Choose from any of our reports and we will be happy to send it/them to you via email at no cost.

    Take Steps to Cover Your 401k Plan from Cyber Attack

    Your plan is probably not covered by your company’s Crime Insurance!

    A legacy condition in corporate crime insurance causes most company crime insurance policies to leave benefit plans exposed to theft by computer hackers.  This is because the policy forms were developed (in a simpler age) to respond only to regulatory compliance.  In the Cyber Risk era, though, the plans are exposed to much more than what the regulators had foreseen.

    401k plans are regulated under the Employee Retirement Security Act (ERISA).  One of the things ERISA mandates is that the plans be insured for theft of the assets, but only in a narrow way.  Here is a summary of the rule provided by the Department of Labor:

    Outdated Legacy Language

    Because of this, Crime insurance policies were developed to address 401k plans (and other retirement plans as well) by covering theft of assets by the persons at the sponsor organization who handle (have access to) plan funds.

    One policy- writing approach is via the definition of “Insured.”  Here’s an example of how that can work (highlight added):

    Insuring agreement A.2 is only the employee theft section of the policy.  Under this policy benefit plans are not “insureds” with respect to any of the other insuring agreements which would include (with respect to non-employees of the parent company):

    a) Forgery,

    b) Computer Fraud,

    c) Funds Transfer Theft.

    Missing from coverage: the dreaded computer hack

    What is clearly missing:  theft of the plan’s assets via computer hacking or funds transfer fraud. 

    This is a problem that should be fixed it if exists—-  and can be fixed as well.  Some of the newer crime policy forms have already been modified to make this change, and some other insurers may agree to amend their form for each client on request.  As a last resort, change insurers if you have to – this issue is that important.


    Have a risk manager on your side

    The largest companies have entire risk management departments reporting to the CFO.  You need risk management too.

    (c ) Licata Risk & Insurance Advisors, Inc. 2021

    Frank Licata

    [email protected];   617.718.5901

    Receive our blog by email


    Nov 17, 2021

    Licata Risk Licata Risk & Insurance Advisors, Inc.
    265 Franklin Street
    Suite 1702
    Boston, MA 02110
    617-451-2140   advice@licatarisk
    501 East Las Olas Boulevard
    Suite 300/200
    Fort Lauderdale, FL 33301
    LicataRisk Advisors is an independent risk management and insurance consulting firm. We are not brokers and we do not sell insurance. We are not connected to any insurance company or product in any way and do not receive commissions. This is an important difference as you will have an expert on your side who is only committed to you.

    Licata Risk is not a law firm and does not practice law. General advice and contract input by the consultants, including those who are attorneys, is to provide insight into the risk and insurance aspects. Your attorney should be the final authority on any legal matter.