Practical Steps for Employers to Manage AI Cybersecurity
Practical Steps for Employers to Manage AI Cybersecurity
Publish Date: 2026-03-18 16:55:00
Source Domain: natlawreview.com
Introduction
Cybersecurity has become a critical concern for employee benefit plan fiduciaries. With trillions of dollars in retirement assets and vast amounts of sensitive participant data at stake, benefit plans represent attractive targets for cybercriminals. At the same time, the growing use of artificial intelligence (AI) in benefits administration introduces new cybersecurity vulnerabilities that fiduciaries must address. This article provides background on Department of Labor (DOL) cybersecurity guidance, examines cybersecurity risks associated with AI tools, and offers practical steps for managing these risks.
DOL Cybersecurity Guidance and Enforcement Priority
In April 2021, the DOL’s Employee Benefits Security Administration (EBSA) issued its first-ever guidance on cybersecurity for employee benefit plans. In September 2024, EBSA updated the guidance to clarify that all employee benefit plans (both retirement and health and welfare plans) are covered by its cybersecurity requirements. The guidance makes clear that the DOL views cybersecurity as an ERISA fiduciary responsibility. Plan fiduciaries must ensure proper mitigation of cybersecurity risks as part of their duty of prudence, including prudently selecting and monitoring service providers who handle participant data and plan assets. In other words, fiduciaries cannot simply rely on service providers to manage these risks — their active and ongoing oversight is required.
Although this initial guidance is now over four years old, cybersecurity remains a top DOL priority. Earlier this year, EBSA released its 2026 enforcement priorities, with cybersecurity topping the list. EBSA has also incorporated cybersecurity questions into its standard plan audit protocols, with investigators now requesting documentation regarding cybersecurity policies, service provider agreements, and incident response procedures.
The Impact of AI on Cybersecurity AI tools are increasingly used in benefits…
