Hundreds of Hours of Work…
That’s what it can take businesses to paddle out from under the damage and chaos caused by cyber breaches. Notifications, regulatory processes, credit and identity monitoring, forensics—all require careful attention. No wonder human resource experts count cybersecurity among the top challenges facing employers.
Up, Up and Away
According to NASDAQ, “Cybercrime has increased by over 600% since the start of the COVID-19 pandemic and is expected to nearly double over the next three years….” Waiting until a cyber incident occurs to begin cyber risk management efforts is a nightmare, say experts: “Depending on what has been stolen, repairing the damage could involve hundreds of hours of unpaid work,” as regulatory and law enforcement issues are addressed, along with customer notifications and public relations, and attention to credit card companies, vendors, and credit bureaus. Although disruptive and damaging to a business as a whole, cyber breaches pose particular problems for human resource functions, like the administration of the retirement plan and other benefits. In fact, as Linda Hoseman tells Human Resource Executive, “Among the most critical benefit and compensation challenges facing employers this year is the cybersecurity of retirement plans”:
Because retirement plan communications increasingly take place through electronic methods—and the plans themselves hold sensitive, personal data—this area is a ripe target for cyberattacks. Fiduciaries looking to strengthen their plans’ cybersecurity policies should refer to the DOL’s cybersecurity guidance for retirement plans. Released in April 2021, it shares best practices for maintaining cybersecurity and protecting workers’ retirement benefits.
There is no way to eliminate all risk of cyberattacks, but fiduciaries can manage risk by developing strong policies and conducting employee training. Any cybersecurity policy should also include an incident response plan that applies if a plan is breached.
Fiduciaries of ERISA-regulated plans like retirement plan sponsors, should brush up on compliance with the DOL cybersecurity guidance, available right here. To put an expert cyber breach response plan in place efficiently and affordably, plan sponsors across the country count on Colonial Surety for the Cyber+Fiduciary Liability Insurance package, which comes complete with:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach.
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Now available with just a one year commitment, Colonial’s Cyber+Fiduciary Add-On, also covers defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employer sponsored plan. Importantly, at Colonial, Cyber Liability insurance goes hand in hand with Fiduciary Liability coverage because under the high standards of ERISA law, a cybersecurity breach can rapidly escalate into fiduciary breach allegations. Colonial makes it so efficient and reasonable for retirement plan sponsors to increase compliance—and secure protection—that it can be done in minutes, today:
Important To Know and Do
Unfortunately, retirement plan sponsors frequently—and erroneously—assume that their third-party vendors and advisors shoulder all the fiduciary obligations for the plan. The truth is that anyone with a role in the plan can be held personally responsible for fiduciary breaches. For example, plan sponsors are responsible for selecting and monitoring their providers, and thus inherently retain the associated risks. Human Resource Executive offers this guidance related to cybersecurity:
Working with third-party vendors also poses cybersecurity risks for retirement plans. Fiduciaries should develop a process early in the hiring process to determine the strength of a vendor’s cybersecurity procedures. Advocacy organization SPARK Institute has developed standards for evaluating third-party vendors, of which plans’ fiduciaries can take advantage. The Systems and Organization Control (SOC) 2 Report is another resource fiduciaries can use to evaluate vendors. Independent auditors will assess the extent to which a vendor complies with a set of trust principles they have developed, which include security, availability, processing integrity, confidentiality and privacy. Fiduciaries also may need to comply with numerous state privacy and cybersecurity laws this year, so plans should stay abreast of the laws applicable to the jurisdictions in which they operate.
For retirement plan sponsors, protection is always best practice too. After all, a cyber breach can quickly spiral into allegations of a fiduciary breach. Given the breadth and depth of compliance issues under the high standards of ERISA law, why take chances that there will never be a breach, an error—or even “just” an allegation of a mistake? Defense is costly but Colonial’s Cyber+Fiduciary Add-On is only a few dollars a day. Cover yourself and the business you built, in minutes, now:
Pension plan professional? Colonial can help you make sure your plan sponsor clients have the coverage they need—and we’ve got you too. From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liabiity Insurance–and more, we’re HERE with the coverages pension professionals need to keep the business going—and growing.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.