ERISA

Cybersecurity: It’s Personal

02.16.2023

 

Cybersecurity is absolutely personal: our data, accounts, savings—everything—requires protection. Another thing that’s become personal at most of our businesses is communication: targeted marketing is better then broad sweeps. Here’s the thing: increased reliance on personalized communication calls for heightened cybersecurity.

 

Personalize—and Secure

When it comes to engaging people in our businesses and retirement plans, personalized messages, tailored for niche groups, work best—and lest we forget, marketing experts continue to point out examples. Since there’s no turning back on the effectiveness of personalized messaging, we all need to ratchet our cybersecurity measures up: the work of personalizing requires more access to data—and that opens up more possibilities for cyber breaches. As Plan Adviser sums up:

 

As the retirement industry moves toward more personalization for participants to plan and save, the chance for “bad actors” to gain access to their information also increases, according to financial cybersecurity experts. With increased emphasis on customized financial education for participants, wellness and asset management, advisers must be equally careful to ensure that the service providers they are recommending have the highest levels of cybersecurity, says Brian Edelman, CEO of cybersecurity protection firm FCI Cyber Inc.“The more nonpublic information that participants share [with recordkeepers or financial advisers], the more susceptible the participants are to hackers using that information,” Edelman says. “If hackers can use the information to trick the plan administrator into making a distribution of plan assets, then they are drawing from a very large pool.”

 

Affordable Cyber and Fiduciary Liability Insurance Here.

 

Increased Responsibility

Everyone involved in retirement accounts, from participants, to plan sponsors to service providers and record keepers has a role to play in stepping up attention to cybersecurity. Specifically, and explicitly, retirement plan sponsors have been instructed by the  Department of Labor to monitor the cybersecurity practices of all service providers, as well as put best practices in place in their businesses—and ensure that plan participants are doing their part to secure their accounts too. Experts emphasize the importance of a comprehensive, “all hands on deck” approach to cybersecurity:

 

“Increased personalization means we all need to view cybersecurity as a responsibility,” says Ben Rizzuto, a retirement director at Janus Henderson Investors. “Record keepers need to have technology and training in place. Plan sponsors and advisers need to have good processes in place, including hiring and reviewing service providers, along with educating participants on the importance of cybersecurity.” Participants also need to be informed that security succeeds due to their efforts….”They need to make sure their contact information is up to date with the recordkeeper and that they’ve set up things like two-factor authentication.”

 

Double The Risk

Although all businesses face steep consequences in the event of cyber breaches, those sponsoring retirement plans face a double risk—and then some: cybersecurity failures can result in allegations of fiduciary breaches, which are costly and painful under the high standards of ERISA law. Accordingly, legal experts advise retirement plan sponsors to put cyber breach response plans in place, as well as to adhere closely to all of the other Cybersecurity Program Best Practices prescribed by the Department of Labor. Indeed, an expert response plan makes the difference between a cyber incident and a disaster. Across the country, plan sponsors and their third party administrators are getting expert response plans in place quickly and efficiently, via Colonial Surety’s affordable Cyber + Fiduciary Liability package, which includes:

 

  • Expert-led response services following a data breach.
  • Protection from lawsuits and regulatory actions related to the breach.
  • Legal services.
  • Computer forensic services.
  • Public relations and crisis management expenses.
  • Notification services.
  • Call Center services.
  • Credit and Identity monitoring

 

Available with just a one year commitment, Colonial’s Cyber-Fiduciary Package, also covers defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan. Colonial makes it so efficient and reasonable that protection can be secured in minutes, now: Cyber and Fiduciary Liability Insurance Here.

 

Practical Steps

Recognizing the challenges plan sponsors face in monitoring the cybersecurity protocols of service providers, the Spark Institute helpfully provides “sample controls” which arm plan sponsors with a tangible way to communicate with service providers about their cybersecurity practices. Check out the 17 Sample Controls right here.

 

Another practical action step for plan sponsors to promote good password hygiene, and use of secure networks among employees and retirement plan participants. In fact,  the Department of Labor expects plan sponsors to ensure Online Security Tips are consistently communicated. Remember too, that though participants and service providers have a role in “reducing the risk of fraud and loss to retirement accounts,” plan sponsors retain the fiduciary obligation of protecting the funds— a risk that can never be fully eliminated. Since the role of plan sponsor comes with the inherent risk of personal liability, protection is best and Colonial Surety makes it easy, speedy and affordable to obtain: Cyber and Fiduciary Liability Insurance Here.

 

Pension plan professional? Colonial can help you make sure your plan sponsor clients have the coverage they need—and we’ve got you too. From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liability Insurance–and more, we’re HERE with the coverages pension professionals need to keep the business going—and growing.

 

Insurance for Pension Professionals Right Here.

 

Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.