Intersecting: ERISA Law and Cybersecurity


The American Bar Association (ABA) advises retirement plan sponsors and administrators to pay more attention to cybersecurity. Specifically, sponsors and other fiduciaries are urged to heed the expanding body of litigation occurring at the intersection of ERISA and cybercrime, and implement the DOL’s 2021 guidance.


Prudence and Protection?

Retirement accounts, many of them small, add up: there’s now an estimated $9.3 trillion in our retirement accounts, making them attractive to cyber criminals. As cases of cyber-enabled fraud and theft rise, federal courts are shaping what the American Bar Association refers to as “the intersection of ERISA and cybersecurity.”  In particular, the fiduciary duty of prudence is being applied in litigation pertaining to cybersecurity related losses from retirement accounts. The American Bar Association explains:


As recent litigation has shown, ERISA’s fiduciary duty of prudence, which obligates plan fiduciaries to act “with the care, skill, prudence, and diligence” of a “prudent man” may require plan fiduciaries to take active steps to protect participants’ personal information and their plan benefits…


Plan service providers and fiduciaries should also be cognizant of not only ERISA’s fiduciary requirements and the growing body of litigation involving participants who have suffered retirement plan losses due to cyberattacks, but also applicable state laws that regulate disclosure of personal or private information, such as North Carolina and California. Indeed, state attorneys general have been active in enforcing these laws in cyber breach matters.


Given the U.S. Department of Labor’s recent focus on cybersecurity issues…and the likelihood that cybersecurity attacks on retirement accounts will persist and become more sophisticated, we expect to see an increase in the number of ERISA cases in this area.


Retirement plan sponsors are trusted to make sure each participant and each beneficiary receives each dollar due to them. With cyber crime taking an increasing toll on both small businesses and retirement plans, it’s critical for plan sponsors to act on the Department of Labor’s cybersecurity guidance. It’s also critically important for plan sponsors to obtain both fiduciary liability insurance—and cyber liability insurance: cyber breaches can rapidly escalate into disasters—resulting in fiduciary allegations that put the personal assets of  plan sponsors at risk. Colonial Surety is here to help. Our affordable packages enable plan sponsors to secure Fiduciary Liability Insurance with annual premiums that cost less then one hour of ERISA legal advise. We even include $50,000 of Basic Cyber Liability Insurance.


Armed with Colonial’s Fiduciary-Cyber Pack, if you face claims of alleged or actual breaches of duty in connection with the employee retirement plan, you’ll be covered for defense costs and penalty limits up to $1,000,000. Plus, in the event of a cyber breach, your business—and plan—will receive support at every stage of incident investigation and breach response, as well as coverage against lawsuits or regulatory actions related to the breach.


Already have your ERISA Bond from Colonial?

Add Fiduciary with Cyber Right HERE


Got your ERISA Bond elsewhere? No worries.

Obtain Fiduciary with Cyber Insurance Right HERE.


Just Guidance?

If you are among the many experts (and regular people) who have wondered how enforceable “guidance” is, be careful—and get going on your efforts to implement the DOL’s cybersecurity guidance. Don’t forget to document your actions. As the American Bar Association points out:


Although the DOL’s cybersecurity suggestions are memorialized in sub-regulatory guidance, as opposed to a formal regulation, plan sponsors and fiduciaries should keep this guidance in mind when hiring and retaining plan service providers. Accordingly, plan sponsors and fiduciaries should consider reviewing their current hiring practices and service provider contracts to see whether they meet the suggested standards…


Future plaintiffs may rely on the DOL’s recent guidance in arguing that there is a duty to safeguard plan assets against unauthorized withdrawals and that plan fiduciaries also have a duty to take sufficient steps to properly select and monitor a service provider’s cybersecurity policies. On the flip side, plan fiduciaries who undertake those steps may have a stronger defense against such actions. Moreover, those steps should be accurately and thoroughly reflected in fiduciary committee minutes and materials to document a prudent process and thereby minimize risk of fiduciary liability.


Why Go It Alone?

Plan sponsors from small businesses no longer have to forgo coverage. Get Colonial’s affordable Fiduciary Liiability Insurance, in minutes, today. Then you’ll have defense costs and penalty limits up to $1,000,000 in the event of a covered lawsuit—plus, you’ll receive $50,000 of Basic Cyber Liability Insurance too. We even lock in multi-year rates and offer installation payments. Get protected now: Fiduciary Liability Insurance.


Colonial Surety was founded in 1930 and brings deep experience and market expertise to every product and every customer relationship. Colonial Surety gives its customers the assurance that they, their businesses, and their clients are safeguarded with the right surety and insurance products at all times. We are licensed in every state in the U.S., rated “A” Excellent by A.M. Best, and listed by the U.S. Treasury as an approved surety.