There just may be a new cybersecurity regulator in town.

In an effort it describes as “an important step” toward safeguarding more than $9.3 trillion in retirement assets, the U.S. Department of Labor (DOL) published its first cybersecurity guidance last week (Cybersecurity Guidance). The Cybersecurity Guidance is directed at plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act of 1974 (ERISA) as well as plan participants and beneficiaries.  Significantly, the Cybersecurity Guidance formally states the DOL’s position that cybersecurity is a matter of fiduciary responsibility under ERISA, stating that ERISA requires plan fiduciaries to take appropriate precautions to mitigate cybersecurity risks.

(more…)