Beware Of Cybersecurity Risks And How To Implement Regulatory Compliant Solutions

Protecting your data, implementing cybersecurity and preventing attackers who commit fraud is essential to staying in business. There are stricter security compliance requirements needed to be implemented this year in the financial and insurance industry. In this article, you will learn about the seriousness of the vulnerability of your business and necessary security solutions.

Preventing Fraud Attacks
According to the 2022 LexisNexis Global State of Fraud and Identity report, fraud attacks are following the growth of the digital economy in almost lock step, with fraudsters seeking out new vulnerabilities to exploit. Some notable learnings from the report include:

  • One in every 12 account creations represents an attack.
  • Although bot attack volume increased across all touchpoints of the customer journey, there has been a massive 247 percent increase in automated attacks focused on password resets.
  • Organizations that cannot link consumers across the dimensions of physical, digital and behavioral identity will find it more difficult to thwart synthetic and stolen identity fraud on a global scale. In one example cited, LexisNexis Risk Solutions identified a fraud ring leveraging 63 unique phone numbers and physical locations tied back to seven IP addresses and one email.
  • Social engineering attacks are among the fastest growing cybersecurity threats in both developed and emerging markets. Conventional fraud controls that use IP addresses, device and network attributes are less effective on their own to thwart these scams. Adding multiple prevention tactics, such as behavioral biometrics layered with device and digital identity data elements, offers a stronger defense against fraud.

LexisNexis Risk Solutions has made substantial investments in bringing together a world-class fraud and identity platform, including an award winning ThreatMetrix repository of global digital transaction intelligence that provides insights on more than 1.4 billion unique digital identities. Their new Emailage for Insurance solution uses email intelligence as a core risk identifier and provides a holistic email risk score and confidence analysis during various stages of the insurance policy lifecycle.

It’s clear that fraud is here to stay, and as the digital landscape continues to evolve, so will bad actors’ tactics. At LexisNexis Risk Solutions, they believe that a shared intelligence network that uses contextualized data linking insights from digital, physical and behavioral elements and shared risk events across the community is a powerful tool for preventing fraud.
Organizations that avail themselves of the latest technologies and stay on top of emerging trends will be best positioned to fight fraud now and in the future. Adopting solutions that are flexible, scalable and adaptable should help insurers stay ahead of ever-changing fraud vectors. Implemented correctly, these solutions can also be used to enrich customer experience and satisfaction, ultimately driving top line revenue.

Data Security and eSignature Compliance
Paperclip Inc., as provider of innovative solutions to the broker community, recognizes that there is a large gap between meeting cybersecurity compliance and true cybersecurity. Compliance consists of recommendations and mandates around best practices. It’s impossible for compliance bodies to account for the intricate nuances of each business operation. The goal of compliance is to guide an organization to implementing solid, measurable foundations. Like a house, you don’t stop building once the foundation is poured.

When we asked Mike Bridges, president and COO of Paperclip, “How would you explain Paperclip’s position on compliance vs. security?” he explained: “Paperclip is a lot like the companies we service. We have core compliance requirements for securing the terabytes of critical data and documents we manage. A little over six years ago, Paperclip found that the compliance requirements around encryption just weren’t enough. We saw how too many companies with minimal (compliance) required encryption at rest and in transit protection were suffering large, sometimes catastrophic data theft and ransomware attacks. Like those companies, we checked all the compliance checkboxes. We had to do more to secure the high-value, critical data. We had to make sure searchable data always remained encrypted.”

Mike continued, “This led to the creation of our Paperclip SAFE® encryption-in-use solution. SAFE was initially designed to provide a higher level of security for our internal clients. Understanding that Paperclip wasn’t unique and other companies were faced with the same challenge, we released Paperclip SAFE® to the commercial market. We have a similar story behind our new eM4® Proof of Agreement solution. In short, our clients asked for a better, more cost-effective e-signature solution they could use across a larger array of critical assets that require proof of agreement and tracking.”

Paperclip is now heavily focused on the growth of compliance controls around Privacy and Zero Trust. Many companies look at these changing compliance requirements as standalone concerns. That’s the way most of the compliance documentation is written. In reality, you can’t have Privacy or Zero Trust if you can’t secure the most sensitive data. “Paperclip has deliberately built Paperclip SAFE® and eM4® to align with both compliance requirements and robust Privacy and Zero Trust programs as well,” concludes Bridges. To learn more about SAFE, visit

Regulatory Requirements for a Cybersecurity Program in Financial Services
Cybersecurity is of critical importance in the financial services industry due to the sensitive nature of the data being handled and the regulations that the industry is subject to. Financial institutions are entrusted with their customers’ personal and financial information, and a breach of that information could lead to severe consequences for the institution and the individuals affected

Regulatory bodies such as the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), and the New York Department of Financial Services (NYDFS) have established strict guidelines and requirements for cybersecurity in the financial sector to protect consumers and ensure the integrity of the financial system.

All regulations require financial institutions under their jurisdiction to implement a cybersecurity program that includes safeguards, vendor due diligence, risk assessments, employee training, and incident response plans. Most regulations also require annual certification of the cybersecurity program by a senior officer and the completion of regular penetration testing and vulnerability assessments.

The SEC has also issued guidance on cybersecurity for public companies, stating that they must disclose material cybersecurity risks and incidents in their financial filings. This is important as it ensures that investors have the necessary information to make informed decisions about the companies they invest in.

FINRA has issued similar guidance for broker-dealers and investment firms, stating that they must have policies and procedures to protect customer information and prevent, detect, and respond to cyber threats. This includes implementing safeguards such as endpoint protection, firewalls, secure passwords, and regular system updates.

In addition to meeting regulatory requirements, having a solid cybersecurity program is vital for financial institutions to maintain the trust of their customers. A breach of customer information could lead to loss of business and damage to a company’s reputation which can be challenging to recover from. Overall, having a cybersecurity program in the financial services industry cannot be overstated. It is essential for meeting regulatory requirements, protecting sensitive customer information, and maintaining customer confidence. Financial institutions must prioritize cybersecurity to ensure the security and stability of the financial system.
FCI’s cyber experts can provide a free audit of your network. Another area critical to your agency is endpoint security. Most advisors are connecting to your agency/firm site using their mobile devices, which exposes risk to personal information data. You can learn more by visiting

Ken Leibow is founder and CEO of InsurTech Express. He brings more than 36 years of insurance industry experience with an extensive background in insurance technology for distribution and back office systems.

Prior to founding InsurTech Express, Leibow worked for Genworth Financial, Mutual of Omaha, and as vice president of operations at Diversified Underwriters Services, Inc. As COO of Integrated Insurance Technologies, he built the largest life insurance data exchange hub in the industry, processing over one million policies per year and $30 billion of annuities (now owned by Oracle, Inc.). Some of the key initiatives he implemented include innovation in quoting and illustration tools, CRM’s, agency management systems, eApp platforms and ePolicy Delivery for long term care, life insurance and annuities.

Leibow is a leader for industry technology standards, working with ACORD, LDTC, LIDMA, NAILBA, LIMRA, LOMA and IRI. In 2019, he was appointed to sit on the ACLI Innovation Committee. He is on the ACORD Life & Annuity Program Advisory Council and won the ACORD Leadership Award in 2022 and ACORD Community 50th Anniversary Award in 2020. He is a past winner of the NAILBA Chairman’s Award and NAILBA’s ID20 Award. In 2022, he was the winner of the LIDMA Innovation Award.

Leibow can be reached by telephone at 402-740-7356. Email: