ebr logo bar
July 2019  Volume 17, Number 7        
 

computer screen

A Plan Sponsor's Cyber Security Responsibilities

Cyber security insurance can help protect you and your workers' health and retirement benefit plans.

Group health and retirement benefit plan administrators keep personal information such as social security numbers, dates of birth and email addresses in electronic records. Employees could suffer serious financial or reputation damage if their information was stolen by a cyber thief. Personal information, unlike a credit card account number, cannot be changed by the account owner and can repeatedly be used by criminals to perform actions such as requesting a retirement plan distribution.

Health and retirement benefit plans are governed by the Employee Retirement Income Security Act of 1974 (ERISA). This federal law requires most plan sponsors and administrators to maintain at least minimum standards to protect employees who are members of these plans.

You are a plan sponsor if you have set up a health care or retirement plan, such as a 401(k), for your employees. Plan administrators and sponsors both have the ERISA fiduciary duty to ensure personally identifiable information (PII), protected health information (PHI) and plan assets are protected from cyber threats. Both entities also must show proof that a plan is in place to respond to a data breach and mitigate associated damages.

Questions to Ask

As a plan sponsor, you should work with your health and retirement plan administrators to evaluate your plans' overall potential risk. Questions you should ask include:

  • Who ultimately is in charge of cyber security for the benefit plan?
  • Is there a plan in place in case there is a data breach? Who would be the primary responder and what steps would be taken?
  • Is a cyber security training program available for employees? According to a 2016 Association of Corporate Counsel Foundation report, employee error is the number one reason cited for data security breaches.
  • What are the current legal and regulatory concerns?
  • What state laws apply if there is a data breach?

Steps to Take

The ERISA Advisory Council on Employee Welfare and Pension Benefits issued a report titled "Cyber security Considerations for Benefit Plans." It lists effective practices, considerations and policies to deter cyber theft. They include:

  • Create a Strategy — Figure out where you are most at risk and establish procedures for how data should be stored, controlled, accessed and transmitted. You also need to make sure you have a plan for testing and updating technology, training personnel, and managing third party risks.
  • Work Closely With Service Providers — Talk to your plan's third-party administrator about current data security policies or procedures for passwords, social media use, document retention and Internet privacy.

Cybersecurity Insurance

Commercial insurance policies provide general liability coverage to protect your business from injury or property damage. However, the policies might not cover cyber risks. Internet security risks vary based on type of business or industry, therefore policies for cyber risk are more customized than other types of insurance policies and can be based on a variety of factors. These factors include type of data collected and stored, or how employees and others are able to access data. Cyber security insurance can include liability for security or privacy breaches and costs associated with a privacy breach or business interruption.

For help developing a cyber security plan for your business, please contact us.

[return to top]


 

 

 

 

In this issue:

This Just In ... Retirement Savings Still Out of Reach for Many Americans

Meaningful Ways to Support an Aging Workforce

The Lure of Workplace Flexibility

A Plan Sponsor's Cyber Security Responsibilities

Choosing a Vision Insurance Plan Your Employees Will Value

 

 


The information presented and conclusions within are based upon our best judgment and analysis. It is not guaranteed information and does not necessarily reflect all available data. Web addresses are current at time of publication but subject to change. SmartsPro Marketing and The Insurance 411 do not engage in the solicitation, sale or management of securities or investments, nor does it make any recommendations on securities or investments. This material may not be quoted or reproduced in any form without publisher's permission. All rights reserved. ©2019 The Insurance 411. http://theinsurance411.com Tel. 877-762-7877.