When you sponsor a 401k plan for employees, you are responsible for protecting their hard-earned retirement savings. In fact, under the Employee Retirement Income Security Act (ERISA), you are a fiduciary, and can be held personally liable for shortcomings. If you think cybersecurity is purely the responsibility of your third party providers (or the tech guy), think again–and read on for pointers.
Money and Data
401k accounts contain plenty of what cybercriminals want—and they know that. Money and data make retirement accounts a lucrative target for cybercriminals, and by leveraging AI, they are finding ever more ways to break through. That’s why professionals at Watkins Ross urge plan sponsors to prioritize attention to cybersecurity policies:
If you’re responsible for managing your company’s 401(k) plan, cybersecurity might not be at the top of your to-do list—but it should be. Retirement plans contain highly sensitive financial and personal data, making them a prime target for cybercriminals. A cybersecurity policy is essential for protecting participant information, ensuring compliance, and most of all, keeping your employees’ hard-earned retirement savings safe. With cyber threats constantly evolving, it’s imperative to implement a 401(k) cybersecurity strategy. Failing to do so could lead to data breaches, fraud, and serious financial consequences.
A good starting point for retirement plan sponsors is taking the Department of Labor’s cybersecurity protocols seriously. Note, for example, that the DOL obligates plan sponsors to mitigate cybersecurity threats, and that responsibility extends to monitoring the cybersecurity policies of all third party vendors—-and the vendors of those vendors too. Watkins Ross points out that in addition to adhering to DOL cybersecurity guidance, retirement plan sponsors will find it helpful to consider the many consequences associated with overlooking cybersecurity responsibilities, including:
- Employee Trust Depends on A Strong Cybersecurity Policy: Your employees trust you to safeguard their retirement savings. A data breach can severely damage that trust and harm the sponsor’s reputation, potentially leading to lower plan participation and litigation. Implementing a clear 401(k) cybersecurity policy reassures employees that their information is safe, fostering confidence in the retirement plan and the organization.
- Ignoring Cybersecurity Increases Liability: A data breach can have serious financial consequences, from regulatory fines to legal fees and even ransom demands. Cyber threats are increasingly sophisticated; thus being proactive with a comprehensive policy helps plan sponsors identify, assess, and mitigate risks….
- Cybersecurity Impacts Employee Engagement: Employees are more likely to actively contribute to their 401(k) plans when they feel their data is secure. A transparent policy that provides guidance on cybersecurity best practices—like recognizing phishing attempts and using strong passwords—offers reassurance and often leads to more employee engagement….
Even with diligent attention to both your own companies’ cybersecurity protocols, and those in use by vendors, it is impossible to eliminate cyber threats, and therefore absolutely critical to put a solid incident response plan in place. In fact, the Department of Labor specifically underscores the importance of proactive attention to response plans which can be expertly implemented in the event of a breach impacting the retirement plan. As pension professionals remind us, a strong incident response plan “ensures quick and effective action in the event of a breach, minimizing damage and restoring operations promptly.” Another best practice for retirement plan sponsors is obtaining fiduciary liability insurance. As a fiduciary, you can be held accountable for failing to adequately mitigate cybersecurity threats to the plan, or to curtail the damage from a breach. Outsourcing plan services does not free you from your risks: as a sponsor, you choose the service providers and remain ultimately accountable for their performance.
If you face claims that you have failed in your responsibilities as a retirement plan sponsor, the only type of protection that shields you personally is Fiduciary Liability Insurance—-with it, you’ll be armed with coverage for defense and penalties. Without Fiduciary Liability Insurance, your personal assets are exposed. Colonial Surety Company makes it affordable and efficient to protect yourself, your company and the retirement plan. For a few dollars a day, our Cyber Liability+ Fiduciary Liability Insurance package provides you with defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan. Plus, our Cyber Liability+ Fiduciary Liability Insurance addresses numerous DOL recommendations, explicitly covers the retirement plan and the business, and includes:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Obtain your protection as a retirement plan sponsor online in minutes now:
Cyber Liability Insurance+ Fiduciary Liability Insurance
Colonial Surety Company:
- In business since 1930
- Rated “A” Excellent by A.M. Best Company
- US Treasury Listed