of course, cybersecurity is also a service provider issue, and it’s essential for plan sponsors to monitor the protocols providers have in place: “If an incident were to happen, what happens? Make sure that you as the plan sponsor are satisfied with your vendors’ response times, their answers to your questions—all those things—so that if something happens, you know what is going to happen and you are satisfied with what is going to happen ….” In addition to monitoring third party administrators, it’s also best practice for plan sponsors to have “their own cyber policy similar to an investment or compliance policy.”
Colonial Surety is here to help plan sponsors manage their responsibilities and risks with our efficient and affordable Cyber+Fiduciary Liability Insurance package. Along with defense costs and penalty limits up to $1,000,000, our liability insurance package for plan sponsors includes:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach.
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Protect yourself, your business and the plan, efficiently and affordably today:
Under the high standards of ERISA law, plan sponsors are fiduciaries and can be held personally liable for errors–even when services are outsourced. Regulatory audits, lawsuits, cybersecurity incidents or the mere allegation of a fiduciary breach turn out to be extremely costly and disruptive to business owners. With Colonial on your side, a few dollars a day ensures defense costs and penalty limits up to $1,000,000 if faced with alleged or actual breaches of duty in connection with the employee retirement plan. Colonial’s fiduciary+cyber liability package is right here for you:
Pension Plan Professional?
Let Colonial help you make sure your plan sponsor clients have the coverage they need. Of course we have got you covered too! From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liability Insurance–and more, we’re HERE with the coverages pension professionals need to keep the business going—and growing.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.