Cybersecurity Considerations for Employee Benefit Plans

The DOL's ERISA Advisory Council recently issued a report, Cybersecurity Considerations for Benefit Plans, which summarizes its examination of and recommendations regarding cybersecurity considerations as they relate to employee benefit plans.

The report noted that while cybersecurity is a focus area for organizations with regard to ongoing business activities, benefit plans often fall outside the scope of cybersecurity planning even though plans often maintain and share sensitive employee data and asset information across multiple unrelated entities as a part of the plan administration process.  As such, the Council believes benefit plans should be specifically considered when implementing cybersecurity risk management measures, both in safeguarding benefit plan data and assets and when making decisions to select or retain a service provider. 

One of the most significant challenges that face employee benefit plans is the reliance on service providers to manage daily activities of the plan.  As a result, employee benefit plans typically share sensitive employee data and beneficiary and employer information with these service providers.  Based upon historical cybersecurity breaches, third parties can be considered the weakest cybersecurity link. A cybersecurity breach within an employee benefit plan could ultimately result in personal information being compromised.  

The Council identified four major areas for effective practices and policies: 

  1. Data management.
  2. Technology management.
  3. Service provider management.
  4. People issues/training.

Every plan is unique and cybersecurity risk management is a process. There is not a “one- size-fits-all” strategy, and plan sponsors, administrators, fiduciaries and other service providers must determine what is reasonable.   The Council has created materials for plan sponsors and fiduciaries to utilize when developing a cybersecurity strategy and program. 

For the full report Click Here

Please contact us if you have any questions and visit the Our Thoughts On blog for more articles. 

Source : Cybersecurity Considerations for Benefit plans

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
2023 Cost-of-Living Adjustments for Retirement Plans and IRAs
Buyer Beware: Five Common Holiday Scams of 2022
New Phishing Scam Targets Verified Twitter Accounts
Cybersecurity Awareness Month is Over… Now What?
The Latest on the CommonSpirit Health Ransomware Attack
Former Uber CSO Joe Sullivan Found Guilty of Obstruction of Justice and Misprision
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.