Cyber for Plan Sponsors

Types of Cyber Attacks for Plan Sponsors to Watch Out For


Retirement plans and plan sponsors are coming under attack from cyber attacks. The obvious response is to take precautions to prevent a cyber attack from hitting your retirement plan. But how can you do that without knowing what types of cyber attacks you should be on the look out for? Here’s a list of the types of attacks you should be aware of. They could come for your plan next.

1. Phishing

Phishing attacks have been around since the dawn of the internet and Nigerian Princes asking for your credit card info to help them give out part of their fortune. Basically, a phishing attack is a fraudulent email imitating a trusted vendor or person. The emails may request you provide personal data though more insidious ones are able to gain access to your data just by having you click on a link.

2. Malware

Also known as a computer virus, malware is any harmful code introduced to your computer that locks or steals data. Malware can be introduced to a computer through a download of an infected file. One example of malware is ransomware, in which malware locks your data and requires you to pay the attacker to release your data again.

3. Denial of Service (DDoS) Attacks

DDoS attacks, those made famous by rogue online communities such as 4chan that have succeeded in shutting down popular sites and services, are conducted by sending massive numbers of volume requests until a network is overloaded and succumbs to the requests. It then shuts down. DDoS attacks usually aren’t meant to steal data themselves; rather they distract from the actual data stealing attack.

4. Identity Theft

Hackers have found ways to get around not knowing an account’s passwords by figuring out answers to security questions via publicly available information posted on social media. This allows them access to your account, where they can steal information and divert funds and payouts to their accounts.

5. Password Identification

This isn’t as long a process as identity theft: it’s essentially a hacker using an algorithm to figure out your password. Best practices for a secure password have a hard time keeping up with hackers’ tools for cracking passwords. And, there are even more kinds of cyber attacks aimed at taking down plan sponsors.

The scariest part is that new and more treacherous cyber attack methods are being created each day. It’s nearly impossible for a plan sponsor to keep abreast of all of them and able to completely safeguard a retirement plan. There is one way to ensure that you and your company are protected in the increasingly likely event of a cyber attack: cyber liability insurance.

Where can I easily purchase cyber liability insurance to protect my company and retirement plan?

Colonial Surety includes cyber liability insurance with our ERISA fidelity bond packages with fiduciary liability insurance to best protect your company and plan against a cyber attack.

Colonial’s cyber insurance provides a services-based solution to help plan sponsors manage data breaches successfully. These services include a dedicated team of cyber breach professionals who assist plan sponsors at every stage of incident investigation and breach response. These professionals coordinate the carefully vetted forensics experts and specialized lawyers to help plan sponsors establish what’s been compromised; assess plan sponsor responsibility; and, notify those individuals affected. In addition, these services will also coordinate credit or identity monitoring, and PR advice to help the plan sponsor safeguard its reputation. Of course, Colonial’s cyber insurance also indemnifies and defends plan sponsors from covered lawsuits or regulatory actions, the risk of which may be reduced by a well-coordinated breach response, but can never be completely eliminated.

Ongoing governance and evaluation of recordkeepers can help protect data, but the only way to fully protect against a potential cyber attack’s data breach is to purchase cyber liability insurance from Colonial Surety Company.