Because retirement plans contain sensitive participant data, plan sponsors must step up efforts to protect it from cybersecurity threats. Legal experts urge more precautions.
An Explosion of Data Breach Lawsuits
As reported by PlanSponsor:
Kristy Brown, a partner, co-chair of the litigation practice and chair of the cybersecurity litigation team at Alston & Bird, says that while there have been only a few, high-profile cybersecurity lawsuits brought against retirement plans, there could be many more due to the growing concerns all companies have about cybersecurity risks. “It is generally fair to say that there is an explosion of data breach class action lawsuits being brought against all industries and types of data,” Brown says. “There is no exception to this with respect to retirement plans, whose sensitive data includes participants’ names, dates of birth, Social Security numbers and addresses.
Most of the cases being brought about cybersecurity breaches deal with negligence, Brown says. Plan sponsors can protect themselves from such theft by undertaking “reasonable security measures to protect their plan’s data, including overseeing the protocols at service providers,” she says. “Cases will focus on things that run the gamut from how the service provider was selected to vendor management—what auditing and vetting procedures were applied to ensure the plan was reasonably secured.”
Cybersecurity Insurance Is Vital
Increasingly, experts, including Brown, advise plan sponsors to obtain cybersecurity insurance coverage.
A leader in the ERISA fidelity bond field, Colonial Surety Company is helping plan sponsors navigate these challenging times with a unique, affordable, full-service approach. With an ERISA bond package from Colonial, receive a discount on ERISA bond coverage for your plan; Fiduciary Liability coverage for yourself as the plan sponsor; and, the option to add on Cyber Liability coverage.
With Cyber Liability insurance from Colonial Surety Company, plan sponsors are supported with services from forensic, legal, technology and customer care experts. In the event of a data breach, you will receive:
- Breach resolution and mitigation services
- Computer expert services
- Legal services
- Public relations and crisis management expenses
- Customer notification and call center services.
Preparedness for Cyber Threats
As Enrico Schaefer, a trial attorney with Traverse Legal explained to PlanSponsor
Courts are increasingly willing to hold companies that hold and manage customer data accountable for breaches and other data failures, yet most companies do very little to protect customer data. It’s like a bank leaving the doors and vault unlocked every night—inviting theft of their customer funds.
Suggestions from legal experts for plan sponsors include:
- Working through hypothetical cybersecurity incidents with key stakeholders and legal counsel. Identify weaknesses in plans and develop solutions. Explore both how to better mitigate risks—and to respond should an incident occur.
- Carefully examining contracts with third parties. Specifically, review what is included about vendor’s responsibilities in the event of a data breach.
Colonial’s affordable ERISA bond packages include Cyber Liability insurance to safeguard your company and plan against a loss due to cyber attack — plus extended coverage to ensure your ERISA bond remains US Department of Labor complaint. When you choose your package, don’t forget to include Fiduciary Liability insurance to protect yourself from covered acts as the plan sponsor.
Colonial’s comprehensive ERISA bond packages offer up to $1,000,000 of fiduciary liability insurance coverage and provide the greatest protection and overall cost savings. Save time, money and stress:
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed, and licensed in all 50 states, the District of Columbia and most U.S. Territories. Colonial has pioneered a simple digital and direct process that allows customers to instantly purchase bonds and insurance online: I-Bonds® are available for an instant quote, purchase, print or e-file on your desktop or mobile device.