To increase protections for the estimated $9.3 trillion in American retirement assets, the Department of Labor (DOL) has begun a new cybersecurity audit initiative for retirement plans. After providing its first set of guidance on cybersecurity in April, the DOL quickly began the audit initiative by issuing information and document requests to numerous 401(k) plan fiduciaries. The DOL has stated that ERISA requires plan fiduciaries to take appropriate precautions to mitigate the risks of cybercrime and this new audit activity clearly indicates that companies must take steps to align their cybersecurity programs with the guidance provided or risk being caught flatfooted by a probing and comprehensive audit.
The DOL’s cybersecurity guidance is aimed at plan sponsors, plan fiduciaries, record-keepers, and plan participants. It provides advice on how to best protect the retirement benefits of America’s workers through cybersecurity safeguards. The DOL’s guidance is broken down into the following three documents: