Skip to content

DOL Cybersecurity Services for ERISA Plans

Plan sponsors, fiduciaries and covered service providers have immense responsibility to protect the retirement plan assets of U.S. employees. 

In addition to managing day-to-day plan operations and keeping compliant with laws and regulations, mitigating risks to plan participants and plan assets posed by cyber threats is another layer of protection that now falls within that realm. With new and sophisticated cyber threats occurring each day, it can be cumbersome to keep up with the latest exploits and resulting cybersecurity guidelines.

Employee benefit plans have heightened cybersecurity risks due to:

  • Significant outsourcing to third-party administrators, which leads to a lack of ownership or accountability.
  • Sensitive personal data being shared electronically among providers.
  • The ability to access large amounts of plan assets.

The Department of Labor (“DOL”) Employee Benefits Security Administration has issued guidance that outlines the protections each party working with an ERISA-qualified plan must consider. These measures encompass everything from selecting qualified service providers to implementing security procedures and educating plan participants.

The EisnerAmper Digital team works closely with our Pension Services Group to analyze the DOL documentation and guide our clients accordingly. Our deep-seated understanding of employee benefit plans, coupled with our commitment to building proactive cybersecurity strategies, makes EisnerAmper uniquely qualified to measure your cybersecurity posture and help apply proper protocols to better protect plan assets and facilitate plan compliance.

What Should Plan Fiduciaries and Sponsors Do?

  • Review the guidance and assess how your current cybersecurity practices (and those of your recordkeepers and service providers) compare to the DOL recommendations.
  • Review current service provider contracts and plan document amendments.
  • Schedule fiduciary training.
  • Document compliance efforts (e.g., cybersecurity compliance training, procedures, participant disclosure approaches).

Services we offer include:

Plan Sponsors and Fiduciaries

  • Conduct Cybersecurity Due Diligence on New Service Providers
  • Monitor Existing Service Provider Cybersecurity Practices

Covered Service Providers

  • Run Health Checks on Alignment with DOL Cybersecurity Program Guidelines
  • Enhance Cybersecurity Controls and Processes
  • Perform Annual Third-Party Reviews of Security Controls

What's on Your Mind?

a person in a suit

Denise Finney

Denise Finney is the Partner-in-Charge of the Pension Services Group dedicated to employee benefit plan audits. With 15 years of public accounting experience, she specializes in assisting clients with annual audit requirements regarding employee benefit plans.


Start a conversation with Denise