Cyber for Plan Sponsors

DOL: Plan Sponsors Must Protect Electronic Plan Information


ERISA does not specifically lay out rules and regulations regarding protecting plan data, but the U.S. Department of Labor has addressed the vulnerability of electronically sent plan information. In Regulation Section 2520.104b-1(c), the DOL stated that plan administrators have to take appropriate precautions to protect the confidentiality of this plan information related to an individual’s plan benefits and accounts electronically sent to plan participants.

The DOL is essentially stating in this advisement that plan administrators have to take all appropriate measures to make sure that plan information isn’t stolen or received by improper sources, such as cyber attackers through a data breach. DOL Technical Release Note No. 2011-03 goes further and states that all plan information on a plan administrator’s website has to be protected as well. To learn more about the DOL’s position on cyber security, click here.

The DOL, however, does not lay out specific guidelines on how exactly to keep this information confidential. All the precautions in the world, however, may not prevent the most high tech cyber attacks from stealing data. It is tremendously difficult to keep updating precautionary measures against data breach to keep up with the cutting edge of cyber attack. That’s why the only way to make sure that you and your company are protected in the event of a cyber attack is cyber liability insurance.

Where can I easily purchase cyber liability insurance to protect my company and retirement plan?

Colonial Surety includes cyber liability insurance with our ERISA fidelity bond packages with fiduciary liability insurance to best protect your company and plan against a cyber attack.

Colonial’s cyber insurance provides a services-based solution to help plan sponsors manage data breaches successfully. These services include a dedicated team of cyber breach professionals who assist plan sponsors at every stage of incident investigation and breach response. These professionals coordinate the carefully vetted forensics experts and specialized lawyers to help plan sponsors establish what’s been compromised; assess plan sponsor responsibility; and, notify those individuals affected. In addition, these services will also coordinate credit or identity monitoring, and PR advice to help the plan sponsor safeguard its reputation. Of course, Colonial’s cyber insurance also indemnifies and defends plan sponsors from covered lawsuits or regulatory actions, the risk of which may be reduced by a well-coordinated breach response, but can never be completely eliminated.

Ongoing governance and evaluation of recordkeepers can help protect data, but the only way to fully protect against a potential cyber attack’s data breach is to purchase cyber liability insurance from Colonial Surety Company.