Cybersecurity Guidance for Retirement Plans

By Anthony Bianchi, Supervisor and Louis F. LiBrandi, Principal

For the first time, the Department of Labor (DOL), through its Employee Benefits Security Administration (EBSA), is offering guidance to plan sponsors, fiduciaries, record keepers and other service providers, as well as plan participants, on maintaining cybersecurity.

With more than 140 million Americans participating in an employer-sponsored retirement plan (based on 2018 data), the need to address cyber risk and to safeguard the more than $9 trillion in plan assets, has never been greater.


The DOL’s Cybersecurity Program Best Practices guidance is welcomed and comprehensive. Below is an overview by various groups involved with retirement plans:

  • For plan sponsors – tips for choosing service providers with strong cybersecurity practices

  • For fiduciaries and record keepers – cybersecurity best practices to ensure that these providers are proficient in managing cyber risk

  • For plan participants – security tips when accessing personal account information online, including the use of strong passwords, being alert for phishing expeditions, and exercising caution when using public WiFi

With cyberattacks becoming more frequent and sophisticated, the responsibility for keeping plan and participant information safe is critical.

Contact Us

The Employee Benefit Services Group at PKF O’Connor Davies is available to assist employers with all aspects of employee benefit plan compliance. For more information, please email Tim Desmond at [email protected] or Louis F. LiBrandi at [email protected].