• About
  • Join
  • Events
  • Resources
+1 847 692 6378

325 West Touhy Avenue 
Park Ridge, IL 60068 USA

Contact us

Helpful Links

  • For Companies
  • MDRT Store
  • MDRT Foundation
  • MDRT Academy
  • MDRT Center for Field Leadership
  • Media Room

MDRT Chapter Sites

  • Korea
  • Japan
  • Chinese Taiwan

Copyright 2025 Million Dollar Round Table®

DisclaimerPrivacy
Cybersecurity successes

Hertel: We hear about the Home Depots, the Marathon Oils and the big companies getting hacked. But we are low-hanging fruit. We have all of our clients’ most personal information. We have their dates of birth, their maiden names, in some cases, their Social Security numbers, their health records. We have everything, and we don’t necessarily have the IT support that the larger companies have. It really started to keep me up at night as I started to hear more stories from other advisors who were being hacked or whose clients were being spoofed through email or through other means.

What prompted the whole thing was actually, for those of you who attended the Top of the Table meeting last year, a phenomenal speaker on cybersecurity. And then a couple weeks after that speaker, my MDRT book club got together virtually, and we were just all spooked. I thought I was doing everything right. I have an IT guy who’s local; I have an IT guy through my broker-dealer. I do the webinars that my broker-dealer mandates us to do. All the hard work that I’ve put in could literally end if someone hacks me. And so that’s really what scared me into saying, “All right, I need to do more than just the minimum, more than what my broker-dealer is doing, and really take this seriously.”

Rusinoff: How did you figure out what needed to be done next?

Hertel: As you know, there were maybe 10 of us who were on the Zoom call, and you had a friend James who specializes in cybersecurity. James came on with us and opened our eyes, and it went from there. For the past year or so, we’ve been working with James.

Rusinoff: Let’s bring James out now. James Harrison is the founder and CEO of Invisus, an industry pioneering cybersecurity and identity theft protection organization since 2001. As chief strategist from product to visionary for Invisus, James leads the development of the company’s identity theft, cybersecurity and data breach compliance solutions. I’ve worked with James over the course of multiple agencies in my own business, understanding what the cyber compliance issues are and how they’re changing — they’re changing all the time.

Hertel: I think that’s what is challenging to those of us who have small businesses — the affordability. It’s not accessible; it’s not affordable.

Harrison: That’s not an uncommon experience, actually. When somebody gets it and realizes there’s real risk and the wolf is at the door, people take action and move quickly. And that’s exactly what you did.

Rusinoff: She said, “James, I get it. Can you help me, and can I afford it?” And, James, your answer was?

Harrison: I said, “I’m excited to work with you. Yes, we can help. And yes, you can afford it.”

Rusinoff: There were several other Top of the Table members, one of whom was in the back of the room and was in that exact same situation, asking the exact same questions and had come away with the same takeaways. And that’s the fact that we need to be doing something because this is 2022. This is who we are right now, and it’s changing on all levels. It’s changing from a government perspective; it’s changing from an individual perspective and everywhere in between. And the people who are coming after us are changing. What do we look like, James, from where you’re sitting? What does the real data suggest, or why do we even need to be cybersecure?

Harrison: You’ve brought up a number of really important points, but most people whom we interact with, before they become clients, are doing a really good job at the basics. But it’s the basics as of about 10 years ago. It moves so fast, and it changes so often. But I also understand where you’re coming from in that this isn’t your core responsibility. It’s not what you do to make money. Your business is to help other people manage their wealth and grow their wealth and those kinds of things. So cybersecurity comes in from the outside, but most people are doing an adequate job with antivirus, with firewalls, with rudimentary protections. I call them “layers of defense.”

There are two sides to the cybersecurity story: One is the layers of protection, the technologies, which most of us do a fairly decent job with. On the other side sits compliance and the best practices and legal defensibility from a business management perspective. So we all face financial risk, and we all face legal risk. There are a lot of liabilities out there when it comes to cybersecurity because we are stewards of important data. If we don’t take care of that data, then we really have some big problems coming our way eventually.

There are real risks out there that we have to deal with, and the numbers are not in our favor. That number of over $3 million in average data breach costs is actually low. The numbers that have just been released in the last 30 to 60 days put that at over $4.2 million, on average now, for the cost of recovering from a data breach here in the United States. That’s a small- to midsize-business number. It’s way larger for a larger company. It’s very expensive if you have a full-out breach, but I think probably the scariest statistic is one that was published in The Wall Street Journal: Six in 10 don’t survive a breach.

Rusinoff: How many of you know someone who’s been hacked, somebody who’s had a cybersecurity breach? How many of you have had an attempt on your own information? You’ve gotten the phishing email? You’ve had the junk stuff that comes across that’s trying to attack?

Harrison: For most people, that’s a pretty typical experience. I honestly don’t worry too much about that. We can deal with a spam issue or a fake text message.

That’s the stuff that is a layer of defense, like good email security protocol. But if they get through your layers of defense, what happens next is the scary part because then they get access to client data. And once they’ve got access to client data, it’s game over. They have the ability to attempt to steal those funds and wreak havoc with your clients’ personal lives. These layers of defense are not for nothing; you need those.

But the scary stuff happens when money starts going out the door, when people lose. And there are a lot of stories about big losses. It’s a more rare situation, but that’s what’s happening. So these little things that we’re talking about matter, and, ultimately, if you’re targeted, if they want your client data, they’re going to get it. And then that can come back on you in a big way.

Most E&O policies do not have adequate cyber coverage. So if you’re talking about your E&O coverage, don’t count on it. Some have riders that are helpful, but you need stand-alone cyber insurance coverage, and I would say nothing less than $1 million.

Rusinoff: Some commercial package policies will include a rider for an additional amount of cyber. But to James’ point, you should probably be having the conversation with your property and casualty agents specifically about: “These are my cyber risks. I need at least $1 million in coverage. Can I get that through my existing policy, or do I need to buy something that’s stand-alone?”

There are four or five insurance companies out there that will write financial advisors on a stand-alone cyber policy. I know most of my offices will pick up about $1 million for less than $1,000 a year, and they’ll have a $1 million limit of cyber to help manage in the event of an attack or breach. Now, inside that $1 million, things are limited, and it’s not like you’ll have a full $1 million to recover the whole problem, but it’ll definitely go toward helping and maybe keep the doors open instead of closed.

Harrison: That helps with the financial mitigation but not with the reputational risk.

Rusinoff: And it’s not just the reputational risk, right? Because if I have a cyber breach, tell me how that’s going to affect my ability to maybe maintain my license or to stay as a part of FINRA or the SEC or wherever I’m actually conducting my business from a regulatory perspective.

Harrison: If you suffer a breach, there are consequences beyond just a payout to the affected persons. There’s more to it. SEC compliance and the litigation that follows is not fun.

Hertel: I’ve heard directly from people who had breaches and had cyber insurance, and the policies didn’t pay out because the business owner didn’t know they had to get certifications in order for the payout to happen.

Rusinoff: There are qualifying behaviors that you have to typically prove that you’ve taken a certain level of precaution, and then that will allow for the policy to respond in the event of a breach or a hacker.

Harrison: In different industries, it’s different. But in the legal space, there is about a 30 percent claim denial rate for law firms. If you bought your insurance, about 30 percent can’t use it. In the financial industry, it’s not as high, but it might get that high. And it boils down to your behaviors, your best practices and what you are doing to meet the terms of your policy.

Ted RusinoffJames Harrison, CEOJulianne Hertel, CLU, ChFC
Ted Rusinoff
James Harrison, CEO
Julianne Hertel, CLU, ChFC
in Top of the Table Annual MeetingOct 19, 2022

Cybersecurity successes

When it comes to cybersecurity and compliance, it’s important to take action today to protect and grow your business, clients and livelihood. Using real-life examples, the panel digs deep into existing compliance requirements to demonstrate how cybersecurity and proper certification can build trust and loyalty with clients and prospects.
TechnologyRegulatory compliance
‌
‌

Author(s):

Ted Rusinoff

Ted Rusinoff

James Harrison, CEO

James Harrison, CEO

Julianne Hertel, CLU, ChFC

Julianne Hertel, CLU, ChFC