It’s no secret that cyber hackers and bad actors continue to find new ways to access and monetize data. Many retirement plan fiduciaries may think they aren’t liable for this risk given they outsource the storage and management of employee data. According to Mario Paez, cyber risk practice leader at Marsh McLennan Agency, this is not the case.
He recently spoke with PlanAdviser about what retirement plan fiduciaries should be doing to minimize their exposure to cyber risks. He tells us about the conversations they should be having with their third-party vendors, and what preventative measures they should take to protect themselves and their employees from a cyber breach.
“There’s this thought [among clients] that: ‘Great, I may collect this data, but it’s routed to a third party for the processing and the storage—the safekeeping of that—so I’m outsourcing my liability, correct?’” Paez says. “The answer to that is: ‘No. No, you are still very much responsible.’”