Cybersecurity and Data Security Risk Management Strategies for ERISA Plan Fiduciaries

Summary

This practice note recommends cybersecurity risk management strategies that fiduciaries of employee benefit plans governed by the Employee Retirement Income Security Act of 1974 (ERISA) may take to mitigate the risks of liabilities related to losses resulting from cybersecurity attacks in ERISA employee benefit plans. With the Department of Labor (DOL) having issued initial guidance on the extent of their cybersecurity responsibilities, fiduciaries continue to struggle to understand the extent of their responsibilities and the manner they might best be addressed. This practice note outlines some important risk management strategies they may consider when addressing these concerns.