Time Is Money: Results from Latest ‘Cost of a Data Breach’ Report

A data breach creates all sorts of havoc, including significant financial costs.  That’s hardly new information.  But what those costs actually total does make news, as captured in the 2020 “Cost of a Data Breach” report, compiled by the Ponemon Institute and IBM Security.

The information from 2020 (the most current results available) provides a detailed glimpse the financial impacts security incidents can have on organizations, with historical data revealing trends in data breach causes and consequences.  The report shows some consistencies with past research.

Here are the major highlights:

  • The average cost of a breach in 2020 was $3.86 million per breach. This is actually good news, in a way, representing a 1.5 percent reduction from the 2019 cost per breach of $3.92 million.
  • The average time to identify and contain a breach in 2020 was 280 days, virtually identical with the 279 days it took on average in 2019.
  • Regarding prevention against breaches, 59 percent of organizations now have security automation deployed, up from 52 percent in 2019.

If one takeaway leaps out from these high-level results, it is that time is money.  While a higher percentage of businesses have security automation in place, it still takes nearly 10 months to discover and contain a major breach.  And the financial ramifications, even if slightly lower, remain substantial at nearly $4 million per breach.

The need for robust cybersecurity practices and protections continue to grow in importance and relevance.  For more information, contact the professionals at The Reschini Group today.


Copyright 2022 The Reschini Group

Source: https://securityintelligence.com/posts/whats-new-2020-cost-of-a-data-breach-report/

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Heed the Warnings: Surfside Condo and Pittsburgh Bridge

On June 24, 2021, at approximately 1:22 a.m., a 12-story beachfront condominium in the Miami suburb of Surfside, Florida, partially collapsed, killing 98 people and injuring 11.

The main contributing factor was identified as long-term degradation of concrete structural support in the ground-level parking garage under the housing units, due to water penetration and corrosion of the reinforcing steel. The problems had been reported in 2018 and noted as “much worse” in April 2021. A $15 million program of remedial works had been approved before the collapse, although no main structural work had been undertaken.

On Friday, Jan. 28, 2022, at approximately 6:40 a.m., the Fern Hollow Bridge – which carried roughly 14,000 vehicles a day, connecting major areas of Pittsburgh, Pennsylvania – collapsed about 100 feet into a ravine.  Miraculously, no one was killed but about 10 people received injuries.  The bridge had received “poor” ratings for the past 10 years from inspectors, and was included in plans to be rehabilitated, but not for another five to seven years.

As the shock wears off, the impact on victims and families processed, and the physical work of cleanup and reclamation begins, next come the questions about liability and who is responsible for the costs involved in the aftermath.

In the case of the Surfside collapse, there may be issues surrounding the property insurance and the possibility of Director & Officer claims directed at the Condo board.  Regarding the Fern Hollow Bridge, various municipal bodies and agencies may face insurance investigations and subsequent litigation.  In each instance, warnings about potential failures of the respective structures had been issued, and corrective plans made, but none had been performed in time to prevent a collapse.

One thing may be more certain than anything else, however – claims of this scope will trigger enhanced underwriting by the marketplace.

Your organization may not necessarily face the same level of disaster as Surfside or Fern Hollow, but there may be identifiable risks in play nonetheless.  Once they have been identified and a plan to alleviate them has been developed, it is wise to implement those plans sooner than later, as much as practically and financially possible.

For more information on these matters and how to properly prepare, contact the professionals at The Reschini Group today.


Copyright 2022 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Benefits Blog: Five Ways to Save on Healthcare Costs

It’s no secret that healthcare expenses have been on a steady, and costly, climb for the past two decades.  Price hikes of 6.5 percent are projected in 2022, with the ongoing COVID-19 pandemic playing a significant role in those increases.  This fact of financial life means employers must think both strategically and creatively about how to lower their health benefits expenses in 2022.  Here are five ways to help achieve savings:

  1. Control Drug Spending – Drug prices rise faster than any other medical service or commodity, with costs now 33 percent higher than in 2014, according to GoodRx.  Employers can educate employees on the price differences between name-brand and generic medications, and encourage using generics to save money while still receiving the same quality treatment.
  2. Encourage Active Benefits Participation – This includes encouraging employees to improve their health literacy, research treatments, and price shop.  By seeing specific prices for procedures and other services, employees can educate themselves before making costly health decisions.
  3. Offer Savings Accounts with Carryovers – Health savings accounts (HSAs), flexible savings accounts (FSAs), and other tax-advantaged savings account options empower employees to control their own spending and improve their health literacy.  Many accounts allow for fund carryover year to year, encouraging more contributions. Since many employers match contributions up to a limit, more money added to these accounts means greater tax savings for everyone.
  4. Embrace Virtual Health Options – A major takeaway from the pandemic has been the expansion of telehealth services, allowing individuals to connect with health professionals quickly, safely, and less expensively.  Employers adding telehealth services into their plan expand access to care and lower expenses for everyone.
  5. Consider Plan Funding Alternatives – A more drastic option for reducing health costs is restructuring how plans are funded.  For instance, a self-funded plan may be more cost- effective than paying a monthly premium for a fully insured plan.  Other options include level-funding or reference-based pricing models, each of which carries its own set of administrative rules and legal constraints.  Funding decisions should not be taken lightly and should be based on several factors, such as size of an organization, risk tolerance, and financial stability, including employees’ ability to take on large premium increases.

Selecting the best methods to contain healthcare costs depends on each organization’s unique capabilities.  The Benefits Team at The Reschini Group can help sort out the right option for your particular situation. Contact us today to get a conversation started.

Resources:

Benefits Insights: Preventive Care

Benefits Insights: Flexible Spending Accounts (FSA)

Know Your Benefits: Strategies for Saving on Prescription Drugs


Copyright 2022 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Cover Your Bases: Lack of Controls May Limit Cyber Insurance Access

Feeling lucky?  Like to gamble?

It’s one thing to play a small-potatoes hunch on your smartphone as you watch your favorite professional team on television.  It’s quite another to risk your entire business enterprise on something that never needed to be at risk at all – your cybersecurity protocols.

As the scope and expertise of malicious online operators grows, so is the insistence of insurers that their business clients have adequate cybersecurity controls in place.  A growing consequence for those who have not installed and maintained such controls is that they cannot acquire the needed coverage.

An industry leader recently conducted a study that concluded underwriters have adopted a “laser focus” on data security controls when looking at renewal risks, with “even greater underwriting scrutiny” of those controls as time goes on.  The desired preventative controls cited include:

  • Multifactor authentication
  • Remote desktop protocol
  • Segregation of networks
  • Encryption

Those without these protocols in place will be increasingly met either with a decline of coverage or rates increased as much as 200 percent or even higher, according to the report.  The threat of hackers successfully breaching cybersecurity protections has become such an issue for businesses, that even best-in-class risk managers – who have all preferred protections in place – may still see their premiums increase, but at a much lower rate.

So play those little parlays on your phone all you like.  But don’t leave your entire business enterprise open to such a huge bet.  Survey your cybersecurity protections and make sure they’re in place and working.

For more information, contact the professionals at The Reschini Group today.


Copyright 2022 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Source: www.commercialriskonline.com/buyers-without-security-controls-risk-cyber-insurance-refusals-warns-gallagher-report/

How Safe is Safe?: The Impact of COVID on Employer Practices Liability

In addition to the multiple and myriad changes already introduced to the business community by COVID-19, employers may now add possible increased liability and costs, perhaps ironically due to policies instituted to help stem the spread of the virus.

According to a 2021 report conducted in part by the Insurance Information Institute, employers need to be aware of the impact of the pandemic, particularly a shift in the burden of proof onto the employer for certain types of claimants and the changing exposure from people working from home.

Workers compensation saw five consecutive years through 2019 where that line of business posted an underwriting gain, but the institute-sponsored study said that trend could change with COVID-19.  Employer practices liability insurance (EPLI) – separate from workers compensation – has the potential to feel an impact from the pandemic, as well.

Mask-wearing mandates, vaccination or regular COVID testing requirements, increased flexibility and the associated variables of home-based work, plus similar pandemic safeguards, may fall prey to varying levels of adherence.

This lack of clarity has the potential for coverage-related issues, should employees become infected and require ongoing treatment for the virus.  Similarly, this uncertainty feeds into the increased premium costs for employers to adequately protect their businesses.

As new variants of the COVID virus develop and spread – even as vaccines become more refined and effective – the pandemic will continue to have wide, deep, and continuous ripple effects on all aspects of business, including EPLI and workers compensation insurance.

For more information on these matters and how to properly prepare, contact the professionals at The Reschini Group today.


Copyright 2022 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Source: https://www.iii.org/press-release/recession-pandemic-to-affect-p-c-underwriting-results-new-triple-i-milliman-report-shows-081320

 

Holding the Door Open for a Thief: Controlling Social Engineering Online

A professional hacker – who has gone straight and now goes by the job title of “Ethical Intruder” – lays out the truth with this simple statement:  “Take it from a hacker, we are not trying to break in through your next-generation firewall when we can simply ask your users for credentials.”

The sloppy, ill-informed, or unthinking release of credentials – the user names and passwords that permit access to your cyber files online – by employees or vendors is the digital equivalent of holding the door open for a thief to stroll into your sensitive operations with little or no resistance.  In the parlance of cyber security, the ways in which legitimate users either control or surrender control of their credentials is known as “Social Engineering.”

Social Engineering typically is seen within organizations as either an IT issue or the responsibility of Human Resources.  At its core, Social Engineering is a behavioral and awareness issue that hackers know is the easiest and quickest way to crack a cyber defense and avoid detection.

This has become an even more prevalent problem during the COVID-19 pandemic.  Attackers have increased use of their predatory skills against unwitting employees, who simultaneously have become more susceptible to clicking on or downloading files by providing their credentials on nearly anything related to the pandemic.

Entering this commonplace, yet incredibly valuable, information without giving a second thought as to who else might be watching can spell real trouble down the line.

It becomes incumbent on employers to educate and enforce standards regarding the unauthorized or uncontrolled use of employee credentials.  This single step can actually become one of the most effective ways to convey the very real threats that exist, and to tighten up the business’ cyber security protection.


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Cybersecurity Resources from The Reschini Group

For more information on cyber security safeguards, contact The Reschini Group today.

 

Safety Can Be Fleeting: Maintaining a Safe Fleet Program

Operating a fleet of vehicles remains a necessity for many businesses.  Drivers climb into cars and trucks every day, occasionally using multiple vehicles for differing purposes.  But do they know the expectations of their employers?  What kind of training and instruction have they received?  What are the rules about purchasing fuel?  Is personal usage ever permitted?  What about parking a company vehicle at their homes during non-working hours?

A consistent fleet safety program means not only cost savings, but also reduced liability, improved employee satisfaction, and enhanced safety performance.  While a program is best when tailored to the exact parameters of a specific business, here are some basic elements that every plan should include:

  • Secure and promote the support and commitment of all levels of management.
  • Issue written policies and procedures regarding all aspects of vehicle use related to the business, and ensure that all drivers have ongoing access to this information.
  • Create a roster of all drivers, including those who drive on behalf of the business using fleet vehicles, personal cars and trucks, and rented vehicles.
  • Screen and select drivers to create a reliable team of safe drivers as the key to ongoing fleet safety success.  Adhere to clear and detailed hiring standards.
  • Offer and record completion of training to all drivers, covering vehicles safety policies and procedures, including defensive driving.
  • Formalize schedules and record keeping related to vehicle inspections, repairs, and maintenance, to avoid costly breakdowns and accidents due to faulty equipment.
  • Manage drivers regularly, offering additional training where needed. Also manage accidents carefully to better understand areas of exposure and reduce the likelihood of future accidents.

The professionals at The Reschini Group can help your organization get a fleet safety program in place that works for your specific needs.  Contact us to talk more about this important consideration.


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Fleet Management Resources from The Reschini Group:

Contact us to talk more about this important consideration.

 

The Reschini Blog: The Pros and Cons of PTO

In the ever-shifting world of people management, the discretion over when time away from the job is justified has long been a source of friction and compromise.  What is vacation?  What is a sick day?  What is an emergency?  And who gets to make those final designations, the employee or the supervisor?

Paid Time Off, or PTO, offers a management strategy designed to alleviate or eliminate those points of possible contention, by changing the nature of the discussion.  Under a PTO system, employees can “bank” a pre-determined number of hours – either by pay period, or by month, or annually – then draw from those hours for whatever purpose they want.

In addition to simplifying the administration of an employee’s time away, PTO treats the employee as an adult capable of managing his or her time responsibly while not needing to worry about justifying the reason to a manager, or offer misleading information about taking a sick day when not actually being sick.  Also, PTO keeps healthy employees from feeling “penalized” for not taking sick days available to them.

Having a PTO system in place also makes a company more attractive to potential employees and increases loyalty among current employees, since time off is treated as a pool of hours, and not segmented into categories.  This means, for example, that unused sick days can be automatically used to take more time for vacation.

Of course, some caution must be taken with plans like PTO.  Managers must watch so that employees do not abuse the system, taking unreasonable stretches of time away that impact the company negatively.  Also, managers must still take responsibility for sending home an ill employee, who would prefer to stockpile time for vacation instead.

But for organizations with a culture that welcomes flexible work schedules, PTO can be a great tool for all involved, as an attractive alternative to traditional vacation and sick time off.

Contact the Benefits team at The Reschini Group to learn more.


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The Reschini Blog: Cyber Emergency Drills Build Vital Muscle Memory

From days spent in Kindergarten, right up until your most recent fire drill at the office, we have been conditioned to respond to emergencies through repetition.  Walk calmly to the nearest exit, gather in a pre-ordained spot, and account for everyone before notifying first responders of any missing associates.  We have it all down, thanks to muscle memory.

But what about a cyber emergency?  What must be done in that scenario?  Who is responsible for each function?  How do we know we’re being effective?  Those muscles may not have ever been stretched, but it’s imperative that this happen.

Knowing what to do in the event of a cybersecurity incident is vital to protect sensitive and crucial data.  Poorly coordinated responses not only have the potential to increase liability, but also can impact how insurance claims are paid following a breach.

Properly preparing for a cyber emergency includes:

  • Identifying who needs to be on the response team.
  • Describing each person’s roles and responsibilities.
  • Knowing how to categorize an incident.
  • Determining how to track milestones and save key evidence.

While most states require certain businesses to have written policies, actually practicing them is the only way to make those policies meaningful.  Once a plan has been established, the organization should run tabletop drills, presenting various scenarios and measuring how the team responds in real time.  Only through this kind of positive, productive repetition can the required muscle memory be developed to blunt, contain, and successfully recover from a cyber security emergency.

For more insurance-related information on this and other topics, contact the professionals at The Reschini Group.


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The Reschini Blog: Know What Your Equipment Is Worth

“Catastrophe” in the property insurance industry denotes a severe natural or man-made disaster that is unusually severe.  In the insurance industry, an event is designated a catastrophe when claims reach at least $25 million.

But an event doesn’t have to be technically classified as a catastrophe for it to feel like one, when you suffer damage to your property and equipment.  That’s why it’s always imperative to know the value of what you own long before it is ever damaged or lost.

Conducting an industrial appraisal remains a vital piece of the process in securing the proper level of insurance coverage.  Establishing a fair and accurate “insured-to-value” ratio can spell the difference between an effective and orderly restoration of operations following an event, and being left with unanticipated expenses and follow-up claim resolution issues.

Commercial property insurance policies generally cover the same causes of loss as most homeowners policies (damage from fire, windstorm, hail, riots, explosions) with some variation, depending on the coverages selected. Flood and earthquake damage are typically excluded.

To put that into perspective, the Insurance Information Institute says that in the U.S. from 1997 to 2016, events involving tornadoes, including other wind, hail and flood losses associated with tornadoes made up 39.9 percent of total catastrophe insured losses, adjusted for inflation. Hurricanes and tropical storms were a close second at 38.2 percent of losses, followed by other wind/hail/flood (7.1 percent) and winter storms (6.7 percent). Terrorism and fires, including wildland fires, accounted for 5.9 percent and 2.0 percent of catastrophe losses, respectively. Civil disorders, water damage and utility services disruption combined represented about 0.2 percent of losses.

The world – both from its natural dangers and those generated by people – can be a dangerous, hazardous place.  Your equipment and property is always vulnerable to damage and loss. The Reschini Group can provide rough estimates on building valuations, locate experts in the appraisal arena, and secure the best possible coverage solutions.

Because an event doesn’t have to fit the description of a catastrophe for it to feel like one, when it happens to you.  Contact the professionals at The Reschini Group to learn more.


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Source: https://www.iii.org/article/spotlight-on-catastrophes-insurance-issues