Cyber Security Issues for Plan Sponsors

Team SummitComments are off for this post

The Department of Labor is working on a guidance package addressing cybersecurity issues as they relate to plan sponsors and third-party providers.

Tim Hauser, Deputy Assistant Secretary for DOL’s Employee Benefit Security Administration (EBSA) has indicated that we should expect more focus in the department’s investigations of the adequacy of various cybersecurity programs to confirm that service providers plan sponsors hire are practicing effective cybersecurity practices.

Mr. Hauser also indicated that the forthcoming guidance would be informal, and not a formal notice and comment.

Plan Sponsor Considerations

  • The DOL expects there to be questions asked when hiring a TPA or record-keeper.
  • What practices and policies does the service provider have to ensure their systems are secure?
  • Does the service provider have regular third-party audits by an independent entity?
  • How does the third party validate the cybersecurity of their systems?
  • Is there any history of cybersecurity incidents? If so, what is their track record?
  • What did they learn from any prior incidents, and how have they improved their defensive processes?
  • Do they indemnify their clients in event of security systems breaches that result in losses?
  • Do they have insurance policies to make you whole and cover breaches, or do they have all sorts of waivers and exculpatory clauses in their contracts?

In the event a security breach is identified and an offender has achieved access to confidential information, the plan sponsor should produce a documented response, including notifying law enforcement, the FBI, the plan, and their participants.

Summit Group 401(k) Consulting will share when an official final guidance package is made available, so be sure to check back for updates.

Representatives offer products and services using the following business names: Summit Group of Virginia LLP – insurance and financial services | Ameritas Investment Company, LLC (AIC), Member FINRA/SIPC – securities and investments | Ameritas Advisory Services (AAS) – investment advisory services. AIC and AAS are not affiliated with Summit Group of Virginia LLP. Products and services are limited to residents of states where the representatives are registered. This is not an offer of securities in any jurisdiction, nor is it specifically directed to a resident of any jurisdiction. As with any security, request a prospectus from your representative. Read it carefully before you invest or send money. A representative will contact you to provide requested information. Representatives of AIC and AAS do not provide tax or legal advice. Please consult your tax advisor or attorney regarding your situation.
Employer Resource Center, Fiduciary Governance, Plan Operations & Admin

Team Summit

You are now leaving Summit Group 401(k) Consulting

Summit Group 401(k) Consulting provides links to web sites of other organizations in order to provide visitors with certain information. A link does not constitute an endorsement of content, viewpoint, policies, products or services of that web site. Once you link to another web site not maintained by Summit Group 401(k) Consulting, you are subject to the terms and conditions of that web site, including but not limited to its privacy policy.

You will be redirected to

Click the link above to continue or CANCEL