On April 14, 2021, the U.S. Department of Labor (DOL) released guidance for the first time for plan sponsors, plan fiduciaries, recordkeepers and plan participants regulated by the Employee Retirement Income Security Act which addresses best practices for maintaining cybersecurity which includes:
Next Steps for Employers
This guidance makes clear that ERISA plan fiduciaries must take reasonable steps to protect plan assets from cyber threats. The DOL’s issuance of this guidance sheds light on what stance the agency is likely to take in the event of a plan fiduciary’s failure to safeguard against cyber threats. As such, litigation over losses resulting from a cyber security breach, may be a factor in how claims are decided. As a result, plan sponsors, fiduciaries and recordkeepers will want to review this guidance and take the necessary steps to review their various service provider relationships and cybersecurity practices.