Last year, two retirement-plan administrators experienced data breaches, and unlike the liability standards for breaches of healthcare plans, which are more certain, Employee Retirement Income Security Act of 1974 (ERISA) liability standards are not clear. In many instances, ERISA fiduciary duty can extend to cybersecurity or data protection. And liability for violations of ERISA fiduciary duties is personal to the individual fiduciary. This article summarizes insights presented by Poyner Spruill, LLP attorneys at a recent Strafford program on the relationship between cybersecurity and ERISA. The panelists looked at recent breaches and litigation involving ERISA plans; evaluated when cybersecurity is a fiduciary duty under ERISA; analyzed whether ERISA preempts state cybersecurity and data-protection laws; and explored how plan sponsors can implement effective cybersecurity measures. See also “Navigating Data Breaches and Regulatory Compliance for Employee Benefit Plans” (Jun. 3, 2015).