Plan sponsors of retirement plans handle a lot personal participant data, but many are unaware of their fiduciary duties in the context of cybersecurity. If a retirement plan suffers a cyberattack, plan assets could be diverted and misused. Under the Employee Retirement Income Security Act (ERISA), the plan sponsor could be held liable for a fiduciary breach for failure to satisfy a duty of loyalty and to act prudently.

Plan sponsors can put internal cybersecurity safeguards in place to help them avoid a fiduciary breach under ERISA. In this article for Confero Magazine, I outline four key responsibilities that plan sponsors should undertake. Read my article “Cybersecurity: A Plan Sponsor’s Fiduciary Role” here.