
The U.S. Department of Labor (DOL) has confirmed that its cybersecurity guidance applies to all employee benefit plans, including retirement plans and health and welfare plans. Employee benefit plans covered by ERISA often hold millions of dollars or more in assets and store and transfer participants’ personally identifiable data, which can make them tempting targets for cybercriminals.
Plan fiduciaries of ERISA-covered plans have an obligation to ensure proper mitigation of cybersecurity risks. Because employers often rely on service providers to maintain employee benefit plan records and keep participant data confidential and secure, they should ensure they use service providers that follow strong cybersecurity practices.
The DOL’s cybersecurity guidance includes tips for hiring plan service providers, cybersecurity program best practices, and online security tips.
A new wave of litigation highlights the importance of employers’ adherence to their fiduciary duties when managing their group health plans, especially as it relates to prescription drug benefits. These lawsuits remind employers that they must act prudently to select and monitor health plan service providers, such as pharmacy benefit managers (PBMs). The cybersecurity guidance can help employers decide on the service providers they use, including PBMs.
Contact us to see how you could minimize risk:
- Employee Benefits|
Recent News
Employee Spotlight: Alejandro Bolivar
Please join us in welcoming Alejandro Bolivar to our Commercial Lines Division as a Strategic Risk Advisor based out of Florida!
The Value of Using a VPN
A virtual private network (VPN) uses an encrypted connection to route internet traffic through a remote server, granting a user access to certain digital services while masking their online activity.
Medicare Part D Changes Affecting Employer Plans for 2026 and 2027
The Inflation Reduction Act of 2022 continues to reshape the Medicare Part D program through calendar years 2026 and 2027, with provisions designed to reduce beneficiaries’ costs that may also affect employer-sponsored prescription drug coverage.
The Third-Party Cyber Risk Gap Many Companies Miss
Third-party cyber incidents can disrupt your operations. Learn how dependent business interruption coverage helps protect against financial losses.
FMCSA Introduces Motus Registration System
The FMCSA is rolling out Motus, a new online registration system that marks a shift toward greater verification, transparency, and compliance accountability.
Commonly Overlooked Property Risks in Spring and Summer
Warmer months often bring increased business activity as well as seasonal risks that can lead to costly property damage and operational disruptions.

