Cybersecurity & Employee Benefit Plans

The threat of a cyberattack is prevalent throughout the business world. Given the highly sensitive data held within employee benefit plans, it should come as no surprise that they have become a major target for hackers. Protecting participants’ personally identifiable information is a responsibility no longer limited to IT departments. Plan sponsors, fiduciaries and service providers of all employee benefit plans have an obligation to establish strong information systems practices to help prevent these attacks.

In November 2016, the Department of Labor’s Advisory Council on Employee Welfare and Pension Benefit Plans released a publication entitled, “Cybersecurity Considerations for Benefit Plans” to help plan sponsors protect their clients’ data (https://www.dol.gov/sites/default/files/ebsa/about-ebsa/about-us/erisa-advisory-council/2016-cybersecurity-considerations-for-benefit-plans.pdf). Listed below are the three principal recommendations included in this publication for plan sponsors, fiduciaries and service providers managing benefit plan cybersecurity:

  1. Establish a Strategy

Plan sponsors should identify how data is accessed, controlled, transmitted and stored, and assess the risks associated with these processes. Management strategies must be customized and dynamic to provide the best fit for their individual plan.

  1. Contract with Service Providers

Plan sponsors should have frequent discussions with the plan’s third-party service providers and review each provider’s current policies and procedures relating to data security, including determining the best approach for evaluating the effectiveness of existing controls.

  1. Understand Insurance

Any individual dealing with employee benefit plan information should have a clear understanding as to whether or not the current insurance/bond policies protect against the consequences of a cyberattack. It is important to be educated on the appropriate cyber insurance policy needed to cover the plan. 

Schneider Downs can help you assess your plan’s current needs and assist in implementing an appropriate cybersecurity strategy today.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
$1 Billion a Day: Unpacking the Financial Aftershock of the Change Healthcare Cyber-Attack
Get the Low Down Before You Download: Exploring the Temu App’s Security Risks
Six-Figure Ransomware Attack Hits Washington County, PA
Romance Scams: Guarding Your Heart and Wallet
A First of Its Kind: The $25 Million Deepfake Scam
Fortifying Retail Security: Essential Cybersecurity Tools and Software
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×