To embed, copy and paste the code into your website or blog:
On April 14, 2021, the U.S. Department of Labor (DOL) released three-part guidance on cybersecurity issues for employee benefit plans, marking its first significant commentary on the issue since its comprehensive but nonbinding report in late 2016. The DOL’s guidance arrives amidst an increase in high-profile lawsuits arising out of retirement plan participants’ claims that plan sponsors, responsible fiduciaries, and service providers failed to adequately protect retirement accounts against cybersecurity threats. Given the increased threat of cybersecurity attacks in general and the potential vulnerability of approximately $9.3 trillion in benefit plan assets (per DOL estimation), ERISA plan sponsors, responsible fiduciaries, and participants have eagerly awaited formal DOL guidance on this issue. This update provides a detailed examination of the DOL’s three-part cybersecurity guidance for ERISA plans as well as a s