Each episode offers employers candid, in-depth interviews with industry experts, new best practices and valuable perspectives on current events.
Cyber Security & 401(k) Plans: Real or Theoretical Risk?
Guests: Ben Beeson & Brian Finch
Alright, let me know if you have heard this one, a lawyer, an insurance broker and a retirement consultant walk into a bar, oh that’s right this is for the podcast. We’ll have to save that one for another time However that does resemble the motley crew we have assembled to discuss the evolving world of cyber risk or cyber threats and how they can impact 401(k) and other employer benefits plans. The lawyer in our conversation is Brian Finch, a partner at Pillsbury Law and member of their Cyber Security Task Force, and the insurance broker is Ben Beeson, SVP and Cyber Risk Practice Leader with Lockton Insurance Brokers. Our conversation starts with a great background and overview of the risks, bad actors, motivations and methods cyber criminals are using to steal money, data, hack organizations or otherwise wreak digital havoc. Next we move into how these evolving cyber threats may impact the retirement industry which obviously has trillions of dollars of assets and very sensitive and personal information on millions of individuals. As a take away, there are some great questions for you to include in your due diligence discussions with your current or potential new service providers, concepts to ensure you explore in your service agreements or contracts and other information to help you walk away with strategies to help keep your employee protected and minimize the risk associated with cyber threats. I took a lot away from the information that Brian and Ben shared, I hope you do as well!
Have a suggestion for a topic? Let us know about it below.
Additional Helpful Information
Cyber Due Diligence for Retirement Plan Fiduciaries
Ben Beeson leads the Cyber Risk Practice at Lockton Companies, the world's largest privately held insurance brokerage. Ben guides boards of directors and executive leadership on how best to mitigate emerging cyber risks to mission critical assets that aligns with the business strategy. His experience ranges from addressing data security and privacy liability to companies in the utility, financial, healthcare, retail, and hospitality industries, to risks from a cyber attack to the energy, transportation, and manufacturing sectors.
Prior to moving to Washington D.C., Ben spent most of his career in the UK working within the Lloyd’s of London insurance market, an entrepreneurial culture creating innovative solutions to address emerging risks.
Ben continues to be involved in the development of US Cybersecurity policy having testified before Congress in 2015, his support in the development and roll out of the NIST framework and through his membership of Business Executives for National Security, (BENS).
Ben is a regular author and commentator on Cybersecurity issues with recent appearances on CNN and Fox News and his chapter contribution to the NYSE's first definitive Cybersecurity guide for Directors and Officers entitled "Navigating The Digital Age."
Brian Finch is a partner in the law firm’s Public Policy practice and is based in Pillsbury’s Washington, DC office. Named by Washingtonian magazine in 2011 as one of the top 40 federal lobbyists under the age of 40 and by Law360 as one of its “Rising Stars” in Privacy Law in 2014, Brian is a recognized authority on global security matters. He specializes in counseling on regulatory and government affairs issues involving the Department of Homeland Security, Congress, the Department of Defense, and other federal agencies. Brian in particular focuses his practice on assisting clients with matters involving cyber security, national defense and intelligence policies, homeland security concerns, and in general providing proactive advice to mitigate liability in the event of a significant security incident.
Areas of Concentration
Brian is a leading authority on the SAFETY Act, a federal statute that can provide liability protection to companies following a terrorist or cyber attack. He has helped prepare over 100 applications for such protections, including for services and technologies such as security guards and vulnerability assessments to software programs and security screening devices. He also testified twice before the U.S. Congress on matters related to the SAFETY Act, and writes regularly about its practical application for business.
Brian is recognized as a leading legal authority on matters related to cyber security, including the legal and policy challenges associated with the consequences of companies suffering a cyber attack, as well as the steps that can be taken to help mitigate the risk of attack as well as post-event litigation.
Brian also regularly advocates on behalf of companies seeking to ensure that federal agencies have sufficient funding for contract vehicles in which they participate.
Brian has represented a wide variety of clients on security matters, including Major League Baseball, FireEye, Inc,, the American Gas Association, the American Public Power Association, the Edison Electric Institute, the National Rural Electric Cooperative Association, Honeywell International, L-3 Communications, Emgerent BioSolutions, Brookfield Office Properties, G4S, and McAfee Inc.
Prior to joining Pillsbury, Brian practiced with two Washington, DC law firms and worked as a legal intern with the Office of Chief Counsel of the Drug Enforcement Administration, U.S. Department of Justice.
Brian is a senior advisor to the Homeland Security and Defense Council, serves on the National Center for Spectator Sports Safety and Security’s advisory board, and as an inaugural Senior Fellow at George Washington University’s Homeland Security Policy Institute. Brian is a professorial lecturer in law at The George Washington University Law School, where he co-teaches homeland security law and policy.
Brian regularly speaks and writes on security issues. He has a cyber security blog on The Huffington Post, a regular cyber security column on the Fox Business website, and appears regularly on cable news as a security expert. He also has authored or co-authored articles for the Wall Street Journal, Politico, The Hill, National Journal, The Washington Times, and other publications.