{"id":258739,"date":"2026-05-29T10:27:00","date_gmt":"2026-05-29T14:27:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/29\/erisa-cybersecurity-what-plan-fiduciaries-should-know\/"},"modified":"2026-05-29T10:30:10","modified_gmt":"2026-05-29T14:30:10","slug":"erisa-cybersecurity-what-plan-fiduciaries-should-know","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/29\/erisa-cybersecurity-what-plan-fiduciaries-should-know\/","title":{"rendered":"ERISA Cybersecurity: What Plan Fiduciaries Should Know"},"content":{"rendered":"<p><a href=\"https:\/\/www.forvismazars.us\/forsights\/2026\/05\/erisa-cybersecurity-what-plan-fiduciaries-should-know\">ERISA Cybersecurity: What Plan Fiduciaries Should Know<\/a><\/p>\n<p><a href=\"https:\/\/www.forvismazars.us\/forsights\/2026\/05\/erisa-cybersecurity-what-plan-fiduciaries-should-know\">https:\/\/www.forvismazars.us\/forsights\/2026\/05\/erisa-cybersecurity-what-plan-fiduciaries-should-know<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-29 10:27:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.forvismazars.us\">www.forvismazars.us<\/a><\/p>\n<p>If your organization sponsors an employee benefit plan under the Employee Retirement Income Security Act of 1974 (ERISA), cybersecurity risk is now a core fiduciary consideration. A single compromised record-keeper login, a missed vendor review, or an outdated incident response plan could put participant data, plan assets, and your fiduciary standing at risk.<\/p>\n<p>The U.S. Department of Labor (DOL) has clarified that ERISA-covered plans are expected, consistent with fiduciary duties of prudence and loyalty, to understand and oversee cybersecurity risks that could affect plan data and plan assets, regardless of plan size or whether services are outsourced.<\/p>\n<p>Recent DOL enforcement developments underscore that these expectations are not merely aspirational. On January 15, 2026, the DOL\u2019s Employee Benefits Security Administration (EBSA) announced that it overhauled its national enforcement projects for fiscal year 2026 and that investigations will prioritize cybersecurity, among other focus areas. This increased enforcement emphasis reiterates the importance of having a demonstrable, plan-specific process for assessing cyber risk and overseeing service providers that handle plan data and transactions.<\/p>\n<h2>Deconstructing the DOL\u2019s Cybersecurity Guidance<\/h2>\n<p>The DOL\u2019s cybersecurity guidance, originally issued in April 2021 and expanded to all ERISA-covered plans in September 2024 through Compliance Assistance Release No. 2024-01, applies broadly to retirement plans, health and welfare plans, plan sponsors and fiduciaries, and service providers that create, store, process, or transmit plan data.<\/p>\n<p>The guidance is anchored by the DOL\u2019s \u201cCybersecurity Program Best Practices,\u201d which describe elements of reasonable cybersecurity governance and oversight for ERISA plans. These practices include:<\/p>\n<ul class=\"two-col-list\">\n<li>Maintaining a formal, well-documented cybersecurity program<\/li>\n<li>Conducting prudent annual risk assessments<\/li>\n<li>Having a reliable annual third-party audit of security controls<\/li>\n<li>Clearly defining and&#8230;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.forvismazars.us\/forsights\/2026\/05\/erisa-cybersecurity-what-plan-fiduciaries-should-know\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ERISA Cybersecurity: What Plan Fiduciaries Should Know https:\/\/www.forvismazars.us\/forsights\/2026\/05\/erisa-cybersecurity-what-plan-fiduciaries-should-know Publish Date: 2026-05-29 10:27:00 Source Domain: www.forvismazars.us&#8230;<\/p>\n","protected":false},"author":1,"featured_media":258741,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.forvismazars.us\/getmedia\/073374ba-9868-43c4-8776-ab81267fce7d\/680315905-landscape-large.jpg?width=1920&height=1080&ext=.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[57],"class_list":["post-258739","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/258739"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=258739"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/258739\/revisions"}],"predecessor-version":[{"id":258742,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/258739\/revisions\/258742"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/258741"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=258739"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=258739"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=258739"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}