These EBPAQC Qs & As help plan auditors understand cybersecurity risk in employee benefit plans, and to discuss cybersecurity risk, responsibilities, preparedness, and response with plan clients.
How EBPs are at risk for cyberattacks,
What plan information and assets are at risk,
Potential consequences of a cyber-attack,
Examples of cyber-threats to EBPs,
Fiduciary’s responsibilities for protecting plan information and responding to breaches,
The plan auditor’s responsibility for evaluating cybersecurity risk and controls in a plan audit,