Under ERISA, fiduciaries are subject to the prudent expert standard of care, in which they have to act with diligence, care, and skill under the circumstances as professionals their field would. They also owe a duty of loyalty to the plan participants. Fiduciaries, or those who act with discretionary control or authority over plan assets, have to work in the interests of plan beneficiaries and participants only.
This means that fiduciaries should to take proper care to make sure that plan assets, including plan data, are not stolen via cyber attack or data breach. Not taking proper care and doing what an expert would do to protect plan assets from cyber attack therefore would likely constitute as a fiduciary breach. The only question is whether what is stolen is a plan asset, which is further elaborated upon here, if it is, then it is likely a fiduciary breach.
One important way to prudently make sure that your plan is protected is to purchase Cyber Liability Insurance to cover the plan in case a cyber attack finds its way around the defenses you have in place.
Where can I easily purchase Cyber Liability Insurance to protect my retirement plan?
Colonial’s cyber insurance provides a services-based solution to help plan sponsors manage data breaches successfully. These services include a dedicated team of cyber breach professionals who assist plan sponsors at every stage of incident investigation and breach response. These professionals coordinate the carefully vetted forensics experts and specialized lawyers to help plan sponsors establish what’s been compromised; assess plan sponsor responsibility; and, notify those individuals affected. In addition, these services will also coordinate credit or identity monitoring, and PR advice to help the plan sponsor safeguard its reputation. Of course, Colonial’s cyber insurance also indemnifies and defends plan sponsors from covered lawsuits or regulatory actions, the risk of which may be reduced by a well-coordinated breach response, but can never be completely eliminated.
Ongoing governance and evaluation of recordkeepers can help protect data, but the only way to fully protect against a potential cyber attack’s data breach is to purchase cyber liability insurance from Colonial Surety Company.