Page 54 - OctDefComp
P. 54
3. What is Empower’s track record in the 5. Does Empower have any insurance policies
industry, including public information that cover losses caused by cybersecurity
regarding information related to and identity theft breaches (including
your services? breaches caused by internal threats, such
Empower is a leader in the retirement plan recordkeeping as misconduct by the service provider’s own
industry and remains committed to maintaining the employees or contractors, and breaches
security of the accounts we service. Empower Retirement caused by external threats, such as a third
earned the highest number of “Best in Class” ratings party hijacking a plan participants’ account)?
from our customers in an annual 2020 survey from Empower maintains cyber liability insurance policies
PLANSPONSOR Magazine. In the 2020 Financial Advisor that include coverage for items such as the following:
IQ Awards, Empower ranked top in five categories. We cyber incident response costs (legal and regulatory, IT
are dedicated to giving all our clients the best customer security, forensic, crisis communication, privacy breach
service and the best cybersecurity protection regardless management); system damage and rectification costs;
of plan size. system business interruption; network security and
privacy liability; management liability; regulatory fines;
and media liability. Identity theft could lead to third-party
hijacking of client funds and may be covered under our
#1 in best-in-class cups with 89 awards 2
4 service commendations 2 Security Guarantee and bond program which includes
social engineering and fraudulent transfer instructions
as well. The aggregate of these insurance policies is $100
million plus $50 million (Canadian currency).
6. When you contract with a service provider,
2020 Retirement Leader of the Year 3
make sure that the contract requires
ongoing compliance with cybersecurity and
information security standards — and beware
#1 Value for price (9 years in a row) 4 of contract provisions that limit the service
#1 Overall service (4 years in a row) 4 provider’s responsibility for IT security
breaches. Also, try to include terms in the
4. Has Empower experienced past security contract that would enhance cybersecurity
breaches, what happened and how did protection for the plan and its participants,
you respond? such as:
Empower has not experienced a security breach of our Information Security Reporting
internal systems or unauthorized access to client data.
Empower is fully prepared to discuss with plan sponsors
Fraudulent activity and identity theft are major threats in the specific processes and practices we follow in
today’s computing environment. Empower has developed protecting data and accounts. Empower maintains AICPA
an online security guarantee to restore participant account SOC 1 and SOC 2 reports on an annual basis from third-
losses resulting from any unauthorized transactions that party auditors. Empower’s Data Security Addendum and
occur through no fault of the participant. Information Privacy Addendum are available upon request.
regarding the security guarantee appears on the
participant pre-login website so participants are aware of
the commitment and how it works.
13
FOR FINANCIAL PROFESSIONAL AND PLAN SPONSOR USE ONLY.
