Obligated To Mitigate Risks



ERISA law experts continue to keep a close watch on how the Department of Labor’s 2021 cybersecurity guidance for employee retirement plans is playing out in audits and court rooms across the country. The heightened expectations signal increased risks for plan fiduciaries.


Cybersecurity Responsibilities

The Department of Labor’s 2021 cybersecurity guidance for plan sponsors shared best practices and pointers for hiring and monitoring service providers, managing cybersecurity and educating participants on secure processes for accessing their accounts. As experts at JD Supra report, the guidance also pointed to the fiduciary obligations of plan sponsors related to cybersecurity:


The DOL’s directions also make clear that “Responsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks.” Plaintiffs’ firms could rely on the DOL’s guidance in arguing that there is a duty to safeguard plan assets against unauthorized withdrawals and that plan fiduciaries also have a duty to take sufficient steps to properly select and monitor a service provider’s cybersecurity policies…The concern is not necessarily the impact from the theft of plan assets by cyber criminals, but rather the impact of the data breach. Will data breaches result in claims alleging a lack of fiduciary oversight and preparation related to mismanaging security protocols and vendor choices? What will be impact of a systemic loss resulting from the breach of a widely used vendor?


Though no one can yet predict how the intersection of cybersecurity and fiduciary liability will play out through further regulatory measures, audits and litigation, there are protective actions that make good sense for plan sponsors. For example, among the DOL’s recommended best practices for mitigating cybersecurity risk is having a cyber breach response plan that prevents incidents from spiraling into disasters. Colonial Surety makes it easy and affordable for even small businesses to put a cyber response plan in place—immediately. In fact, an extensive cyber response plan is Colonial’s  Cyber-Fiduciary Liability pack. With the Cyber-Fiduciary Liability pack you’ll have:


  • Expert-led response services following a data breach.
  • Protection from lawsuits and regulatory actions related to the breach.
  • Legal services.
  • Computer forensic services.
  • Public relations and crisis management expenses.
  • Notification services.
  • Call Center services.
  • Credit and Identity monitoring


Colonial’s Cyber-Fiduciary Pack, also covers defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan.  At Colonial, we make it so efficient and reasonable for plan sponsors to secure insurance, that you can do it in minutes, now:

Cyber and Fiduciary Liability Insurance Here.

Small Biz? Important to Know

Even the allegation of a breach of fiduciary duties under the high standards of ERISA law is expensive and disruptive for plan sponsors—and fiduciary breaches are not just something for large companies and retirement plans to worry about. For example, copycat cases involving excessive fees are now impacting smaller businesses. Experts underscore the importance of obtaining fiduciary liability insurance, noting:


A mid-size or smaller company may not have the financial wherewithal to shoulder the cost of defending or settling an excessive fee claim without it having a serious impact on its financial performance. Fiduciary insurance can mitigate this exposure. D&O insurance policies typically have an ERISA exclusion, so without Fiduciary Liability Insurance, directors and officers may also be exposed to increasingly more expensive fiduciary claims. Complicating matters is when there is no clear-cut line between who is acting in a plan fiduciary capacity and which individuals oversee the plan, the investment committee or the sponsor executives? Without a clear designation of duties, fiduciary liability can cover not only the plan fiduciaries but also the directors and officers if they’re acting in a dual capacity of the plan sponsor.


As another expert  sums up: “Most small businesses are privately owned, and the business owner is often a fiduciary to the plan. Fiduciaries are personally liable for the decisions they make. They don’t get to stand behind the corporate veil of protection if they make the decision to offer a plan to their employees. Their personal assets are exposed to liability.” Why take unnecessary risks? Colonial’s ERISA Protection Pack includes both Fiduciary and Cyber Liability Insurance—providing you with:


  1. Legal defense and coverage for penalties against claims of alleged or actual breaches of fiduciary duties.
  2. Defense against lawsuits and regulatory actions related to a cyber breach.
  3. Expert-led response, notification and crisis management services to prevent a cyber incident from spiraling into a disaster.


The  annual cost  of our ERISA Protection Pack  is less than the fee for one hour of expert legal defense if a lawsuit or regulatory challenge strikes you and your business.

Let’s get you covered, in minutes, today: Get Protected


Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.