This is an excerpt from an article published by the Center for Retirement Initiatives at Georgetown University’s McCourt School of Public Policy.
Plan sponsors and fiduciaries have traditionally relied on advisers—from attorneys to accountants to investment consultants—to help guide decisions for their retirement plans. For decades, a cornerstone of this assistance has been making recommendations about retirement plan investment portfolios. With the rise of cyberattacks on financial institutions, a number of plan sponsors and their advisers have started to focus more time and resources on the security of their plan data, including the participant information held by service providers. The Department of Labor (DOL) also recognized the vulnerability of plans to cyberthreats and recently published three important documents:
- Online Security Tips: A helpful guide for plan sponsors and participants on how to maintain strong cybersecurity hygiene.
- Tips for Hiring a Service Provider: A buyers’ guide to assist plan sponsors.
- Cybersecurity Program Best Practices: 12 areas that plan sponsors should cover when addressing their cybersecurity programs.
These are helpful documents and important tools for plan sponsors to use when fulfilling their fiduciary duties. However, as plan advisers and attorneys have begun incorporating this guidance into the advice they provide their clients, they must be careful. While it is understandable that plan sponsors, prompted by advisers and attorneys, would want their service providers to provide more and better information, the absence of a basic understanding of cybersecurity could result in requests that could inadvertently create greater risks. Service providers recognize the right of plan sponsors to confirm that their participants’ data are protected, but have legitimate concerns that some of the information requested, if it becomes more widely available, could help cybercriminals breach systems, thus undermining that very security.
To read Ben’s complete article, please click here.