For plan sponsors, increased cyber threats to the retirement accounts of plan participants bring a rising risk of allegations of fiduciary breaches. Experts stress that to prevent “catastrophic results,” plan sponsors need to monitor the cybersecurity practices of service providers and secure fiduciary liability insurance for themselves.
Choosing and Monitoring Experts
At Plan Sponsor, fiduciary experts are predicting “there will be more lawsuits filed over cybersecurity issues in the future,” and note “these cases typically come down to whether the plan sponsor breached its fiduciary duty by not properly monitoring its recordkeeper or choosing the best recordkeeper….” It’s crucial for plan sponsors to act on the Department of Labor’s Cybersecurity Guidance, which explicitly directs sponsors to monitor the cybersecurity protocols of all service providers. Sponsors who have not already done so need to move into action, noting in particular the Department of Labor’s Tips for Hiring a Service Provider with Strong Cybersecurity Practices. For further support implementing cybersecurity practices, plan sponsors can visit Spark Institute.
Retirement plan sponsors face a double whammy related to cybersecurity breaches: failures can result in allegations of fiduciary breaches. Adhering to the DOL’s guidelines will help plan sponsors mitigate their fiduciary risks—but not eliminate them. That’s why obtaining fiduciary liability insurance is imperative: ERISA fiduciaries can be held personally liable for errors. Regulatory audits, lawsuits, cybersecurity incidents and even the mere allegation of a fiduciary breach are extremely painful, costly and disruptive under the high standards of ERISA. With Colonial on your side, a few dollars a day ensures defense costs and penalty limits up to $1,000,000 if faced with alleged or actual breaches of duty in connection with the employee retirement plan. Colonial’s efficient and affordable fiduciary+cyber liability package even includes protection against regulatory actions related to data and privacy, as well as expert response services in the event of a cyber breach—at no extra cost.
Good To Know: Recordkeepers
Robert Massa, a leader at Qualified Plan Advisers, observes that recordkeepers are advancing efforts to address cybersecurity, with some of the bigger firms even coordinating efforts, and reminds us: “Even if a plan sponsor and their recordkeeper have ‘airtight’ cybersecurity…it is important to educate employees on cyber-risk and ‘break it down to the human level’.” Massa shares this example of how quickly cyber incidents can escalate: “If a participant’s personal email gets hacked…there is the possibility that the breach could snowball. The plan sponsor may not be at fault in this situation…but it could result in a lawsuit against the plan anyway.” According to Massa, smaller recordkeepers might in fact have higher risks for cyber breaches, “because it is most likely more financially constrained and more likely to outsource cybersecurity to other service providers. Smaller recordkeepers also may not be able to afford as expensive an insurance policy as larger recordkeepers can.”
Within the DOL, the Employee Benefits Security Administration (EBSA), continues to put emphasis on cybersecurity and Secretary Gomez has observed “It seems like not a day goes by where we’re hearing about a different breach….” Experts advise plan sponsors to create “a rolling calendar via which important topics like cybersecurity and participant data are regularly brought up for internal discussion among key stakeholders including HR, finance, legal, IT and communications.” Additionally, remember, among the specific protocols the DOL prescribes putting in place is a cyber breach response plan designed to prevent a cybersecurity incident from spiraling into a disaster. Across the country, plan sponsors and their third party administrators are getting expert response plans in place quickly and efficiently, via Colonial Surety’s affordable Cyber+Fiduciary Liability Insurance package. Along with defense costs and penalty limits up to $1,000,000, our liability insurance package for plan sponsors includes:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach.
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Protect yourself, efficiently and affordably today:
Pension Plan Professional?
Let Colonial help you make sure your plan sponsor clients have the coverage they need. Of course we have got you covered too! From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liability Insurance–and more, we’re HERE with the coverages pension professionals need to keep the business going—and growing.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.