Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus convallis sem tellus, vitae egestas felis vestibule ut.

Error message details.

Reuse Permissions

Request permission to republish or redistribute SHRM content and materials.

Retirement Plan Cybersecurity

According to a recent survey, about 45 percent of companies do not have a chief information security officer (CISO). As technology consultancy West Monroe's The Importance of a CISO observes, it would be terrific for all organizations to have a CISO, but that simply may not be practical for some, particularly smaller organizations. Recent internal audit guidance issued by the federal Department of Labor (DOL), however, directs its investigators to verify the designation of a CISO when auditing retirement plans.

Read the rest of the article:
Do Retirement Plans Need a Chief Information Security Officer?
SHRM | Mar 2022

401(k) World: Cyber Thieves
Plan Adviser | Mar 2024

Developing A Cybersecurity Policy For ERISA Plans
Harter Secrest | Jan 2024

Retirement Plans & Cybersecurity: Insights for Plan Sponsors
BDO USA | Nov 2023

Protecting 401(k) Participants from Cybertheft Should be a Priority-What Sponsors and the Government Can Do
Cohen Buckmann | Jul 2023

Tips for Hiring a Service Provider

Tips For Hiring a Service Provider With Strong Cybersecurity Practices
DOL | Apr 2021

401k Service Providers and Cybersecurity: Questions to Ask
401(k) Help Center

Related reading: Another Cybertheft Lawsuit Spotlights 401(k) Recordkeeper Procedures
Cohen & Buckmann | Aug 2022

DOL Issues Cybersecurity Best Practice for Retirement Plans
The U.S. Department of Labor's Employee Benefits Security Administration (EBSA) in April 2021 issued much-anticipated cybersecurity guidance for employee retirement plans. The essence of the guidance is that responsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks.

Read the rest of the article:
DOL Issues Cybersecurity Best Practices for Retirement Plans
Jackson Lewis via SHRM | Apr 2021

Related reading: Cybersecurity Requests Appear in DOL Audits
Groom | Oct 2021

New Cybersecurity Guidance for Plan Sponsors, Plan Fiduciaries, Record-Keepers and Plan Participants
Cybersecurity Program Best Practices
Tips for Hiring a Service Provider with Strong Security Practices
Online Security Tips
DOL Press Release and Guidance

SHRM Members' Survey

Tell us what you think about the Express Request self-service feature in a few quick questions.


​An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.