Under ERISA, fiduciaries are subject to the prudent expert standard of care, in which they have to act with diligence, care, and skill an expert under the circumstances in their field would. They also owe a duty of loyalty to plan participants. Fiduciaries, or those who act with discretionary control or authority over plan assets, have to work in the interests of plan beneficiaries and participants only.
This means that fiduciaries should take proper care to make sure that plan assets, including plan data, are not stolen via cyber attack or data breach. Not taking proper care and doing what an expert would do to protect plan assets from cyber attack would likely constitute a fiduciary breach. The only question is whether what is stolen is a plan asset, which is further elaborated upon here.
One important way to prudently make sure that your plan is protected is to purchase cyber liability insurance to cover the plan in case a cyber attack finds its way around the defenses you’ve put up. Hackers and attackers always seem to be ahead of the curve in evading cyber defenses and the only way to make sure you and your company are protected if they are able to get through is Cyber Liability Insurance.
Where can I easily purchase cyber liability insurance to protect my company and retirement plan?
Colonial’s cyber insurance provides a services-based solution to help plan sponsors manage data breaches successfully. These services include a dedicated team of cyber breach professionals who assist plan sponsors at every stage of incident investigation and breach response. These professionals coordinate the carefully vetted forensics experts and specialized lawyers to help plan sponsors establish what’s been compromised; assess plan sponsor responsibility; and, notify those individuals affected. In addition, these services will also coordinate credit or identity monitoring, and PR advice to help the plan sponsor safeguard its reputation. Of course, Colonial’s cyber insurance also indemnifies and defends plan sponsors from covered lawsuits or regulatory actions, the risk of which may be reduced by a well-coordinated breach response, but can never be completely eliminated.
Ongoing governance and evaluation of recordkeepers can help protect data, but the only way to fully protect against a potential cyber attack’s data breach is to purchase cyber liability insurance from Colonial Surety Company.