Cyber for Plan Sponsors

Cybersecurity: Caught Off Guard?



Retirement plans across the country are finding out that the Department of Labor is already working to enforce the cybersecurity guidance that was just issued this spring. Here’s what some plans are experiencing as the new protocols have been rapidly incorporated into audits. Are you ready?

Routine Audits Include Cybersecurity Protocols

Customarily, there has been about a year between the release of new governmental guidance and audit procedures that address the heightened expectations. This is not the case, currently, related to the cybersecurity guidance issued by the DOL earlier this year. Industry experts are shocked to see how quickly audit proceedings have been updated to include detailed requests and documentation corresponding to the cybersecurity guidelines. Bloomberg Law confirms:

The U.S. Department of Labors abrupt enforcement of retirement plan cybersecurity just two months after it first issued guidance on the issue has caught many in the industry off guard. Investigators with the DOLs Employee Benefits Security Administration this month began asking plan sponsors questions and seeking documents related to cybersecurity policies and procedures, according to law firms whose clients are the subject of those audits…..The speed by which the employee benefits regulator has turned its guidance into enforcement is alarming, attorneys say.

An EBSA spokesman confirmed …that cybersecurity has become a routine part of the agencys retirement plan auditing process. The goal, the agency said… is not to recover losses from catastrophic security breaches but to help plans avoid them in the first place. Although cyber hygiene is only now becoming a part of EBSAs enforcement prerogative, the fiduciary obligations at issue are not new.The time to pay careful attention to cybersecurity risks and mitigate them is right now,” the agency said. The longer risks go unaddressed, the greater the likelihood of serious harm to retirement plans and their assets.”

 Buckle Your Seatbelt: Fiduciary Protection

Attorneys advise plan sponsors who have not yet begun to implement the new cybersecurity guidelines to get going right away—and to be sure to document specific actions taken. For example, new DOL Tips underscore the importance of plan sponsor vigilance when contracting with service providers. Specifically, it is important that contracts explicitly detail how the provider will continuously comply with cybersecurity standards and best practices on behalf of your retirement plan and participants. The DOL also expects plans to directly educate participants about the basics of online security.

As a plan sponsor, there’s unfortunately no guarantee that you won’t face personal exposure for a breach of fiduciary duty. Even allegations are damaging and costly, right? With the rise of threats and heightened expectations on your shoulders, why take chances? At Colonial Surety, you can affordably obtain fiduciary liability insurance and get peace of mind that your personal assets are protected from a breach of responsibility in the administration or handling of the employee retirement plan. With an annual premium that is less than what you would pay for just one hour with an expert ERISA lawyer if disaster strikes, Colonial can quickly help you obtain fiduciary liability insurance now: Fiduciary Liability for Plan Sponsors Here.

Cybersecurity: What’s Your Response Plan?

Having a cyber breach response plan is critical—and government auditors will want to know what your plan is. Indeed, many small businesses find themselves going it alone, trying to prevent escalation of cyber breaches, while also scrambling to handle the fallout. Within six months of a cyber breach, 60% of small businesses end up closing! To help, Colonial Surety provides unique and affordable Cyber Liabiity protection, which includes a response effort coordinated by expert forensic and legal experts. With Colonial’s coverage, upon a breach at your business, experts will identify what’s been comprised and coordinate the response. As needed, call-center support, credit and identity monitoring services and even public relations expertise are provided. Liability protection in the event of covered lawsuits or regulatory actions due to a data breach? Of course, that’s included too. Learn More and Obtain Cyber Liability Protection Here.

Small businesses don’t have to go it alone as cybercrime, and expectations, rise.

Protect your business, your retirement plan—and yourself— today, affordably and efficiently. Colonial’s comprehensive package includes:


  • The required ERISA bond which protects the assets of the retirement plan from theft; 


  • Fiduciary Liability coverage to protect you and your assets from personal liability; and,


  • Cyber Liability coverage to safeguard your company and plan from covered losses and expenses in the event of a cyber breach.


Obtain Complete Protection Package Now

Colonial Surety Company is rated A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors – and keep their businesses compliant – with pain-free, efficient, and friendly service every time.