Josephine Cicchetti

Phone: (202) 230-5230 (202) 230-5230


Josephine Cicchetti is a corporate and securities lawyer who works extensively within the insurance industry. In addition, for the past several years, Jo’s focus has included emerging securities, privacy, cybersecurity, and insurance regulatory issues. She has represented insurance companies, producers, third-party administrators, investment managers, broker-dealers, and other insurance market participants.

Jo has extensive experience counseling clients in their development and distribution of fixed and variable insurance products. She has more than 20 years of involvement with clients engaged in the corporate, high-net-worth, and retirement markets, which include COLI, BOLI, IOLI, 401(k), 457, and 403(b). She also supports clients as they navigate corporate governance, vendor management, auditing, and compliance matters relating to insurance and investment products. In addition, Jo has worked with her colleagues in the formulation of strategies for resolution of market conduct, SEC examinations, and litigation disputes.

As Lead Lawyer of the firm’s Insurance Privacy and Cybersecurity team, Jo guides its efforts to provide data privacy and cybersecurity guidance to clients. In her active data privacy and security practice, Jo advises clients on applicable regulatory and current best practices in data privacy and breach response, as well as assisting in security incident management and response. She also counsels clients regarding cybersecurity insurance. Jo is Chair of the Insured Retirement Institute’s Cybersecurity Task Force.

Jo brings to each engagement skills and experience from a diverse background in the law, which includes general corporate, public and private offerings, mergers and acquisitions, reinsurance transactions, stable value products, securities regulation, investment management, and broker-dealer and state insurance regulation. She also has managed large teams of lawyers to conduct risk assessments and best practices reviews for her clients.


  • Panelist, "Emerging Cybersecurity Threats within Financial Services," SIFMA Internal Audit Annual Conference – Audit and Risk 20/20: Our Vision for the Future, Miami, FL (October 27-30, 2019) 
  • Keynote Speaker, "Legal and Regulatory Overview and Update," The Tax and Regulatory-Efficient Asset Allocation Conference (TRAAC), Naples, Florida (September 18-20, 2019) 
  • "Legal and Ethical Issues Impacting Cyber Defense Planning and Response: What the Board Should Know," ARMA INFORM Conference, Princeton, NJ (June 12-13, 2019)
  • "Re-Imagining Information Exchange in a Cyber Concerned World," IRI ACTION19, Washington, DC (May 15-16, 2019)
  • "Cybersecurity: Status of Regulatory Compliance," LIMRA Regulatory Compliance Exchange, Nashville, TN (April 2019)
  • "Evolving Third-Party Cyber Liability," 2019 Cat Risk Management Conference: The Future of Catastrophe Management – 2020 and Beyond, Reinsurance Association of America (RAA), Orlando, FL (February 25-28, 2019)
  • "Disruptive Technologies in the Life Insurance Industry," 36th Annual Advanced ALI CLE Conference on Life Insurance Company Products, Washington (November 9, 2018)
  • "Panel Discussion: Effect of Tax Reform on COLI/BOLI Market in 2018 and Beyond: Including DAC Change, Reserving Deductions, Mortality Table Change, Reinsurance, BOLI Transfer for Value, NAIC SAPWG, and Other Issues,"  National COLI Directors Meeting, New York (November 8, 2018)
  • "Cybersecurity and Increased Liabilities for Insured Data," National COLI Directors Meeting, New York (November 8, 2018)
  • "Protecting Consumers Against Cyber Threats in the Digital Age," IRI VISION2018 Conference, White Sulphur Springs, WV (September 25, 2018)
  • "Responding to Growing Threats: How the Retirement Income Industry Is Fighting to Protect Older Investors," IRI VISION2018 Conference, White Sulphur Springs, WV (September 25, 2018)
  • "Insurer Cyber Risk: Guarding Your Galaxy," PCI General Counsel Seminar, Cambridge, MA (September 24, 2018)
  • "The Changing Nature of Cyber Insurance," Reinsurance Association of America (RAA) Re Claims Conference, New York (July 18, 2018)
  • "Cybersecurity," ACLI Compliance & Legal Sections Annual Meeting, White Sulphur Springs, WV (July 12, 2018)
  • "Cybersecurity Update: When the Rubber Hits the Road," IRI ACTION18 Conference, Washington (May 9, 2018)
  • "Securing Health Information: Third-Party Risk," Fundamentals of Privacy Law (PLI), New York (December 2017)
  • "Cybersecurity Update: Managing Regulatory Challenges," IRI Government, Legal and Regulatory Conference, Washington (June 2017)
  • "Enterprise Risk Management and Regulatory Roundtable: Regulatory Priorities and Responses for 2017 and Beyond," ACI National Advanced Forum on Life Insurance Litigation, Regulatory Enforcement & Enterprise Risk Management, New York (April 19, 2017)
  • "Cybersecurity: Managing Third-Party Risk," Product Liability Advisory Council (PLAC) Fall Conference, Colorado Springs, CO (October 6, 2016)
  • Insured Retirement Institute (IRI) Cybersecurity Forum, Washington (July 19, 2016)
  • "Latest Developments in Cybersecurity Risk and Regulation," Insured Retirement Institute (IRI) Government, Legal & Regulatory Conference, Washington (June 7, 2016)
  • "Enterprise Risk Management and Cybersecurity Risk Mitigation: Best Practices for Life Insurers," ACI National Advanced Forum on Life Insurance Litigation, Regulatory Enforcement & ERM, New York (January 25, 2016)
  • "Breach Preparation Matters and Breach Response," Client Focus Forum, Denver (October 2015)
  • "IRI Cybersecurity Forum," Insured Retirement Institutes Annual Government, Legal and Regulatory Conference, Washington (July 2015)
  • Lecturer, ALI-ABA, ABA and Society of Actuaries programs addressing life insurance product and insurance regulatory issues “Advanced Forum on Key Litigation and Regulatory Issues Impacting the Financial Services Industry” (December 2012)
  • "Update on Insurance Product Private Placements," ALI-­ABA (November 2011)
  • "Broker­-Dealer Networking Arrangements and Regulation D Proposals," National COLI Directors (November 2007)
  • "Broad­ Based Leveraged Corporate-Owned Life Insurance: An Emerging Issue; In Defense of COLI," ABA Conference (April 2005)
  • Fighting Fraud with Biometrics in the Life Insurance, The Practical Lawyer (February 2019) and coauthored with Gail Kamal
  • In California, a New Era in U.S. Privacy (October 8, 2018)
  • California Passes Stringent Privacy Law Akin to GDPR (July 25, 2018)
  • South Carolina First State to Adopt NAIC Insurance Data Security Model Law (July 17, 2018)
  • Almost There! South Carolina on Course to Become First State to Adopt NAIC Insurance Data Security Model Law (May 4, 2018)
  • When Innovation Meets Regulation: Insurtech and State Licensing Laws (April 6, 2018)
  • Beyond the European Union: How the GDPR Affects US Companies (February 21, 2018)
  • When Innovation Meets Regulation (January 11, 2018)
  • NAIC Insurance Data Security Model Law – States are Next (October 26, 2017)
  • Securing Health Information: Third-Party Risk; Practical Law Institute (October 12, 2017)
  • OCIE Lessons From Cybersecurity 2 Initiative (October 9, 2017)
  • New York DFS Tightens Cybersecurity Gaps (September 26, 2017)
  • NAIC Cybersecurity Work Group Votes to Approve Insurance Data Security Model Law (August 15, 2017)
  • Fintech Firm Shut Down and Fined by the FTC (July 20, 2017)
  • New York DFS Requests Information on Use of External Consumer Data and Information Sources in Life Insurance Underwriting (July 12, 2017)
  • Colorado Set to Regulate Cybersecurity Practices of Broker-Dealers and Investment Advisers (July 5, 2017)
  • Sprouting Activity at the NAIC (April 12, 2017)
  • Regulators Demand Third-Party Risk Management (April 10, 2017)
  • Scratching the Surface: The FTC’s Phishing Tips for Victim Companies are a Good First Step but Companies Should Not Stop There (March 22, 2017)
  • NY DFS Proposed Cybersecurity Regulations Revised and Implementation Delayed (January 20, 2017)
  • Cybersecurity Still Top FINRA Operational Risk (January 17, 2017)
  • FINRA Focus on Cybersecurity Continues (January 5, 2017)
  • There’s No Flying Under the Radar:  Why Small Businesses Should Get Smart About Information Security (December 5, 2016)
  • What You Must Know About New York’s Proposed Cybersecurity Regulation for the Banking, Insurance, and Financial Services Sectors (October 17, 2016)
  • NAIC Cybersecurity Task Force Weighs Credit Freezes (August 2, 2016)
  • Recognitions

    The Association of Life Insurance Counsel (ALIC)

    Cybersecurity Task Force of the Insured Retirement Institute (IRI), Chair

    Past Certified Insurance Marketplace Standards Association Assessor

    South Florida Business Journal, Influential Business Women Award, 2019

    Awards Methodology (


    Bar Admissions

    • District of Columbia
    • Florida


    • Georgetown University, J.D., Associate Editor, The American Criminal Law Review
    • St. Joseph College, B.A., Trustee Scholar


    • International Association of Privacy Professionals (IAPP)
    • American Bar Association
    • Women’s Chamber of Commerce