Cyber for Plan Sponsors

Retirement Plan Audits and Cybersecurity


As plan sponsors put cybersecurity protections in place, they will find it helpful to prepare for related questions from benefit plan auditors.

Follow The Auditors

Although the Department of Labor has not issued specific guidance related to cybersecurity and retirement plans, the standard fiduciary duties of plan sponsors obligate them to use “care, skill, prudence and diligence” in protecting retirement plans from cybercrime on behalf of the participants and beneficiaries. Even when the administration of the plan is delegated to others, plan sponsors still have responsibilities.

As The CPA Journal explains:

Many 401(k) plan sponsors mistakenly believe that when they delegate responsibilities to a record-keeping service provider, they have no liability for cybersecurity breaches. One recent case [Leventhal v. MandMarblestone Group, LLC (E.D. Pa. May 1, 2019)], however, held that both the plan sponsor and plan service provider have a shared liability to restore participant accounts after cybersecurity breaches.

Last year, a plan participant sued the sponsor, the record-keeper, and the custodian for data breaches [Berman v. Estee Lauder, Inc. (N.D. Cal. Oct. 9, 2019)]. The sponsor and its service providers were required to defend their cybersecurity practices in connection with three separate unauthorized distributions from the participants 401(k) plan account.

Be Prepared

Routinely, when benefit plans are audited, questions are asked about how the plan data, including the personally identifiable information of plan participants, is kept secure. Auditors advise plan sponsors to:


  • Maintain a cybersecurity policy
  • Put programs and controls in place
  • Understand how service providers store and protect participant data


It is also critical for plan sponsors to be prepared with a quick response in the event of a breach that exposes the valuable data in the company’s retirement plan. Take that step now, by teaming up with the experts at Colonial Surety Company.  Just choose one of Colonial’s affordable, ERISA bond coverage packages and include the Cyber Liability coverage.

With this coverage, in the event of a data breach to your retirement plan, you will receive:

  • Breach resolution and mitigation services
  • Computer expert services
  • Legal services
  • Public relations and crisis management expertise
  • Customer notification and call center services.


When you choose your package, don’t forget to also protect yourself with Fiduciary Liability insurance. This protects you from covered acts as the plan sponsor. Colonial’s comprehensive ERISA bond packages offer up to $1,000,000 of fiduciary liability insurance coverage and provide the greatest protection and overall cost savings.

Get Your ERISA Bond Package with Cyber & Fiduciary Liability Coverage Now!

More News To Use: Are Your Senior Managers Creating Cyber Risks?

Recently, a survey by OneLogin found that:


Senior managers (42 percent) were twice as likely to share a work device with someone outside the organization than their junior counterparts (20 percent), 19 percent of senior managers said they share confidential passwords with a family member compared to 7 percent of junior employees, and senior management reported working from public Wi-Fi networks at double the rate of their junior counterparts (30 percent vs. 15 percent).

These behaviors create openings for cyber criminals—and point to the importance of making sure everyone in your company—including senior management— has more training on best practices.

With a busy year ahead, don’t forget to put a full-coverage plan in place. Start the year off with Colonial Surety Company’s unique, full-service solution for plan sponsors. It’s easy to select an affordable coverage package that includes:

  • The ERISA bond required to protect the assets of the retirement plan from theft;
  • Cyber Liability coverage to safeguard your company and plan from covered losses and expenses in the event of a cyber breach; and,
  • Fiduciary Liability coverage to protect you and your assets from personal liability.

With Colonial Surety Company’s user-friendly, digital and direct service, you can quickly purchase your bonds and related insurance coverage—and instantly print or e-file them from your desktop—or anywhere.

Get Your ERISA Bond Package with Cyber & Fiduciary Liability Coverage Now!A leader in the field, Colonial Surety Company is U.S. Treasury listed, rated “A Excellent” by A.M. Best Company, and, licensed for business everywhere in the USA.