Cybercrime incidents are costly and nearly unavoidable. Successful incidents can paralyze an employer's physical and remote operations, compromise confidential information of the organization and result in costly mitigation activities. Employee benefit plans are particularly susceptible to cybercrime due to the large volume of transactions they conduct, the value of their suspense accounts and investment portfolios, and the range of access rights they grant. However, there are proactive measures that can insulate employers from these outcomes. HIPAA, along with other privacy-related laws and regulations, offers a roadmap for building an employer's cyber defense strategy.