In this episode of CHATTINN CYBER, Marc Schein interviews Joseph J. Lazzarotti, Principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits their Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer focused on compliance, Joseph also is a member of the firm’s Employee Benefits practice group. During the conversation, Marc and Joseph explore the latter’s insightful cybersecurity journey, Jackson Lewis’s growth and service offerings, and the importance of better client-service provider rapport in cyber insurance.
Joseph started at Jackson Lewis in the early 2000s as an ERISA and tax attorney doing employee benefits work. At the same time, the HIPAA Privacy and Security Rules and the first data breach notification law in California were passed, which piqued Joseph’s interest. It led him to investigate cyber security issues for clients, and he gradually built a growing team around it.
Jackson Lewis stands as a forerunner in insurance panels with a fair advantage of deep experience dealing with carriers. They understand the rate pressures, the need for responsiveness, the process of doing insured work, and encourage meaningful customer relationships.
Over the years, clients have started to become more engaged in buying cyber insurance. Though one could attribute it to a contractual obligation, they’re mainly concerned about dependent business interruption from a cyber incident. To help with that, Joseph advises firms to examine the coverages, risks, retention, coinsurance, and related aspects to better understand the client business and help them achieve their sayings wisely.
Interestingly, people tend to have a good relationship with their brokers on the health plan side. Joseph hints at how the trend is gradually setting in in cyberspace as more cyber firms are working on building better client relationships by assessing and handing policies that genuinely benefit them.
Further in the dialogue, Marc and Joseph discuss cyber compliance and its ever-changing landscape. Though the term has existed for a long time, it has continually evolved with new amendments to cyber laws and acts and varies from institution to institution. It’s necessary to comply with any regulations, for non-compliance can impact your reputation.
“Compliance is a great word, and it means different things to different people. Some people, when they hear compliance, they’re like, well, if we’re 80% of the way there, that’s good enough, that’s compliant.”
“Compliance also means doing all the things that you need to do with respect to the regulatory environment in which you’re in. And for different companies, that means different things.”
“You may not be able to make information available to your customers, you may impact your reputation, all of that also plays into compliance in the sense that if we comply with a reasonable set of safeguards, we can really save our business.”
“What’s interesting there is this personal liability, potentially, right with fiduciary obligations under ERISA for companies that don’t do that, for individuals who don’t meet their fiduciary role, as well as on the other side for advisors and other entities that service plans.”
[00:43] – Joseph’s entrepreneurial journey
[03:43] – Where to contact Joseph
[05:17] – Advice around insurance coverage for clients
[12:33] – Cyber compliance amid the rapidly changing organizational landscape
Connect with Joseph: