Careless Participants?



Poor password practices and other careless habits among retirement plan participants contribute to the cybersecurity threats—and breaches—occurring to retirement accounts. Though plan sponsors cannot of course control participant behavior, they must exert diligence in their efforts to protect the plan against cyber threats and losses. Experts suggest specific action steps.


Educate and Activate

Remember: the Department of Labor’s Cybersecurity Guidance, issued in 2021, includes Online Security Tips written specifically for plan participants. Accordingly, retirement plan sponsors need to make sure these tips are periodically shared with participants. As fiduciaries, plan sponsors also need to make sure that efforts to educate participants on cybersecurity are well-documented. But plan sponsors can’t stop there: they must monitor the cybersecurity protocols in use by service providers, such as recordkeepers. Optimally, reviewing the practices put in place to safeguard the plan is part of the selection and contracting process for third party providers, with period subsequent reviews. Legal expert Alex Smith of Holland & Hart offers these specific pointers for doing so:


  • Ensuring that the recordkeeping agreement makes the recordkeeper financially responsible for thefts from participant accounts when the participant is not at fault.


  • Ensuring that the recordkeeping agreement requires the recordkeeper to maintain appropriate cybersecurity protections and procedures.


  • Requiring the recordkeeper to implement two-factor authentication as the default setting for account access (preferably as part of the recordkeeping services agreement).


  • Requiring the recordkeeper to impose a delay on distributions from accounts for a period after the participant’s address and/or banking information has changed….


  • Requiring the recordkeeper to notify the participant through the old contact information of any change to the participant’s contact or banking information….


  • Requiring the recordkeeper to require the participant to provide a copy of his or her photo identification in order take a distribution….


  • Scrutinizing recordkeepers’ cybersecurity processes and procedures during any recordkeeper search process.


Recent ERISA litigation makes it is particularly important for plan sponsors to be prepared to answer key questions about the cybersecurity protocols of service providers, including, “Are we sure our service providers and their subcontractors adhere to appropriate data security policies and practices?” One cybersecurity action step plan sponsors can cross off their lists, in minutes, today, is: putting a cyber breach response plan in place. A cyber breach response plan prevents incidents from spiraling into disasters and is one of the best practices specifically recommended by EBSA. Get your response plan in place immediately with Colonial Surety’s affordable Cyber-Fiduciary Liability package, which includes:


  • Expert-led response services following a data breach.
  • Protection from lawsuits and regulatory actions related to the breach.
  • Legal services.
  • Computer forensic services.
  • Public relations and crisis management expenses.
  • Notification services.
  • Call Center services.
  • Credit and Identity monitoring


Now available with just a one year commitment, Colonial’s Cyber-Fiduciary Package, also covers defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan. Remember, because a cyber breach can quickly spiral into allegations of a fiduciary breach, it’s critical for retirement plan sponsors to have both cyber and fiduciary liability protection. Colonial makes it so efficient and reasonable that you can secure your protection in minutes now:


Cyber and Fiduciary Liability Insurance Here.


Even the most diligent plan fiduciary can never fully eliminate the possibility of a cyber breach. Similarly, plan fiduciaries can never fully eliminate the risk of being held personally liable for fiduciary breaches. Why take unnecessary risks? The annual cost of Colonial’s Cyber and Fiduciary Liability  coverage is less than the fee for one hour of expert legal defense if a lawsuit or regulatory challenge strikes you and your business. Get covered, in minutes, today:


Cyber and Fiduciary Liability Insurance Here.


Pension plan professional? We’re here to help you make sure your plan sponsor clients have the coverage they need—and we’ve got you too. From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liabiity Insurance–and more, we’re HERE with the coverages pension professionals need to keep the business going—and growing.


Insurance for Pension Professionals Right Here.

Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.