On April 14th, 2021, the Department of Labor (“DOL”)
issued cybersecurity guidance to plan sponsor and fiduciaries,
recordkeepers and other service providers and participants and
beneficiaries of plans regulated by the Employee Retirement Income
Security Act of 1974, as amended (“ERISA”). The guidance
is presented in three separate parts: Tips for Hiring a Service Provider with Strong
Cybersecurity Practices, Cybersecurity Program Best
Practices and Online Security Tips for Participants and
Beneficiaries.
Over the past ten years, cybersecurity has become an area of
critical importance to plan sponsors, plan administrators and plan
participants. With plans holding trillions in assets as well as
sensitive participant information, retirement accounts have been
attractive targets for cyber-enabled fraud. Plan participants are
known to check their retirement account balances less frequently
than personal banking, credit card or other financial accounts. As
a result, there can be a delay before attacks on retirement
accounts are discovered, making tracing and recovery efforts
exceptionally difficult. Plans also permit electronic access to
funds and rely upon outside service providers, which provide
additional access points for breach. There is a growing body of
litigation involving participants who have suffered retirement plan
losses due to cyberattacks. Bartnett v. Abbott
Laboratories, No. 20-cv-02127 (ND Ill., 2020) (motion to
dismiss…