Cyber for Plan Sponsors

Cybersecurity: What Will The DOL Decide?



Legal experts caution that the Department of Labor could be headed toward formalizing the cybersecurity responsibilities of retirement plan fiduciaries. Don’t be unprepared at the narrowing intersection between ERISA fiduciary duties and the cybersecurity of retirement plans.

New Report: Government Accountability Office

It is not surprising that the government is increasingly concerned with the cyber security of retirement accounts: employer-sponsored plans and individual accounts now have an estimated total of $ 35 trillion!

In a recent study, the Government Accountability Office (GAO) explored the frequency and volume of data sharing among 401(k) plan sponsors, administrators, record keepers and other service providers, during the course of the routine business of managing the plan. The conclusion: The sharing and storing of this information can lead to significant cybersecurity risks for plan sponsors and their service providers, as well as plan participants.

As a result of the study, the  GAO has now asked the Department of Labor (DOL) to clarify the responsibilities of pension professionals related to cybersecurity. Specifically, the GAO has recommended:

That the DOL formally state whether it is an ERISA plan fiduciary’s responsibility to mitigate cybersecurity risks in defined contribution plans and to establish minimum expectations for addressing cybersecurity risks in such plans.

Prepare Proactively

The “wait and see” can be dangerous. Legal experts caution:

The threat of a new DOL audit initiative may warrant plan fiduciaries and service providers taking proactive steps now. If recent history is any guide, the DOL could start such investigations – and make adverse findings of the fiduciary breach – before it has issued guidance, which is something that occurred recently and with surprising regularity in its missing participant enforcement initiative.

Why wait for the DOL to spell out your fiduciary responsibilities related to cyber threats? Colonial Surety Company provides Cyber Liability protection for your plan—and Fiduciary Liability protection for you. Let’s get you covered! Just choose your Complete ERISA Bond Package now. Annual premiums are less then you would likely pay for just one hour with an experienced ERISA attorney if unexpected compliance or legal issue lands on your desk.

Act Now

As you dig into your risk management plans, be sure to keep records about your proactive efforts. Experts point out: Taking and documenting such steps may help mitigate risk associated with the recent increase in participant-initiated litigation around these issues as evidenced by a number of high-profile cases.

In addition to reviewing all service agreements with plan providers for a clear understanding about data privacy and security agreements, plan sponsors are encouraged to arrange meetings specifically focus on cybersecurity provisions with service providers.


Don’t forget Colonial’s Cyber Liability protection. Armed with this, in the event of a breach, expert forensic and legal experts will identify what’s been comprised and coordinate the response. As needed, call-center support, credit and identity monitoring services and even public relations expertise are provided. Liability protection in the event of covered lawsuits or regulatory actions due to a data breach? Of course that’s included too. Why go it alone?

Colonial’s packages were specially designed for plan sponsors. Included are:

  • The required ERISA bond which protects the assets of the retirement plan from theft;


  • Fiduciary Liability coverage to protect you and your assets from personal liability; and,


  • Cyber Liability coverage to safeguard your company and plan from covered losses and expenses in the event of a cyber breach.

With Colonial, you can easily and affordably secure this complete coverage package.

Obtain ERISA Package with Cyber and Fiduciary Liability Protection

Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country.