Cyberthreats against union benefit funds continue to grow more sophisticated. Attackers aren’t just locking files anymore, they’re quietly stealing Social Security numbers, health information, and retirement details, creating long-term risks for members and significant fiduciary exposure for funds. The financial and reputational impact of a breach can last for years.

It’s important to remember that member data — PII and ePHI — is a fiduciary asset. Protecting it carries the same obligation as safeguarding plan dollars. That responsibility also extends to every vendor who touches your data. Courts are increasingly holding fiduciaries accountable when a breach occurs anywhere within their service provider network.

Prudent stewardship today means knowing where your vulnerabilities are, documenting your processes, strengthening authentication, training staff, performing meaningful vendor oversight, and testing your incident response plan before you need it. Prepared funds recover faster and protect members more effectively.

In this issue, Jerrard Gaertner examines new risks introduced by AI (page 4), Jason Kotlyarov breaks down fiduciary prudence for training funds (page 8), and Marsha Woodward highlights the governance structures trustees need under ERISA (page 14). It all points to the same truth: safeguarding member data is now a core expression of fiduciary duty. 

As always, our aim with CyberSecure Magazine is to equip you with practical, accessible guidance to help safeguard the information and futures entrusted to your fund.

You can do this, and we’re here to support you.