<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=118459&amp;fmt=gif">
Show all

Cybercrime and Employee Benefit Plans

magnifying glass over words cyber attack

3 minute read

Every day, news headlines are filled with stories of data breaches and cyberattacks. Unfortunately, even employee benefits plans are not immune to these threats. In fact, they are especially vulnerable. With organizations and benefits providers relying heavily on electronic access, new vulnerabilities are constantly being created.

In 2022, cybercrime caused $6 trillion dollars in damages. Cyberthreats include phishing, ransomware, and malware attacks.

 

Risks

Retirement, savings, health plans, and any other type of employee benefit plan is vulnerable to hackers. These types of plans can be exposed to privacy, security, and fraud risks. They are at risk due to:

  • Personal identifiable information including Social Security numbers, email addresses, and birth dates. Since this information is permanently associated to an individual, it can be misused over a long period of time.
  • Financial information including direct deposit information, compensation, enrollment data, and account balances. These accounts can be targeted to request loans, withdrawals, and distributions.
  • Many benefit plans are connected to other service providers or vendors. This includes those that offer vision, dental, health insurance, retirement plans, and more.

 

Consequences

When a cyberattack occurs, there are consequences for all parties involved. Consider the following:

  • Significant expenses may be involved in detecting the extent of the breach, conducting investigations, managing incident responses, recovering compromised data, and restoring the integrity of the entire system
  • Monetary losses may occur to participants, the plan, or service providers if personally identifiable information is stolen
  • If a security breach occurs, organizations may face operational disruption and damage to their reputation. Both may require additional costs to fix.
  • Penalties or fines may occur if health plan information is released, and it violates federal laws

 

Mitigate Risks

Employees working remote must understand cyber threats and how to protect sensitive organization and employee information. To mitigate risks, consider the following measures:

  • To protect and control data, it's important to properly monitor and maintain up-to- date technology. Vulnerabilities can be determined by conducting a gap analysis, penetration testing, or other assessments.
  • Educate employees on how to handle personal data. Discuss things like passwords, locking computers, and opening questionable emails or attachments.

To shift cyber risks:

  • Review contracts. Employers should review and understand what their policy covers and determine if they are appropriately covered or if additional coverage is needed.
  • Obtain comprehensive insurance policies. Cyber liability insurance can cover financial losses that result from cyber incidents. Most policies cover first and third-party liability coverages. For those organizations without coverage, they may want to investigate a policy to protect their data and their employees.

With many employees working from remotely, plan sponsors may want to consider updating work-from-home policies to include cybersecurity clauses.

 

Other Considerations

Open enrollment may be a good time for employers to review their technology policies, contracts, insurance, and other coverages. All parties involved should have adequate data protection strategies in place. In case of a cyberattack, employers should have a basic communication and action plan to protect and restore things quickly and appropriately. Download the bulletin for more details.

 

1 https://dataprot.net/statistics/cybercrime-statistics/

 

Additional Resource

Cyber Liability Risk Scorecard

New call-to-action

National Insurance Services is not a law firm and no opinion, suggestion, or recommendation of the firm or its employees shall constitute legal advice. Readers are advised to consult with their own attorney for a determination of their legal rights, responsibilities and liabilities, including the interpretation of any statute or regulation, or its application to the readers’ business activities.

hands cupped together holding a paper doll family
More Employers Offering Fertility Benefits
October 12, 2023
calculator that reads stop loss
Stop-loss Insurance Premiums Increased
October 12, 2023
Mari Wagner

Mari Wagner

The greatest badge of success for Mari Wagner is when her customers reach out and let her know how appreciative they are of her help and services. Mari is dependable, driven, committed, and enjoys meeting new people. Mari joined the National Insurance Services (NIS) team after working with NIS for several years on mutual clients benefit plans. She finds that NIS has similar values and mindset to her own. As an Account Manager, Mari works with schools, cities, and counties in the Midwest Region. She is a licensed insurance agent with a background in sales, wellness, managing insurance pools, marketing, and consulting.