Cyber security and employee benefit plans

By: General Insurance Services Last Updated: March 23, 2022

Employee benefit plans are coming under greater risk for cyber attacks. Nearly all employee benefit plans contain high account balances and sensitive personal information for both participants and beneficiaries. The following factors contribute to this increasing risk:

What Information Is At Risk Because of a Cyber Attack?

Employers and third-party service providers hold specific electronic information that is very valuable for cyber attacks, including:

What Are The Consequences of a Cyber Attack?

A cyber security breach not only causes damage to your reputation but also brings many accompanying financial damages, including:

What Responsibilities Do Plan Sponsors Have?

Plan sponsors and certain third-party service providers have ERISA fiduciary obligations for each of the employee benefit plans they manage. ERISA requires that all fiduciaries must administer the plan with the care, skill, prudence and diligence under the circumstances that a prudent person would use. Regulations issued by the Department of Labor (DOL) provide specific requirements for the protections and confidentiality of personal information. Depending on the state you live in, you may have additional cyber security requirements.

In November 2016, the DOL issued an Advisory Council Cyber security Report. That report recommends that employers:

The report also identified four main areas employers should include in their cyber security policies. They are:

Benefit plan cyber security is an overlooked risk. However, most organizations already have a cyber security plan in place. Use the suggestions above and compare them to your plan. By testing and updating policies, monitoring service providers and regularly training your employees you can lower the risk of a breach of the sensitive information in your benefit plans. Connect with us to find out more.