Cyber for Plan Sponsors

Small Businesses Aren’t Sure Who Should Handle Cybersecurity


One of the biggest impediments to implementing proper cybersecurity measures at small businesses is that those small businesses don’t seem to have any idea who should be in charge of cybersecurity.

According to Keeper Security’s 2019 SMB Cyberthreat Study, 33% of respondents believe that company leadership should be in charge of cybersecurity. But does someone leading a company necessarily know enough about cyberthreats to go about starting a cyberthreat prevention plan? According to Keeper’s study, business leaders ranked cybersecurity last on a list of the five biggest threats to their business despite 67% of small and medium businesses suffering a cyber attack in 2018. So they may not be the best group to lead the cyber charge. And yet, 62% of CEOs, business leaders, and chairs believe they should be the ones in charge of this area.

Nine percent believe cybersecurity is the duty of individual employees. Sure, they can go about making sure they aren’t the victim of phishing attacks that can expose company data and also make sure they have strong, secure passwords. But the overall company cyber structure is, for the most part, out of their reach.

Fifty-one percent of group and team leads believe cybersecurity should be a duty of a dedicated cyber team and not company leadership. However, only 37% of the businesses surveyed have a dedicated IT or cybersecurity team.

Who’s right? It likely depends on the business and the expertise of those employed by the business. Even with a dedicated cybersecurity team, however, there’s only so much you can do to prevent a cyber-attack, especially as cyber attackers turn their threats toward small businesses.

Small businesses likely can’t afford the same quality of cyber teams that large businesses can, so as cyber attackers turn toward smaller businesses, there’s only so much the smaller businesses can do. They have to find a way to employ experts to specifically guard against a data breach while mitigating and containing a breach should it happen.

The safest thing a small business can do is to get a team of experts that can assist you at every stage of incident investigation and breach response. These people have the experience to help you contain and mitigate any potential data breach. Get access to this team of experts by obtaining cyber liability insurance from Colonial Surety.

How can you obtain instant cyber insurance through Colonial?

While the ERISA fidelity bond is required to protect the participants of the plan, it does not, however, protect YOU and your company as the fiduciary.

Colonial Surety Company is a Treasury Listed surety company providing ERISA fidelity bonds packaged with fiduciary liability insurance and cyber liability insurance. Colonial is one of the leading providers of ERISA related products, offering bonds approved by the Dept. of Labor. We make it easy to obtain your bond instantly as well as allowing you to purchase retroactive insurance for the years the plan was not previously covered.

Under ERISA, fiduciaries may be held personally liable for breaches of their responsibilities in the administration or handling of employee benefit plans. Under ERISA 410, the plan cannot relieve you of this responsibility with indemnification language, however, it specifically permits persons with personal liability to purchase Fiduciary Liability Insurance. Covering yourself with Fiduciary Liability Insurance gives you peace of mind that you are protected. Learn how to bundle your ERISA bond and fiduciary liability insurance and cyber liability insurance for a discounted rate.

Colonial’s cyber insurance provides a services-based solution to help plan sponsors manage data breaches successfully. These services include a dedicated team of cyber breach professionals who assist plan sponsors at every stage of incident investigation and breach response. These professionals coordinate the carefully vetted forensics experts and specialized lawyers to help plan sponsors establish what’s been compromised; assess plan sponsor responsibility; and, notify those individuals affected. In addition, these services will also coordinate credit or identity monitoring, and PR advice to help the plan sponsor safeguard its reputation. Of course, Colonial’s cyber insurance also indemnifies and defends plan sponsors from covered lawsuits or regulatory actions, the risk of which may be reduced by a well-coordinated breach response, but can never be completely eliminated.

If you would like to learn more about purchasing an ERISA fidelity bond, or an ERISA fidelity bond package including fiduciary liability insurance or cyber liability insurance, call 888-383-3313 or email Learn more about becoming a Pension Professional Partner here.