In the article, “Small U.S. Retirement Plans Lagging in Cybersecurity Oversight,” principal Jeanne Klinefelter Wilson provided insights to Bloomberg Law on plan fiduciaries’ roles in the protection of plan participant user data as related to recent U.S. Department of Labor cybersecurity guidance and increased enforcement.
“The plan fiduciaries are the ones who have the ultimate responsibility to mitigate risk,” said Wilson. “It’s up to them when they hire someone to keep records and to consider a lot of factors, including cybersecurity.”
Fiduciaries at large, sophisticated plans tend to understand that responsibility and have resources and staff to regularly assess contractors’ fraud and data controls, Wilson explained, adding that smaller firms can be left in the dark as recordkeepers themselves continue to make cyber improvements, they may play an outsized role in helping their smaller clients keep up.
“One of the things they need to be doing is helping raise awareness to plan fiduciaries that they have this responsibility,” Wilson stated, “most recordkeepers have very robust systems in place; they’ve been doing it all along.”
Click here to read the article.