If only we followed through on everything, what would life be like? It’s hard to know, but this much is sure: business owners who never get around to cybersecurity insurance will regret it the day a smallish cyber incident blossoms into a full blown disruption. That goes double for those sponsoring a retirement plan.
Sitting Ducks: Retirement Plans
Retirement plans are obvious targets for criminal action for two reasons: money and data. For business owners and plan sponsors, taking preventative action is essential to warding off costly disruption. Attorneys at Varnum LLP emphasize the need to be proactive about cybersecurity: “As new threats become increasingly complex and continue to emerge, fiduciaries can work to better protect participant data and mitigate their own losses by establishing adequate compliance now.” Experts also remind us that obtaining cybersecurity insurance that includes a comprehensive response plan is a very effective tactic for ensuring business continuity:
Cyber insurance provides organizations with financial security against damages caused by cyber incidents, which can go beyond revenue loss and include investigation expenses and credit monitoring. Cyber Insurance also provides organizations with legal support during the aftermath of a data breach or privacy violation and underscores a commitment to clients in safeguarding their data.
When evaluating cybersecurity insurance options, business owners who sponsor retirement plans should clarify that the coverage extends to both the business and the retirement plan. Referencing the findings of an ERISA Advisory Council report, EBSA’s Assistant Secretary, Lisa M. Gomez, has urged plan sponsors to speak with their insurance providers about what their cybersecurity coverage encompasses, cautioning: “Many employers assume that since the company has cyber liability insurance, they’d be covered in a breach. The fine print in the policy notes that it applies only to the company and not the company in its capacity as a plan sponsor—something not obvious to most.”
Here’s help with cybersecurity insurance decisions: at Colonial Surety Company, cyber liability coverage is affordable for businesses of every size, and you don’t have to wonder what it includes, because it explicitly covers the business and the plan. It also comes complete with fiduciary liability protection for plan sponsors:
Cyber and Fiduciary Liability Coverage Here
Best Practices for Cybersecurity
The Department of Labor (DOL) has released updated guidance on cybersecurity program best practices, and attorneys are urging plan fiduciaries and recordkeepers to “carefully review and assess which of the guidance’s best practices… have been implemented and what should be implemented to efficiently and effectively mitigate cybersecurity risks.” As a starting point, Varnum LLP offers this outline of the recommended best practices:
- Maintain a well-documented cybersecurity program that identifies, assesses, and responds to cybersecurity threats. Include written policies regarding appropriate disclosures, notification requirements, and issue correction.
- Perform regular and comprehensive risk assessments and correct identified risks and gaps.
- Have a third-party contractor conduct an independent annual audit of security controls and implement corrections….
- Have clearly defined information security roles and responsibilities at all appropriate levels for your business….
- Implement strong access control procedures. This includes using multi-factor authentication (MFA), limitation of access based on need, and monitoring access activity.
- Conduct updated cybersecurity awareness training for all personnel….
- Implement a secure system development life cycle program (SDLC) to ensure that new systems are developed with cybersecurity concerns in mind.
- Implement a resiliency program to enable your business to adapt quickly to maintain operations and isolate issues in the event of a disruption.
- Ensure standards for data encryption and technical controls are being met.
As plan sponsors across the country work to address the DOL recommendations, many are finding Colonial Surety Company’s efficient and cost-effective coverage especially helpful. Specifically, for a few dollars a day, plan sponsors can obtain protection for the company, the plan, and themselves, with a Cyber Liability+Fiduciary Liability Insurance package. In addition to providing defense costs and penalty limits up to $1,000,000, if faced with claims of alleged or actual breaches of duty in connection with the employee retirement plan, Colonial’s Cyber Liability+Fiduciary Liability Insurance includes:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach.
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Plan sponsors can obtain this comprehensive coverage online in minutes, or even speak to one of Colonial Surety’s knowledgeable ERISA experts for further support. Visit us now, and end your day with coverages–including your cybersecurity response plan–in hand:
Cyber and Fiduciary Liability Insurance
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.