Massachusetts’ insurance sector includes regional carriers, global specialty insurers, mutual life providers, and fast-growing insurtech platforms. These organizations manage vast volumes of policyholder data, underwriting analytics, claims systems, and third-party ecosystems—all within tightly regulated environments. Cybersecurity leaders in insurance must balance operational resilience, regulatory alignment, and digital modernization while safeguarding customer trust and long-tail financial risk exposure.
Thomas Johnson — Chief Information Security Officer, IT Infrastructure Operations, The Norfolk & Dedham Group
Thomas Johnson leads information security and infrastructure operations at The Norfolk & Dedham Group, building on a long tenure in enterprise IT leadership across the insurance sector. His progression from infrastructure and enterprise services roles into the CISO position reflects deep operational grounding. He focuses on strengthening core infrastructure security, aligning IT operations with evolving risk demands, and ensuring stable, secure service delivery for policyholders.
Tom Kane — Chief Information Security Officer and Director of Infrastructure, Boston Mutual Life Insurance
Tom Kane brings over 30 years of hands-on experience in IT operations, cybersecurity, cloud migration, and business continuity. As CISO and Director of Infrastructure at Boston Mutual Life Insurance, he emphasizes scalable, resilient systems that support growth while maintaining regulatory compliance. His leadership blends modernization initiatives with strong infrastructure discipline to ensure technology both enables and defends core insurance operations.
James Jervey — Senior Vice President and Chief Information Security Officer, Berkshire Hathaway Specialty Insurance
James Jervey is a seasoned executive with more than 25 years of experience building high-performing security and IT organizations. As Senior Vice President and CISO at Berkshire Hathaway Specialty Insurance, he drives cybersecurity strategy, governance, risk management, and cloud transformation efforts. His expertise spans regulatory engagement, infrastructure operations, vendor management, and enterprise-wide program leadership, aligning security maturity with global business growth.
Tony Faria — Chief Information Security Officer, Point32Health
Tony Faria is a business-oriented cybersecurity and risk executive accountable to boards, regulators, and executive leadership for enterprise-wide security programs. At Point32Health, he oversees IT security, application security, third-party risk, business continuity, disaster recovery, and regulatory alignment across multiple frameworks including GLBA, FFIEC, GDPR, PCI DSS, and NIST. Recognized as an industry leader, he combines governance rigor with innovative assessment methodologies to strengthen enterprise resilience.
Jonathan Hughes — Chief Information Security Officer, American Family Insurance
Jonathan Hughes leads cybersecurity strategy at American Family Insurance, following a career spanning security architecture, transformation, and technology strategy roles. His background includes advisory experience and enterprise security engineering, supporting a structured and transformation-focused approach to modernizing insurance cybersecurity programs. He aligns technology strategy, operational integration, and security transformation to reinforce organizational resilience.
Yan Klyachman — Chief Information Security Officer, InsurePay
Yan Klyachman serves as CISO at InsurePay, an insurtech billing and payments provider specializing in Pay-As-You-Go solutions for property and casualty markets. In a SaaS-driven environment processing high volumes of billing transactions, he focuses on securing payment flows, protecting sensitive payroll integrations, and maintaining platform integrity. His role reflects the growing importance of cybersecurity leadership within insurance-adjacent fintech ecosystems.
Chris Cassino — Vice President of Information Technology and Chief Information Security Officer, Cobalt Benefits Group
Chris Cassino oversees both IT strategy and cybersecurity at Cobalt Benefits Group, aligning infrastructure modernization with risk management and compliance objectives. With over 20 years of experience across data centers, managed IT, telephony, cloud services, and mobility, he drives continuous improvement initiatives while strengthening security operations. His dual IT and CISO leadership supports secure benefit administration services in a regulated environment.
Securing Risk in a Risk-Based Industry
Insurance is fundamentally about managing risk—and cybersecurity now sits at the center of that mission. From legacy carriers to SaaS-driven insurtech platforms, Massachusetts’ insurance CISOs demonstrate how resilient infrastructure, regulatory alignment, and disciplined governance protect policyholders, preserve trust, and enable digital transformation across the industry.
You can also explore Cybersecurity Leaders to Watch in Massachusetts’ Marketing & Advertising Industry, highlighting leaders protecting digital engagement platforms, analytics systems, and brand ecosystems.