Cybersecurity is a critical issue for nearly every industry. The retirement plan industry is no exception. According to surveys by the Plan Sponsor Council of America (PSCA), just over one-fourth of retirement plan sponsors in the U.S. maintain a written cybersecurity policy. A lack of preparedness for cyberattacks puts trillions of dollars at risk, both in the retirement accounts and the value of participants’ personal information. Plan sponsors have fiduciary and legal duties to protect against cybersecurity breaches. This article outlines the risks plan sponsors may face and provides suggestions for cybersecurity measures to protect plan participants.