Insurance Town Podcast Interviews Brian Edelman, FCI CEO & Cybersecurity Expert

Brian Edelman joined Insurance Town Podcast host, Heath Shearon, onsite at InsureTech Connect 2021 (ITC) for an insightful conversation about cybersecurity in the insurance industry.

 

 

Heath, known as the Mayor of Insurance Town, interviews nationally recognized professionals to glean insights that facilitate insurance industry growth—and he has a great time doing it! In a fast-paced exchange, Heath kicked off the interview by inquiring about Brian Edelman’s background and how he developed passion for protecting private data.

 

 

Brian conveyed that he was a second-generation financial advisor who through working with his financial advisor mother discovered shared instinct to keep client data safe. Since 1995, when he established FCI as a service provider offering cybersecurity compliance enablement technologies & services, Brian has been delivering trusted cybersecurity to the financial services industry.

 

 

Cybersecurity is paramount within financial services and the insurance industry as both handle the most sensitive of client private data. Key points discussed throughout the interview:

 

 

  • SOAR (Security Orchestration, Automation & Response) as a convergence of technologies platform that automates the cybersecurity settings required by regulations

 

  • Unknown devices pose substantial cyber threat; BYODs (bring your own devices) must be securely integrated into systems that access private data

 

  • How FCI secures field offices of enterprises

 

  • Importance of implementing and evidencing cybersecurity processes such as onboarding/decommissioning

 

  • Following regulatory guidance creates a strong cybersecurity program that protects private data and demonstrates due diligence, as opposed to negligence, in the unfortunate event of an incident

 

 


and more!

 

 

Listen to the full interview here: Brian Edelman- Cyber Conversation with FCI Cyber

 

 

Learn more about Insurance Town Podcast

 

 

About ITC Conference:  ITC 2021 took place October 4-6, 2021 in Las Vegas where 6,000 of the industry’s most senior Insurance professionals were in attendance for three days of community, connections, and commerce. ITC 2022 is highly anticipated and will welcome attendees September 20-22, 2022.

 

 

Read a transcript of this interview here:

 

 

Insurance Town Podcast

 

 

Brian Edelman- Cyber Conversation with FCI Cyber

 

 

00:00:11 Host Heath Shearon

 

 

Welcome to Insurance Town. I’m the mayor, Heath Sheeran and I’m the host of this podcast and I’m super excited to be hanging out with you guys today and we’ve got a different episode.

 

 

00:00:20 Host Heath Shearon

 

 

We’re going back to the ITC files. I really wanted to release this episode with my friend Brian Edelman.

 

 

But before we get there, I want to talk to you about. My sponsors a little bit and my title sponsor my main man sponsor the ones who been with me for almost a year now.

 

 

Now Smart Choice. The fastest growing agency network hands down, no lengthy contracts. They have no upfront fees, no monthly fees and no fees at all. They operate completely on a commission split, and that’s only off the contracts that you have through smart choice. They don’t want you to bring all their carriers underneath the umbrella or anything like that. They want to help you and they will. Even work with you to raise your commissions and lower your volume requirements and your premium thresholds and they share in the profit sharing with you and their contingencies and bonuses and all those cool things. Smart Choice just wants to help you. Go to smartchoiceagents.com and check it out. Tell them the mayor sent you, you’ll be glad that you did.

 

 

I also want to talk to you about my good friends over at Cover Desk. They do a phenomenal job with virtual assistance. They know our game, they know what we do. They know the insurance space. They have all the controls in place to help from a security standpoint. They also train very well and they just have an awesome company. They also can help you with projects runs whether it’s book roll or with some new business things or whatever the project maybe through Cover Desk Direct, so there’s several different points of entry into Cover Desk, so go to coverdesk.com. Tell them the mayor sent you’ll be so glad you did. You get a discount as well. Make sure you check that out. Tell Andy that I sent you.

 

 

00:02:22 Host Heath Shearon

 

 

So onto todays show! We’ve got my man Brian Edelman from FCI Cyber. I met this guy at ITC back in October. And I really am glad that I got to have this conversation because it was short conversation, but it was very impactful, and I think what he talks about is something that hits all of us.

 

 

Whether you own an agency or producer or you’re in the carrier world or the association, cyber affects us all. Also, if you play around in the life and health space, or if you’re a financial advisor listening to this show, which I’ve got several of that have emailed me, shout out to you guys.

 

 

So this guy started off working with Northwestern Mutual actually, on their cyber making sure everything was up to code that everything was cool there, so he’s done work with financial advisors and I really think that this conversation is a cool one for you.

 

 

00:03:13 Host Heath Shearon

 

 

So sit back, relax, and enjoy my conversation with Mr. Brian Edelman.

 

 

Ladies and Gentlemen, live again day two of InsureTech Connect. I’m sitting here with good friend now, Brian Edelman, and we’ve gotten to know each other a little bit, and I really wanted to bring him on to talk to you.

 

 

Tell me what was day one [InsureTech Connect conference] like for you? Did you get some accomplishments that you wanted to? Did you get to meet certain people? How was that?

 

 

00:03:41 Brian Edelman

 

 

It was fantastic actually. This is the first time at the conference and I have to say all of the things leading up to the conference were excellent. The application, they let us see who’s attending, allowed us to set up some meetings. We had some meaningful connections already. It is a very well-organized conference for its size. It’s a very large conference and very impressed in the way that they’ve handled the conference.

 

 

00:04:05 Host Heath Shearon

 

 

That’s what shocks me the most, how organized it is. Truly, with 6000 odd people here, whatever it might be, it may be more than 6000, but it’s a lot. It’s pretty organized.

 

 

00:04:14 Brian Edelman

 

 

It’s extremely organized and everybody has been so helpful, and they’ve been really conscious of the safety and security of everybody that’s here. They really did a lot of thinking ahead of time and wanted to make sure that everything was taken care of. So, kudos to the conference, they did a great job, and we will be back.

 

 

00:04:32 Host Heath Shearon

 

 

Look at you using safety and security are you trying to make me take that leap to talking about you there? Is that what that was? [laughs]

 

 

00:04:38 Brian Edelman

 

 

Just trying to help; just doing everything I can help. [laughs]

 

 

00:04:40 Host Heath Shearon

 

 

Helping transitions, I get it. So since you’re ready to talk about it, tell me a little bit about FCI Cyber what you guys are doing, and you know tell me a little bit about your background, what lead you to that.

 

 

00:04:51 Brian Edelman

 

 

Well, my background actually was a second-generation financial advisor. I came into the business when my Mother was one of the first female financial advisors so growing up as a financial advisor, I felt a great obligation to the financial services industry. In 1995 I had an itch to be an entrepreneur and I was very passionate about protecting the private data. My mother and I were working on many billionaires’ estate plans and those billionaires required us to keep that private information safe. When I recognized how important that was it just it just grew a passion for it to make sure that financial advisors were keeping that private information they collect from clients safe and secure.

 

 

00:05:19 Host Heath Shearon

 

 

Oh wow. And that’s become even more of a hotter topic at this later date.

 

 

00:05:36 Host Heath Shearon

 

 

You said you’ve been doing this, did I hear, 25 years?

 

 

00:05:39 Brian Edelman

 

 

Yes over 25 years.

 

 

00:05:40 Host Heath Shearon

 

 

So what did that look like in the earlier days did people look at you like you had two heads when you started talking about cybersecurity?

 

 

00:05:45 Brian Edelman

 

 

Yes, they did at first but the firms that we worked with even back then they would incorporate that in their discussions with their clients. And certainly you know the privacy of these very wealthy people is critical to them because they share information with that adviser that even their kids don’t know about. So we used to get involved and, kudos to my mother to have a different approach to financial services, she had emotional approach to financial services, she knew how our clients felt about their children and that “that information right there” needs to be protected.

 

 

00:06:23 Host Heath Shearon

 

 

Yeah it does. So let me ask you this, what is SOAR, security, orchestration, automation and response. What does that mean?

 

 

00:06:37 Brian Edelman

 

 

So, you know, in working with my mother over the years, if I were to tell her to click a button or to change a setting on a computer, it would never be done right and that is because she’s a financial advisor and not a cybersecurity expert.

 

 

00:06:50 Brian Edelman

 

 

So what we did is we built in automation so that there was consistency behind setting those settings.

 

 

00:06:57 Brian Edelman

 

 

So if I called her up on the phone and hey mom, you need to set up your screen saver settings and lock it, SOAR is simply the automation of the cybersecurity settings that are required by the regulators.

 

 

00:07:08 Host Heath Shearon

 

 

So did you guys come up with SOAR? Is that proprietary to you or is that you know somebody else is that you white labeled?

 

 

00:07:14 Brian Edelman

 

 

No SOAR is actually — you know what we found and it was interesting, you know, being a pioneer in cybersecurity in financial services, there weren’t any names to anything, so a lot of this stuff was, you know, just identifying what we were doing. Turns out that SOAR is a major important component of cybersecurity, and that is that it stands basically for the automation of cybersecurity.

 

 

00:07:44 Host Heath Shearon

 

 

 

Oh wow but is that yours, or no?

 

 

00:07:45 Brian Edelman

 

 

No. It’s a very big space.

 

 

00:07:45 Host Heath Shearon

 

 

I did not know that. Well, I noticed it on your website I thought it was interesting and then you guys also you know as part of that you also work with MFA and secure password stuff like that too, correct?

 

 

00:07:59 Brian Edelman

 

 

Correct. So ultimately what the regulators did is they created a prescriptive requirement for financial advisors to remain safe. Multifactor Authentication is one of those tools. Now what we did is we said, well, you can’t just have these tools independently. How do we create an ecosystem around the cybersecurity so that in essence, it’s simple to deploy because remember, simplicity. If we’re talking about securing financial advisors, if it’s not simple, it’s not going to be done right-they are financial advisors, not cyber experts. So by creating that ecosystem, imagine now you log into a system that looks at your computer and looks for what’s missing, multifactor being one of those prescriptive requirements by the regulators and a very important part of keeping information safe.

 

 

00:08:42 Host Heath Shearon

 

 

So you mentioned financial advisors several times, does that also, you know, include a broader spectrum of maybe insurance agents or people like that that are listening to my show now?

 

 

00:08:53 Brian Edelman

 

 

Right, so the best implementations that we’ve done typically involve the CISO of a financial institution that CISO is watching over the regulations and is creating what they desire the requirements to be out in the field. We then help them to create a decentralized approach so they create security officers in the field so each agency has their own security officer.

 

 

00:09:15 Brian Edelman

 

 

We work very closely with that security officer to help them fulfill on that information security policy. Even though our part of that is endpoint security, we work with them, we built the processes around what they need to do to keep the information safe stemming from that endpoint. So it has to do with when I get a new computer how do I introduce it to our system and when I’m no longer using that computer how do I decommission it properly according to the best practice but also what we’re required to from the regulation.

 

 

00:09:44 Brian Edelman

 

 

So when I say ecosystem, it’s really the enterprise that typically has the systems of private data. All of the magnificent vendors that are here, they all have that private data and the enterprise knows how to secure it within their identity providers and their intranet sites so when they do that, they’ve secured the system. But remember, because we’re using web technology, it’s not like the old days when everything was on a client server approach. People are connecting to those systems with computers that we may or may not know.

 

 

00:10:19 Host Heath Shearon

 

 

  1. So sounds like to me, like you’re kind of a bouncer, you see who gets out or who’s allowed in. Would you see it that way, maybe a bouncer with a velvet rope?

 

 

00:10:29 Brian Edelman

 

 

A combination. Imagine we were a bouncer with a velvet rope that had a great set of clothing so that when you come into the environment that you look like you’re supposed to look when you get inside the club.

 

 

00:10:40 Host Heath Shearon

 

 

OK, so I got you, so you are dress code enforcement and you are bouncer.

 

 

00:10:45 Brian Edelman

 

 

Right. So if they if they don’t look right when they’re coming in, we don’t let him into the club.

 

 

00:10:48 Host Heath Shearon

 

There you go.

 

 

00:10:48 Brian Edelman

 

 

You just simply take them over and get them the right clothes and we give the clothes as part of our service included, so just imagine everybody in that club is properly attired.

 

 

00:10:55 Host Heath Shearon

 

 

There you go. I like it.

 

 

00:10:59 Host Heath Shearon

 

 

Ok so with the pandemic we’ve been through the last little bit we’ve got a lot more people working virtually or working from home and I’ve seen you know, growing up when I was in college we had, BYOB. Now you hear a lot more of that BYOD. Tell me what BYOD is and what you guys are doing with unknown computers versus known computers?

 

 

00:11:22 Brian Edelman

 

And that’s exactly what it is. It’s an unknown computer. One of the biggest risks within financial services is that unknown computer. Because if that unknown computer can access our systems of private data, whether it be an illustration system, a quoting system, you name it, whatever it is, when we’re accessing that enterprise data, if I’m on a device that has the ability to download that private data now that device has to become a known device.

 

00:11:52 Host Heath Shearon

 

That makes sense.

 

00:12:01 Brian Edelman

 

And when you do that, now we can turn around and we’ve created again that that closed ecosystem so it doesn’t require a technician or anybody. Somebody logs in and the system says I don’t know this device and now that it says you have to be a known device, what we’re seeing is that people that we’re using devices that they shouldn’t have, a family computer that everybody logs in the same the same way. So any data that was downloaded, your policy data, or any of the information you’re downloading is available to everybody in that household or the kids are playing games on the computer or you’re at your girlfriends house and you’re using her computer because you need to be able to check your email.

 

 

The minute you connect to an email system that has all that private data, the minute that you would connect to any system, CRM system, that private data-that’s where one of the biggest risks with all these systems are.

 

00:12:44 Brian Edelman

 

So now. What happens is by sending the message that says if you’re using a computer, it better be a dedicated business use computer, a lot of times they turn around and say you know what I don’t want to install anything on this computer–and that’s the right answer.

 

00:12:57 Host Heath Shearon

 

Yeah, definitely. Now some of these examples are pretty easy and cut and dry with unknown versus known. Is there any other you know items you guys educate on or things that you put out there content wise to help some of your clients look for some of these?

 

00:13:12 Brian Edelman

 

Absolutely, as part of the process, there’s policies and procedures that are tied to that device. So a perfect example is, if you’re no longer using a device, do you just shut it off? Well, if you do that at some point do you forget to continue to protect it? You know, what do we do with that device we no longer use? How do we evidence it?

 

00:13:30 Brian Edelman

 

We are in the evidence business and compliance. We’re evidencing that compliance. And, as an independent third party, it also allows us to deal with an independent financial advisory world.

 

00:13:41 Brian Edelman

 

So you look at those requirements and you say, well, can the Home Office do something like this? Well, if they have independent financial advisors and they might have data from other institutions, the answer is you want to have that independent third party FCI.

 

00:13:56 Brian Edelman

 

With our systems, we’re helping to educate those security officers because a CISO has a really big role.

 

00:14:04 Host Heath Shearon

 

A big role, yeah.

 

00:14:04 Brian Edelman

 

They have to watch over, you know, the vendor due diligence at the enterprise. They have to watch over the addition and removal of people that are working for the firm or no longer working with the firm at that big enterprise. You have to deal with user rights and there’s so many things that they have to deal with when it comes to being able to secure the different branch offices that they have, or at their agencies, or whatever you want to call those remote offices is where we’ve helped—we help to make sure that that person at the remote office is trained. For example, a new computer shows up and making sure that it’s good because again things can happen.

 

00:14:41 Brian Edelman

 

Also educating the end users about where they send data to and that’s been a big thing today.

 

00:14:47 Brian Edelman

 

We’re not only today, protecting that device with these safeguards so that if there is a breach, you can show that at least you did what you could do to keep that data safe. But now we’re even talking about data exfiltration. So what that simply means is where is the data going? If I go to a system of private data I log into the Intranet side of my enterprise and I download the data to the computer. Am I allowed to just use any system to deliver that information, or should there be some controls that say if I’m delivering private data that I need to, for example, send it encrypted through email or should I send it through secure OneDrive which maybe I’m getting from Office 365?

 

00:15:42 Brian Edelman

 

So now that we’ve solved the issue around making sure that a device is secure the question after that is, is the end user trained enough to know how to handle that private data?

 

 

00:15:53 Host Heath Shearon

 

 

You know what that sound means we’re to mid roll ad I’m so glad that you’re hanging out with us. I’m with Brian Edelman, I really hope this conversation is one that you’re enjoying and I hate to break in on such a small conversation or a short conversation but it’s very important that I talk about now. My newest sponsor in agency performance partners. They’ve got a new course coming out in January of 2022 on hiring onboarding and retaining your staff. Wow, has that been an issue that’s come up and something hit the mailbag with me personally and agencies I’ve worked with not just in the past year but several years and that’s hiring and onboarding and keeping your staff and the culture in an agency. And this course breaks down everything from where to post your jobs to, how to interview. Do you know how to write that job description to the culture in your agency? All of those things, and it gets into retaining your staff and how you can do that better. And on boarding, you know that’s another thing we talk about on boarding experience for your clients, but we don’t. You know, sometimes we neglect the on boarding of your new hires so that’s something else discussed in this course put out by AP so make sure you check that out. If you sign up quickly during the launch phase, you’ll get a significant discount, a significant discount, so you can also check out the discount by using discount code Heath, so make sure you put that in to check out as well when you talk to them over at agency performance partners, go to agencyperformancepartners.com.

 

00:17:28 Host Heath Shearon

 

Check it out. My other phenomenal sponsors here on this show that I’m so thankful. Canopy Connect your one click solution to getting the deck pages that you need to quote your prospect. They do a phenomenal phenomenal, phenomenal job and I cannot tell you enough each and every week, hands down, I hear the most about all of my sponsors, but the most I hear about can be connect because they do such a good job and it’s so affordable and it can help any agency if you’re involved in personal lines or you’re trying to grow in that area. This is a game changer and they’re integrating with so many AMS systems, integrating with so many different tech vendors and things going on out there, Toga, Robert, Casey all the developers in the team, and they’re all phenomenal people to work with. Go to usecanopy.com\heath Get a hefty discount schedule a demo. Check out the videos I’ve put out there to help. It’s phenomenal. I love working with Canopy Connect and all my sponsors, but let’s get back to this show.

 

 

00:18:37 Host Heath Shearon

 

 

I’ve worked for different carriers over the years. There’s always a big emphasis, at least last four or five years on taking all these courses you know to protect, and I was really bad about, you know, opening emails that I shouldn’t have phishing like that.

 

 

00:18:51 Brian Edelman

 

It’s easy, they’re so good.

 

00:18:52 Host Heath Shearon

 

Yeah, they’re really good.

 

00:18:54 Brian Edelman

 

Bad actors have gotten so good.

 

00:19:01 Host Heath Shearon

 

It’s so they make it look like it’s email from an actual client or from my boss, or from Brian Edelman. It’s really not from Brian Edelman.

 

00:19:02 Brian Edelman

 

Right, and you know, it’s scary for the end user that falls for it, so they don’t want to report it because now all of a sudden they don’t want to look like oh, I shouldn’t have done that and they try to go back in time.

 

00:19:06 Host Heath Shearon

 

Every single time.

 

00:19:14 Brian Edelman

 

They just wish they could go back in time and not click the link that they just did and watch the computer just have some flash on it and go I shouldn’t have done that.

 

00:19:22 Brian Edelman

 

So the key is then to create that ecosystem and that environment of education that says when that happens, who should I go to? Now, you don’t want them going to the CISO of a major enterprise. You want them going to the field CISO, you want them going to somebody within that group that knows what to do.

 

00:19:43 Brian Edelman

 

And that’s really, you know. Where that you know, being in charge of making sure that those endpoints are secure, we also get involved in assisting them with our understanding of what those regulatory requirements are.

 

00:19:55 Host Heath Shearon

 

And that was, you know, my next question would be, if you know, we have all the safeguards in place if there is somehow a breach or something that happens where you guys step in and where do you help out in that? What kind of advice might you give to agents or financial advisors to prevent some of these cases?

 

00:20:11 Brian Edelman

 

Well we’re a pre-breach firm so we don’t we don’t get paid for post breach.

 

00:20:15 Brian Edelman

 

So therefore, we’re also the most independent post breach that there is because we’re not making extra money because somebody had a breach.

 

00:20:22 Brian Edelman

 

Our belief is if you follow the regulatory requirements—and they’re great—they did a great job. NIST, which is the national framework for cybersecurity that they created a couple years ago that many of the financial regulators have adopted, is terrific. It really is a game plan to keep everything safe, which talks about everything from information security policies to protecting the devices to you name it. It’s a framework that tells them exactly what to do and it’s been very effective.

 

00:20:54 Brian Edelman

 

The reality is with the amount of people that we protect and the fact that the percentage of breaches that take place in our environment is so small and we have 10s of thousands of parties that we’re responsible for and because they know to reach out to that security officer because that security officer knows to reach out to us because we’re providing a monitoring service for cybersecurity that tells them most of the time we already know and have prevented that when they clicked on that link they didn’t get to that bad actors website.

 

00:21:25 Brian Edelman

 

But the bad actors have gotten that good.

 

00:21:27 Host Heath Shearon

 

They’ve gotten real good. It’s very scary.

 

00:21:33 Host Heath Shearon

 

So glad there’s companies out there like you guys that are educating and helping in our space in the financial advisor space. And I’m glad that passions carried over from your mom even, going back that far, the financial advising and I hope there’s more people like you to continue to come along, you know, that want to help us out there to protect us.

 

00:21:50 Brian Edelman

 

Anybody selling insurance investments, planning, you know those items are so critically important to families.

 

00:21:58 Heath Shearon

 

Families, yep.

 

00:21:59 Brian Edelman

 

And that’s really, you know, what it’s about. It’s about making sure that those families are safe and secure. And they are doing it through their financial tools and then when they get this cyber piece of it and think of the customer that when you can talk about how you’re protecting their private data, it creates a separation, right? So do you want to work with an advisor that’s keeping your information safe, or do you want to work with an advisor that’s sitting there with your private information open on a desk for let’s say for the cleaning service to take pictures and open up a bank account and start creating some fraud.

 

00:22:33 Host Heath Shearon

 

Yeah my wife, you know, had the cyber insurance taken care of as she was supposed to, she was a victim of that several years back and it completely ruined so many things and it’s a day that’s just well, awful.

 

00:22:52 Brian Edelman

 

The post breach is ugh—and that’s why we assist and we do it complimentary for our clients. We’re dealing with a situation right now, and we’re dealing with situations all the time. Right now, we’re dealing with one of the challenges, IT teams taking on cyber when they’re not versed in financial services and cyber. They’re not bad or wrong it’s just a different discipline.

 

00:23:08 Brian Edelman

 

 

You know, I used to be a life insurance sales guy. Did that make me qualified to sell commercial insurance? No, I bring an expert in for that. Right? So, we’re used to that in the industry. Yet because technology is this this mystery box, people don’t realize how important it is to have that expertise in separation.

 

 

00:23:27 Brian Edelman

 

 

So in this particular case, you have an IT firm and a bad actor and somebody clicked on an email. It always seems to start that way and the IT team decided it was a good idea to delete the origination email and all too often the IT teams delete all the evidence that we need in order to assist a client, so our pre breach responsibility is around evidence and the more evidence that we can provide to a post breach firm, whether it be the insurance company that’s hiring people or whatever it is, that helps them to create a better outcome for our client because we prepared that pre breach package in a way that allows for even the FBI to come in and multiple occasions the FBI has. We have 100% success rate with the FBI in recovering money, and it’s because of two things. One is timing; we get them all the things that they need you know in order to be able to pursue the dollars and it’s about timing because the longer that they have access to your systems, the more damage they can do.

 

 

00:24:33 Brian Edelman

 

 

Second, we get that that package to the post breach where they could then execute and limit, for example, in this particular case, this morning, the IT firm wanted to delete the computer that had the evidence on what was exposed.

 

 

00:24:51 Host Heath Shearon

 

 

You can’t do that.

 

 

00:24:54 Brian Edelman

 

 

Well if you do, it becomes a full breach which means every client needs to be notified. Now that might be good for the post breach firm and make them happy but the customer is not very happy that everybody had to be notified even though it could have only affected three or four people.

 

 

00:25:03 Host Heath Shearon

 

 

Well, that letter, that notification that goes out is that it’s a scary letter. You know you get phone calls like wait, what, you were breached? You got my information. What do I need to do? And they freak out. We had to field a lot of those calls several years back it’s just you know, a scary feeling for the person who got this stuff you know, taken from a from the agent or financial advisor.

 

 

00:25:26 Host Heath Shearon

 

 

It’s not a good day when you have a cyber breach.

 

 

00:25:28 Brian Edelman

 

 

And prior to all of this. Everybody was taking their chances right? Who’s going to catch me, you know?. And now all of a sudden you have to say to yourself, do you want to be in that situation?

 

 

00:25:45 Brian Edelman

 

 

So the absence of the requirements by the regulators are twofold. One is if you follow their guidance, you’ll have all of the things in place that would demonstrate that you have a culture of cybersecurity and that you’re trying to protect that data, which means you’re not negligible.

 

 

00:25:59 Brian Edelman

 

 

Before a couple years ago, they [regulators] weren’t very prescriptive, they just said things like keep the information safe, and then you can’t be deemed negligent if that’s the case because it’s left to interpretation.

 

 

00:26:09 Brian Edelman

 

 

Today, they switched to prescriptive, so now the regulators are very prescriptive, they tell you what you have to do and the evidence is required and the insurance companies, the cyber insurance companies, also ask for evidence-not at the time they accept premiums-they’re very smart like that, I’ll give them credit. At the time you accept an application for insurance, the representations made, I have to assume they’re correct because the guy is going to give me a check and I’m going get a commission. But the reality is, it’s the client’s responsibility when they make the representation like “all our devices are encrypted” I see that on the applications all the time that all your devices are encrypted, you had better take that evidence of every representation you make about cyber and keep it with that application for insurance to make sure that that carrier will #1 participate in your post breach response. Secondly, the more comprehensive a pre breach package Is given to that post breach firm the less likely they’re going to send that notification to every single client, so it’s that combination.

 

 

00:27:18 Host Heath Shearon

 

 

You know, it’s pretty solid, so it’s going through I think I’ve gone through most of my notes, which is good. Is there anything that we’ve left out? Anything that you wanted to share a passion of yours that you wanted to get out there that we didn’t talk about yet?

 

 

00:27:36 Brian Edelman

 

 

When it comes to cybersecurity, it’s not I do some of my devices. It’s an all or nothing game and that means that it’s important for us to know all of the devices that connect to the private data and that they’re controlled, so it’s an absolute. And it’s important for people to know that, so you can’t just say well, some of my computers are encrypted, but some aren’t. They don’t ask that. They want to know that they’re all encrypted. They want to know that they’re all protected, so I want everyone to know that it is an all. And there’s a lot of components to cyber, it’s training, and that’s an important component. It’s the tools to keep them safe, it’s the efforts that they make at the enterprise, but we help them bring it down to the field.

 

 

00:28:19 Host Heath Shearon

 

 

Ok, thank you for sharing and thank you for hanging out with us today. I enjoyed every bit of it. We got into some good stuff and you going to be here in the rest of the week?

 

 

00:28:32 Brian Edelman

 

 

I’m going to be here the rest of the week.

 

 

00:29:34 Host Heath Shearon

 

 

If someone listening wanted to get more information or learn more or be involved more with FCI Cyber, tell them you know how they could do that and if they could reach out to you.

 

 

00:29:46 Brian Edelman

 

 

The best way, we keep it simple, is send us an email [email protected]

 

 

00:29:54 Host Heath Shearon

 

 

Perfect. And then, let’s see, you guys, were featured on CNBC and some other places like that?

 

 

00:30:00 Brian Edelman

 

 

We are featured on CNBC. We are doing what we can to make sure that we can help the industry be safe and secure.

 

 

00:30:17 Host Heath Shearon

 

 

I’m glad you guys exist to help our industry and you know, protect advisors, just protecting us in general.

 

 

00:30:22 Host Heath Shearon

 

 

Thank you again, I appreciate everything you’re doing.

 

 

00:30:26 Brian Edelman

 

 

Thanks for having me.

 

 

00:30:27 Host Heath Shearon

 

 

Yeah, definitely, and hope you have a good time the rest of your week.

 

 

00:30:32 Host Heath Shearon

 

 

Thank you, thank you, thank you so much guys for hanging out with me and Brian Edelman today. What a cool conversation that we had.

 

 

00:30:41 Host Heath Shearon

 

And so thankful for partnership with ITC and I look forward to that again next year and I hope some of you guys will join me. It’s an incredible conference.

 

 

00:30:54 Host Heath Shearon

 

 

I really hope the conversation that we had helped you become a better insurance professional.