Since issuing its first cybersecurity guidance in 2021, the Department of Labor (DOL) has emphasized cybersecurity’s integral role in retirement plan audits, setting clear expectations for plan sponsors. The DOL scrutinizes plans that do not fully comply with these guidelines, a challenge noted by Jon Meyer, CTO at CAPTRUST, who highlights the difficulty many organizations face due to limited resources or insufficient prioritization. Meyer underscores that DOL auditors prioritize documented and actively implemented cybersecurity policies, contrasting them with generic policies lacking practical application. Although ERISA does not explicitly mention cybersecurity, experts like Stephen Wilkes from The Wagner Law Group argue that fiduciary duties imply a responsibility to safeguard plan assets against cyber threats, extending fiduciary principles of loyalty and prudence into the cyber realm.
Amid rising hacking and fraud attempts, the DOL now mandates that plan sponsors undergoing audits document their cybersecurity measures, suggesting cybersecurity will soon be standard in all retirement plan audits. Joseph Lazzarotti from Jackson Lewis P.C. anticipates the DOL’s forthcoming development of comprehensive audit guidelines for cybersecurity issues, reflecting a growing regulatory emphasis. Wilkes advises plan sponsors to enhance existing enterprise-wide strategies with specific measures tailored to retirement plans, ensuring comprehensive coverage of retirement plan data within cybersecurity frameworks. Despite major financial institutions’ substantial cybersecurity investments, sponsors must not rely solely on vendor reputations but conduct thorough due diligence, document efforts, and adopt a risk-based approach that includes regular penetration testing and comprehensive cybersecurity assessments. Continuous monitoring and documentation are essential for plan sponsors to fulfill fiduciary responsibilities and demonstrate proactive efforts to the DOL, underscoring the critical importance of cybersecurity in protecting retirement plan assets, as highlighted by Frank Palmieri from Palmieri & Eisenberg.
Original article from PSCA to learn more: Click Here
