Skip to main content
close search
site logo
Dive Brief

DOL rolls out guidance for retirement fund cybersecurity

Published May 5, 2021
By
Lisa Burden Contributor
Sean Gallup via Getty Images

Dive Brief:

  • The U.S. Labor Department's Employee Benefits Security Administration has issued cybersecurity guidance for the first time. The information is directed at plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act, and provides best practices for maintaining cybersecurity, including tips on how to protect the retirement benefits of America's workers.
  • The guidance includes tips for hiring a service provider, cybersecurity best practices and online security tips.
  • "This much-needed guidance emphasizes the importance that plan sponsors and fiduciaries must place on combating cybercrime and gives important tips to participants and beneficiaries on remaining vigilant against emerging cyber threats," Acting Assistant Secretary for Employee Benefits Security Ali Khawar said.

Dive Insight:

EBSA said there are an estimated 34 million defined benefit plan participants in private pension plans and 106 million defined contribution plan participants covering estimated assets of $9.3 trillion as of 2018. "Without sufficient protections, these participants and assets may be at risk from both internal and external cybersecurity threats. ERISA requires plan fiduciaries to take appropriate precautions to mitigate these risks," the Labor Department said in a statement.

The guidance from DOL might be the result of prodding from the General Accounting Office. HR Dive sister publication, Cybersecurity Dive, has reported that, earlier this year, GAO said in a report that retirement plans face a higher risk of cyberattack because the Labor Department had not provided guidance for protecting employees' savings and personal data nor had it made clear the cybersecurity responsibilities of employees and other fiduciaries.

"Until DOL formally clarifies plan fiduciaries' responsibilities and provides minimum expectations related to cybersecurity, fiduciaries may not realize that they could be liable for losses they were obligated to prevent and plans and their participants will continue to be vulnerable to financial losses and PII breaches," the GAO said.

Without such guidance, GAO said, companies and other retirement plan administrators might not understand their duties in cybersecurity and plan participants cannot be assured their assets and personal information are safe.  

GAO said the Labor Department has acknowledged that cybersecurity is a serious problem for retirement plans. There is a risk that some fiduciaries may not be able to cover losses because of the large amount of money potentially at risk in retirement accounts.

A "potential lack of adequate and consistent protection could result in substantial harm to participants and beneficiaries including loss or theft of money, identity theft or litigation of plan fiduciaries and their administrators," the GAO said.

Filed Under: Compliance

Editors' picks

Company Announcements

View all | Post a press release
CuraLinc Healthcare Expands Partner Network Announcing Strategic Oshi Health Partnership
From CuraLinc Healthcare
November 05, 2024
Improvizations Signs Letter of Intent to Acquire The FASE Group
From Improvizations, LLC
November 12, 2024
New Research Reveals U.S. HR Leaders are Too Overwhelmed to Keep Up with New Technology Trends…
From aconso
November 20, 2024
LearnLux Financial Wellbeing Named Top 25 Work Tech Vendor
From LearnLux
November 07, 2024
Editors' picks
Latest in Compliance
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell