In short, through its new guidance, the DOL is making it clear that fiduciaries cannot reasonably fulfill their obligations to plan participants without taking an active role to ensure that not only are the plan’s cybersecurity practices aligned with the DOL’s best practices, but also that such fiduciaries are actively monitoring and evaluating a service provider’s cybersecurity policies and procedures.
Below, we have set out answers to some of the overarching questions facing the who, the what, the when, and the how of DOL’s new guidance.
Cybersecurity Program Best Practices
To whom does this guidance apply?
To print this article, all you need is to be registered or login on Mondaq.com.
Many issues keep employee benefit plan administrators,
committees, and sponsors (plan fiduciaries) awake at night, but
cybersecurity is especially troubling for many reasons. Employee
benefit plans face significant cybersecurity threats and, given the
incredibly significant amount of assets involved, the consequences
of even one single attack can be devastating. Further, plan
fiduciaries can have the best cybersecurity procedures in place for
their own internal systems, and yet the plan or a plan participant
can still experience a cyber-breach because of the numerous
interfaces the plan has with third parties, such as record-keepers,