The Department of Labor (DOL) is interested in the concerns about cybersecurity, so expect some guidance.
Tim Hauser, Deputy Assistant Secretary for National Office Operations at DOL’s Employee Benefits Security Administration (EBSA), says that we will likely see more focus in the DOL’s investigations on the adequacy of various cybersecurity programs, especially for large plans in terms of making sure the providers they hire are observing good cybersecurity practices. Hauser has indicated that the guidance would be informal, and not a formal notice and comment rulemaking.
I expect means that in audits, DOL will ask plan sponsors about cybersecurity concerns and whether they raise that with their plan providers. Regardless of the guidance, you need more focus on cybersecurity if the DOL does as well.