Cover Your Bases: Lack of Controls May Limit Cyber Insurance Access

Feeling lucky?  Like to gamble?

It’s one thing to play a small-potatoes hunch on your smartphone as you watch your favorite professional team on television.  It’s quite another to risk your entire business enterprise on something that never needed to be at risk at all – your cybersecurity protocols.

As the scope and expertise of malicious online operators grows, so is the insistence of insurers that their business clients have adequate cybersecurity controls in place.  A growing consequence for those who have not installed and maintained such controls is that they cannot acquire the needed coverage.

An industry leader recently conducted a study that concluded underwriters have adopted a “laser focus” on data security controls when looking at renewal risks, with “even greater underwriting scrutiny” of those controls as time goes on.  The desired preventative controls cited include:

  • Multifactor authentication
  • Remote desktop protocol
  • Segregation of networks
  • Encryption

Those without these protocols in place will be increasingly met either with a decline of coverage or rates increased as much as 200 percent or even higher, according to the report.  The threat of hackers successfully breaching cybersecurity protections has become such an issue for businesses, that even best-in-class risk managers – who have all preferred protections in place – may still see their premiums increase, but at a much lower rate.

So play those little parlays on your phone all you like.  But don’t leave your entire business enterprise open to such a huge bet.  Survey your cybersecurity protections and make sure they’re in place and working.

For more information, contact the professionals at The Reschini Group today.


Copyright 2022 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Source: www.commercialriskonline.com/buyers-without-security-controls-risk-cyber-insurance-refusals-warns-gallagher-report/

How Safe is Safe?: The Impact of COVID on Employer Practices Liability

In addition to the multiple and myriad changes already introduced to the business community by COVID-19, employers may now add possible increased liability and costs, perhaps ironically due to policies instituted to help stem the spread of the virus.

According to a 2021 report conducted in part by the Insurance Information Institute, employers need to be aware of the impact of the pandemic, particularly a shift in the burden of proof onto the employer for certain types of claimants and the changing exposure from people working from home.

Workers compensation saw five consecutive years through 2019 where that line of business posted an underwriting gain, but the institute-sponsored study said that trend could change with COVID-19.  Employer practices liability insurance (EPLI) – separate from workers compensation – has the potential to feel an impact from the pandemic, as well.

Mask-wearing mandates, vaccination or regular COVID testing requirements, increased flexibility and the associated variables of home-based work, plus similar pandemic safeguards, may fall prey to varying levels of adherence.

This lack of clarity has the potential for coverage-related issues, should employees become infected and require ongoing treatment for the virus.  Similarly, this uncertainty feeds into the increased premium costs for employers to adequately protect their businesses.

As new variants of the COVID virus develop and spread – even as vaccines become more refined and effective – the pandemic will continue to have wide, deep, and continuous ripple effects on all aspects of business, including EPLI and workers compensation insurance.

For more information on these matters and how to properly prepare, contact the professionals at The Reschini Group today.


Copyright 2022 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Source: https://www.iii.org/press-release/recession-pandemic-to-affect-p-c-underwriting-results-new-triple-i-milliman-report-shows-081320

 

Holding the Door Open for a Thief: Controlling Social Engineering Online

A professional hacker – who has gone straight and now goes by the job title of “Ethical Intruder” – lays out the truth with this simple statement:  “Take it from a hacker, we are not trying to break in through your next-generation firewall when we can simply ask your users for credentials.”

The sloppy, ill-informed, or unthinking release of credentials – the user names and passwords that permit access to your cyber files online – by employees or vendors is the digital equivalent of holding the door open for a thief to stroll into your sensitive operations with little or no resistance.  In the parlance of cyber security, the ways in which legitimate users either control or surrender control of their credentials is known as “Social Engineering.”

Social Engineering typically is seen within organizations as either an IT issue or the responsibility of Human Resources.  At its core, Social Engineering is a behavioral and awareness issue that hackers know is the easiest and quickest way to crack a cyber defense and avoid detection.

This has become an even more prevalent problem during the COVID-19 pandemic.  Attackers have increased use of their predatory skills against unwitting employees, who simultaneously have become more susceptible to clicking on or downloading files by providing their credentials on nearly anything related to the pandemic.

Entering this commonplace, yet incredibly valuable, information without giving a second thought as to who else might be watching can spell real trouble down the line.

It becomes incumbent on employers to educate and enforce standards regarding the unauthorized or uncontrolled use of employee credentials.  This single step can actually become one of the most effective ways to convey the very real threats that exist, and to tighten up the business’ cyber security protection.


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Cybersecurity Resources from The Reschini Group

For more information on cyber security safeguards, contact The Reschini Group today.

 

Safety Can Be Fleeting: Maintaining a Safe Fleet Program

Operating a fleet of vehicles remains a necessity for many businesses.  Drivers climb into cars and trucks every day, occasionally using multiple vehicles for differing purposes.  But do they know the expectations of their employers?  What kind of training and instruction have they received?  What are the rules about purchasing fuel?  Is personal usage ever permitted?  What about parking a company vehicle at their homes during non-working hours?

A consistent fleet safety program means not only cost savings, but also reduced liability, improved employee satisfaction, and enhanced safety performance.  While a program is best when tailored to the exact parameters of a specific business, here are some basic elements that every plan should include:

  • Secure and promote the support and commitment of all levels of management.
  • Issue written policies and procedures regarding all aspects of vehicle use related to the business, and ensure that all drivers have ongoing access to this information.
  • Create a roster of all drivers, including those who drive on behalf of the business using fleet vehicles, personal cars and trucks, and rented vehicles.
  • Screen and select drivers to create a reliable team of safe drivers as the key to ongoing fleet safety success.  Adhere to clear and detailed hiring standards.
  • Offer and record completion of training to all drivers, covering vehicles safety policies and procedures, including defensive driving.
  • Formalize schedules and record keeping related to vehicle inspections, repairs, and maintenance, to avoid costly breakdowns and accidents due to faulty equipment.
  • Manage drivers regularly, offering additional training where needed. Also manage accidents carefully to better understand areas of exposure and reduce the likelihood of future accidents.

The professionals at The Reschini Group can help your organization get a fleet safety program in place that works for your specific needs.  Contact us to talk more about this important consideration.


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Fleet Management Resources from The Reschini Group:

Contact us to talk more about this important consideration.

 

The Reschini Blog: The Pros and Cons of PTO

In the ever-shifting world of people management, the discretion over when time away from the job is justified has long been a source of friction and compromise.  What is vacation?  What is a sick day?  What is an emergency?  And who gets to make those final designations, the employee or the supervisor?

Paid Time Off, or PTO, offers a management strategy designed to alleviate or eliminate those points of possible contention, by changing the nature of the discussion.  Under a PTO system, employees can “bank” a pre-determined number of hours – either by pay period, or by month, or annually – then draw from those hours for whatever purpose they want.

In addition to simplifying the administration of an employee’s time away, PTO treats the employee as an adult capable of managing his or her time responsibly while not needing to worry about justifying the reason to a manager, or offer misleading information about taking a sick day when not actually being sick.  Also, PTO keeps healthy employees from feeling “penalized” for not taking sick days available to them.

Having a PTO system in place also makes a company more attractive to potential employees and increases loyalty among current employees, since time off is treated as a pool of hours, and not segmented into categories.  This means, for example, that unused sick days can be automatically used to take more time for vacation.

Of course, some caution must be taken with plans like PTO.  Managers must watch so that employees do not abuse the system, taking unreasonable stretches of time away that impact the company negatively.  Also, managers must still take responsibility for sending home an ill employee, who would prefer to stockpile time for vacation instead.

But for organizations with a culture that welcomes flexible work schedules, PTO can be a great tool for all involved, as an attractive alternative to traditional vacation and sick time off.

Contact the Benefits team at The Reschini Group to learn more.


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The Reschini Blog: Cyber Emergency Drills Build Vital Muscle Memory

From days spent in Kindergarten, right up until your most recent fire drill at the office, we have been conditioned to respond to emergencies through repetition.  Walk calmly to the nearest exit, gather in a pre-ordained spot, and account for everyone before notifying first responders of any missing associates.  We have it all down, thanks to muscle memory.

But what about a cyber emergency?  What must be done in that scenario?  Who is responsible for each function?  How do we know we’re being effective?  Those muscles may not have ever been stretched, but it’s imperative that this happen.

Knowing what to do in the event of a cybersecurity incident is vital to protect sensitive and crucial data.  Poorly coordinated responses not only have the potential to increase liability, but also can impact how insurance claims are paid following a breach.

Properly preparing for a cyber emergency includes:

  • Identifying who needs to be on the response team.
  • Describing each person’s roles and responsibilities.
  • Knowing how to categorize an incident.
  • Determining how to track milestones and save key evidence.

While most states require certain businesses to have written policies, actually practicing them is the only way to make those policies meaningful.  Once a plan has been established, the organization should run tabletop drills, presenting various scenarios and measuring how the team responds in real time.  Only through this kind of positive, productive repetition can the required muscle memory be developed to blunt, contain, and successfully recover from a cyber security emergency.

For more insurance-related information on this and other topics, contact the professionals at The Reschini Group.


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The Reschini Blog: Know What Your Equipment Is Worth

“Catastrophe” in the property insurance industry denotes a severe natural or man-made disaster that is unusually severe.  In the insurance industry, an event is designated a catastrophe when claims reach at least $25 million.

But an event doesn’t have to be technically classified as a catastrophe for it to feel like one, when you suffer damage to your property and equipment.  That’s why it’s always imperative to know the value of what you own long before it is ever damaged or lost.

Conducting an industrial appraisal remains a vital piece of the process in securing the proper level of insurance coverage.  Establishing a fair and accurate “insured-to-value” ratio can spell the difference between an effective and orderly restoration of operations following an event, and being left with unanticipated expenses and follow-up claim resolution issues.

Commercial property insurance policies generally cover the same causes of loss as most homeowners policies (damage from fire, windstorm, hail, riots, explosions) with some variation, depending on the coverages selected. Flood and earthquake damage are typically excluded.

To put that into perspective, the Insurance Information Institute says that in the U.S. from 1997 to 2016, events involving tornadoes, including other wind, hail and flood losses associated with tornadoes made up 39.9 percent of total catastrophe insured losses, adjusted for inflation. Hurricanes and tropical storms were a close second at 38.2 percent of losses, followed by other wind/hail/flood (7.1 percent) and winter storms (6.7 percent). Terrorism and fires, including wildland fires, accounted for 5.9 percent and 2.0 percent of catastrophe losses, respectively. Civil disorders, water damage and utility services disruption combined represented about 0.2 percent of losses.

The world – both from its natural dangers and those generated by people – can be a dangerous, hazardous place.  Your equipment and property is always vulnerable to damage and loss. The Reschini Group can provide rough estimates on building valuations, locate experts in the appraisal arena, and secure the best possible coverage solutions.

Because an event doesn’t have to fit the description of a catastrophe for it to feel like one, when it happens to you.  Contact the professionals at The Reschini Group to learn more.


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Source: https://www.iii.org/article/spotlight-on-catastrophes-insurance-issues

The Reschini Benefits Blog: Total Compensation Statements

For many employees, the paycheck represents the sum total of how their employer compensates them.  But in many cases, that’s not the complete picture.

From the employer’s perspective, the benefits package offered to their workers may be quite substantial, but those same employees may not be aware of or may not understand the full scope of what they’re being offered.  A Total Compensation Statement can help raise appreciation, morale, and loyalty among the members of a workforce.

A Total Compensation Statement highlights the monetary value of a company’s benefits package, including those perks that may be overshadowed by traditional benefits, to include information on:

  • Salary
  • Bonuses
  • Commissions
  • Stock options
  • Stock grants
  • Employee stock purchase plan
  • Retirement plan
  • Social Security contributions
  • 401(k) matching contributions
  • Paid time off
  • Coverages for health, life and disability insurance
  • Wellness rewards (e.g., discounts and cash 
bonuses)

By assigning a dollar amount to benefits that do not seem to have a tangible monetary value, employers can promote the idea of total compensation, beyond just a paycheck.  Pulling back the curtain in this way can lead to higher retention rates among employees and can make the organization more competitive when talking with recruits during the hiring process.

Committing to providing Total Compensation Statements will require some investment of time and resources to gather and present this data, but the return on this investment can be more than worth the effort.

Contact the Benefits team at The Reschini Group for more information.

Here is a resource for total compensation:

Total Rewards – Compensation and Benefits


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The Reschini Blog: Slow Hackers Down with MFA

When a skilled hacker has the means, the motive, and the opportunity to break into your cyber system and wreak havoc, not much can stop or slow that person down.  With one exception – multi-factor authentication, or MFA.

The only drawback of using this advanced tool, however, comes in the fact that the MFA – because of its comprehensive and in-depth safeguards – can also slow down legitimate users.  But industry experts agree that the benefits in safety and security far outweigh this one minor negative.

The National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce, defines MFA as “a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor.”

NIST adds, “MFA is quite simple, and organizations are focusing more than ever on creating a smooth user experience. In fact, you probably already use it in some form. For example, you’ve used MFA if you’ve:

  • swiped your bank card at the ATM and then entered your PIN (personal ID number)
  • logged into a website that sent a numeric code to your phone, which you then entered to gain access to your account.”

The Pittsburgh Technology Council cites a professional cybersecurity expert (and former hacker), who said, “It is of the utmost importance to push through any obstacles and enable MFA on your environment.  In addition to the monumental importance of having MFA, it is critical that you review your third-party systems that you do not control, especially those which contain sensitive company data, and find out whether MFA is available.”

The added seconds it may require for users to register through two separate channels to access data amounts to virtually nothing in the long-term, when compared with the time, trauma, and treasure it would take to recover from a severe cybersecurity breach.

For more insurance-related information on this and other topics, contact the professionals at The Reschini Group.

Download these resources about Cyber Liability:
10 Cyber Security Resolutions to Reduce Your Data Exposures
CI – Cyber Liability Insurance
Contact The Reschini Group with your questions or concerns regarding cybersecurity.


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The Reschini Blog: Workers’ Comp and the Pandemic

Believe it or not, 2020 may not have been such a bad year for workers’ compensation insurers and insureds after all.

The National Council on Compensation Insurance (NCCI) looked at results through the third quarter of 2020 and extended those through the end of the year, using data from private carriers and state funds in 41 jurisdictions. The NCCI figures are calendar year and do not reflect the full costs of treating COVID-19 or other health conditions with long-term effects.

Overall for 2020, NCCI found:

  • Worker claims due to COVID-19 have ranged from no symptoms to critical care, hospitalizations and, unfortunately, fatalities in some cases.
  • The overall COVID-19 claims picture is by no means dire, with the majority of cases only requiring the injured worker to miss work and quarantine or recover at home.
  • About 80% of the COVID claimants received very limited treatment, with 20% admitted to the hospital, representing the costliest and most complicated cases.
  • The typical COVID inpatient stay lasts on average about seven to eight days.
  • The majority of workers filing COVID workers’ compensation claims were women, at nearly 70%. These claimants are also generally older than the typical injured worker, with a large share age 55 years and older.
  • Also, injured workers who contracted COVID-19 and required medical treatment were more likely to have comorbidities such as hypertension and chronic pulmonary disorder.
  • COVID-19 claims were predominantly among frontline workers, first responders, healthcare and other essential workers, and teachers.

As the Delta variant surges across the U.S., it will be important to see how trends impacting workers’ compensation claims mirror or diverge from those seen from the initial round of COVID-19.

For more information, contact the workers’ compensation experts at The Reschini Group.

Download our resources about Workers Comp and COVID:

 


Copyright 2021 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.