The Department of Labor (DOL) has recognized the importance of cybersecurity as a fiduciary responsibility for employee benefit plans, following the release of guidance that was first issued in April 2021 and updated in September 2024. This guidance now encompasses all types of employee benefit plans, including retirement and health plans, emphasizing the need for fiduciaries to actively manage cybersecurity risks.
As the DOL integrates cybersecurity into its standard audit processes, it has made clear that investigators will scrutinize documentation related to cybersecurity policies and service provider agreements. A significant focus for 2024 will be on the enforcement of these cybersecurity measures, underscoring their critical role in protecting sensitive participant data and retirement assets.
Artificial intelligence tools used in benefits administration, while improving efficiency, also introduce new vulnerabilities. These technologies, including chatbots and algorithms, require access to large volumes of sensitive information, making them attractive targets for cybercriminals. The risks associated with AI systems include potential adversarial attacks that could lead to fraudulent transactions and the spread of misinformation regarding benefits.