Paul O. Catenacci Quoted in "Provider Due Diligence: Key to Avoiding Catastrophic Cyberattacks"

Novara Law Senior Partner Paul O. Catenacci was quoted in a recent article in PlanSponsor on "Provider Due Diligence: Key to Avoiding Catastrophic Cyberattacks." 

Paul Catenacci, senior partner in and head of the employee benefits practice group at Novara Law, says some providers will push back when asked about cybersecurity practices and may even ask the sponsor to sign a nondisclosure agreement in order to receive the information. 

“On the provider side, they’ve got some legitimate concerns too,” Catenacci says. “They don’t necessarily want to publicize their security protocols. Some are saying [they] don’t want to reveal how much insurance [they] carry, because [they] don’t want to be a ransomware target [if] somebody knows [they] have a $30 million insurance policy.”

But Catenacci emphasizes that the Department of Labor expects employers to make prudent decisions when hiring service providers and that the vendor-vetting process should be well-documented.

“Plan sponsors need to be practical about this and [say], ‘Let’s weigh the costs and benefits,’” Catenacci says. “Certainly it’s a risk we need to manage, but not a risk we can manage in a vacuum.”

He suggests that a plan sponsor could have an IT focus group that helps with vetting service providers, as well as a cybersecurity expert that sits on the plan’s fiduciary committee—if they can afford it.

Read the full article in the October 2023 PlanSponsor>>

PLANSPONSOR is the trusted information and solutions resource for America’s retirement benefits decision-makers.