Cybersecurity Considerations for Employee Benefit Plans

The DOL's ERISA Advisory Council recently issued a report, Cybersecurity Considerations for Benefit Plans, which summarizes its examination of and recommendations regarding cybersecurity considerations as they relate to employee benefit plans.

The report noted that while cybersecurity is a focus area for organizations with regard to ongoing business activities, benefit plans often fall outside the scope of cybersecurity planning even though plans often maintain and share sensitive employee data and asset information across multiple unrelated entities as a part of the plan administration process.  As such, the Council believes benefit plans should be specifically considered when implementing cybersecurity risk management measures, both in safeguarding benefit plan data and assets and when making decisions to select or retain a service provider. 

One of the most significant challenges that face employee benefit plans is the reliance on service providers to manage daily activities of the plan.  As a result, employee benefit plans typically share sensitive employee data and beneficiary and employer information with these service providers.  Based upon historical cybersecurity breaches, third parties can be considered the weakest cybersecurity link. A cybersecurity breach within an employee benefit plan could ultimately result in personal information being compromised.  

The Council identified four major areas for effective practices and policies: 

  1. Data management.
  2. Technology management.
  3. Service provider management.
  4. People issues/training.

Every plan is unique and cybersecurity risk management is a process. There is not a “one- size-fits-all” strategy, and plan sponsors, administrators, fiduciaries and other service providers must determine what is reasonable.   The Council has created materials for plan sponsors and fiduciaries to utilize when developing a cybersecurity strategy and program. 

For the full report Click Here

Please contact us if you have any questions and visit the Our Thoughts On blog for more articles. 

Source : Cybersecurity Considerations for Benefit plans

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

Ransomware Attack Disrupts Popular Sports Gambling Sites
Reflections from the Recent Employee Benefit Plan Season
Ransomware Victims May Now Face Federal Fines
Schneider Downs Shortlisted for PTC Tech 50 Cybersecurity Award
Cybersecurity Tips from Home Video Series
National Cybersecurity Awareness Month 2020

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102