Cyber for Plan Sponsors

Cybersecurity: What About Your Vendors?



Business owners of all kinds are learning fast: cybersecurity strategies and tactics are integral to running a successful company. Attention to the cybersecurity protocols of any and all vendors (aka service providers) the company uses is also critical—and a must, for company’s sponsoring retirement plans.


Third Parties: Exponential Risks

Virtually every business contracts with others to get things done. Vendors typically include software developers, equipment providers, professional consultants, payroll services, maintenance teams and more. Businesses sponsoring retirement plans for employees most likely also have third party administrators (TPAs) and financial advisors. Experts at Revolutionized point out: “Breaches from third-party vulnerabilities are common. More than half of all organizations have experienced a data breach caused by a third party. It’s easy to see why, too. If one vendor has access to several companies’ data, an attacker can steal from multiple targets by targeting just one system.”


The reality that data from every business is accessible by others, one way or another, makes it essential for businesses to not only step up their own cybersecurity protocols, but to tune into the cybersecurity strategies in use by each and every vendor. As experts stress:


Third-party breaches often have far-reaching consequences, affecting thousands of entities in some cases. One breach could impact not just the company itself but their clients and their clients’ customers.This ripple effect raises the chances of lost business and legal damages on top of the normal cyberattack costs. Some vendors may also have access to highly sensitive information, such as financial data and customer names and addresses.The involvement of a third party raises data breach costs by $370,000 on average. Cyberattacks are already expensive without that bump, so companies should do all they can to avoid these situations.


Retirement plan sponsors face particular risks related to service provider cybersecurity breaches: the Department of Labor’s Cybersecurity Guidance explicitly directs plan sponsors to monitor the cybersecurity protocols of all service providers. In fact, plan sponsors involved in recent ERISA litigation and regulatory proceedings have been asked about the cybersecurity protocols of service providers. Accordingly, experts advice plan sponsors to ask themselves:, “Are we sure our service providers and their subcontractors adhere to appropriate data security policies and practices?”


Even the most diligent retirement plan sponsor can never fully eliminate the possibility of a cyber breach at their own company—or via a service provider. Allegations of a related fiduciary breach—like failure to adequately monitor service providers—are a risk too. Why take chances? The annual cost of Colonial’s Cyber and Fiduciary Liability Package is less than the fee for one hour of expert legal defense if a lawsuit or regulatory challenge strikes. Get covered, in minutes, today: Cyber and Fiduciary Liability Insurance Here.


High Expectations

Businesses need to have high expectations for the cybersecurity protocols and practices of every vendor. Best practices include thorough research prior to contracting with new vendors, ongoing review, and, adherence to the principle of least privilege: “If a vendor doesn’t absolutely need access to a system or dataset, they shouldn’t have it.”

Having an expert response plan for cyber breaches at the ready is also critical, since no approach to security guarantees safety: “Third-party breaches jumped 17% between 2020 and 2021, with 53% of IT leaders saying they’ve experienced a ransomware attack, the most common third-party breach attack vector.”


Retirement plan sponsors are reminded that having a cyber breach response plan in place is among the specific cybersecurity actions prescribed by the Department of Labor. A solid cyber breach response plan prevents a cybersecurity incident from spiraling into a disaster. Plan sponsors across the country are urged to get their response plans in place today via Colonial Surety’s affordable Cyber-Fiduciary Liability package, which includes:


  • Expert-led response services following a data breach.
  • Protection from lawsuits and regulatory actions related to the breach.
  • Legal services.
  • Computer forensic services.
  • Public relations and crisis management expenses.
  • Notification services.
  • Call Center services.
  • Credit and Identity monitoring


Now available with just a one year commitment, Colonial’s Cyber-Fiduciary Package, also covers defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan. Since a cyber breach can quickly escalate into allegations of a fiduciary breach, it’s critical for retirement plan sponsors to have both cyber and fiduciary liability protection. Colonial makes it so efficient and reasonable that protection can be secured in minutes, now:


Cyber and Fiduciary Liability Insurance Here.


Pension plan professional? We’re here to help you make sure your plan sponsor clients have the coverage they need—and we’ve got you too. From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liabiity Insurance–and more, we’re HERE with the coverages pension professionals need to keep the business going—and growing.


Insurance for Pension Professionals Right Here.


Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.