Employee benefit plans are coming under greater risk for cyber attacks. Nearly all employee benefit plans contain high account balances and sensitive personal information for both participants and beneficiaries. The following factors contribute to this increasing risk:
Employers and third-party service providers hold specific electronic information that is very valuable for cyber attacks, including:
A cyber security breach not only causes damage to your reputation but also brings many accompanying financial damages, including:
Plan sponsors and certain third-party service providers have ERISA fiduciary obligations for each of the employee benefit plans they manage. ERISA requires that all fiduciaries must administer the plan with the care, skill, prudence and diligence under the circumstances that a prudent person would use. Regulations issued by the Department of Labor (DOL) provide specific requirements for the protections and confidentiality of personal information. Depending on the state you live in, you may have additional cyber security requirements.
In November 2016, the DOL issued an Advisory Council Cyber security Report. That report recommends that employers:
The report also identified four main areas employers should include in their cyber security policies. They are:
Benefit plan cyber security is an overlooked risk. However, most organizations already have a cyber security plan in place. Use the suggestions above and compare them to your plan. By testing and updating policies, monitoring service providers and regularly training your employees you can lower the risk of a breach of the sensitive information in your benefit plans. Connect with us to find out more.
At General Insurance Services, we are a team of insurance professionals with an array of experience, backgrounds, and interests. We’re advisors with a mission to secure the future of the communities we serve. Share our knowledge through this blog allows us to get one step closer to achieving our mission.