Cybersecurity has become critically important to plan sponsors, plan administrators and plan participants. With retirement plans holding an estimated $9.3 trillion in assets as well as sensitive information for approximately 140 million plan participants, retirement accounts are especially attractive targets for cyber-enabled fraud. For instance, sophisticated phishing email schemes have proliferated during the COVID-19 pandemic, threatening retirement accounts. Ever-expanding technology connecting data and people has also opened the door to bad actors.
This article explores the expanding intersection of the Employee Retirement Income Security Act and cybersecurity issues, focusing on recent court decisions as well as guidance from the U.S. Department of Labor.