US Pro CLUE Blog

US Pro CLUE Blog

Cyber Liability Underwriting Exposures (CLUE) is a leading industry news source and information medium specifically developed by US Pro for its agency partners.

CLUE gets its information from many resources, including industry experts, underwriters, insurance publications, and multiple web-based articles to keep our customers current in the areas surrounding Cyber Liability Insurance programs.

 

Wage and Hour Coverage: What’s New?

Posted by on Oct 18, 2018 in Cyber Source | Comments Off on Wage and Hour Coverage: What’s New?

Wage and Hour Coverage, also known as FLSA coverage, provides for a sublimit of coverage to defend an Insured against claims arising from wage and hour disputes under the Fair Labor Standards Act. The importance of this coverage for all commercial risk types must be considered when quoting the Employment Practices Liability Insurance.

The FLSA is continuously reviewed as complaints continue to be litigated alleging employer violations of it. Notably, it is reinterpreted over the years, and has evolved through time.

Jackson-Lewis, a firm that leads in the areas of employment practice law, noted in their Wage & Hour Law Update some interesting takeaways recently in this specific area. An excerpt of this article, written by Jefrrey W. Brecher and Eric Magnus, states as follows:

“The most recent opinion letters address (with links to the letters themselves):

FLSA 2018-20: Whether time spent by employees voluntarily attending benefit fairs and undertaking wellness activities such as biometric screening, weight-loss programs and use of an employer-provided gym, are considered compensable working time (it is not).

FLSA 2018-21: Whether 29 U.S.C. § 207(i), the commissioned sales employee overtime exemption, applies to a company’s sales force that sells an internet payment software platform (under the facts presented, it does). Notably, this opinion letter is the first acknowledgement by the DOL of the Supreme Court’s recent holding in Encino Motorcars LLC v. Navarro, 138 S. Ct. 1134 (2018), that FLSA exemptions are to be given a “fair reading,” rather than a “narrow construction” as previously applied by the Department and many courts.

FLSA 2018-22: Whether members of a non-profit organization who serve as credentialing examination graders for one to two weeks per year, and who are not paid for their services but are reimbursed for their expenses, may properly be treated as volunteers rather than employees (under the facts presented, they may).

FLSA 2018-23: Whether 29 U.S.C. § 213(b)(27), exempting from overtime employees who work at a movie theater establishment, likewise applies to those employees who work at dining services operated by, and accessible only within, the theater (it does).”
 

The entire article can be read at https://www.wageandhourlawupdate.com/ which US Pro highly recommends.

Despite each of these opinions favoring the employer, the risk to a wage and hour complaint being brought by non-exempt employees continues to rise, and in some industry classes, remains a very big risk. It is preferred to purchase an EPLI coverage form that includes some limit of wage and hour coverage.

The Cost of the D&O Claim

Posted by on Oct 15, 2018 in Cyber Source | Comments Off on The Cost of the D&O Claim

It’s strange that 1 in 4 private companies who responded to the survey have had a D&O claim, yet so many private companies say they did not need the coverage.  That is a really big disconnect of perception to reality.  Fortunately, they decided to purchase the coverage after previously not doing so, BEFORE they had their claims.

 

The average reported loss was $399,394 in 2017, which is an almost 10% increase from the prior year.  So just who is/are bring these claims?

 

Customer

 

Sues the company and/or its directors or officers for any reason other than physical injury, product failure, or impairment.

 

Competitor

 

Sues the company and/or its directors or officers.

 

Partner/Shareholder

 

Sues the company and/or its directors or officers.

 

Vendor/Supplier

 

Sues the company and/or its directors or officers.

 

Government Agency

 

Sues or fines the company and/or its directors or officers

 

 

D&O competition has never been so fierce, and premiums so competitive.  A renewal that has a flat premium for 3 or more years is overpriced and should be marketed to US Pro for more competitive terms.

Why Private Companies Don’t Purchase D&O

Posted by on Oct 15, 2018 in Cyber Source | Comments Off on Why Private Companies Don’t Purchase D&O

In looking at the top reasons private companies do not buy D&O insurance today, the respondents to the survey led to the conclusion, according to their survey, that “there’s a clear disconnect between executive assumptions about their companies’ exposure and the potential risks that they actually face.

An important contributing factor to that disconnect may come from the fact that D&O insurance insures against wrongful acts by private company directors, officers and employees. Many private companies tend to believe that their behavior could not result in legal action.

In this same vein, small or family-owned businesses often report that since “everybody loves us,” they would never be subjected to a lawsuit.

Many companies also assume that their general liability insurance offers adequate coverage for any event that might result from their actions or behavior. Unfortunately, this is not the case. General liability insurance typically insures against losses involving bodily injury or property damage, but does not step in when there has been a failure to act by the company’s directors and officers. When that happens, those who might sue can include anyone having an association with the company — customers, vendors or suppliers, government agencies, competitors, and partners or shareholders.”
 

This is very interesting feedback to have.  Here is a look at the top reasons:

  • 33% Don’t believe we need because business is privately held
  • 32% Have not experienced related incident in the past
  • 31% Don’t believe we need because business is family run
  • 22% Not required to purchase (by contract or law)
  • 22% Covered by other business insurance (e.g., general liability or Business Owner’s Policy)
  • 19% Company is financially strong
  • 11% Have company policies or procedures in place to prevent exposures
  • 10% Not aware of this insurance coverage
  • 6% Coverage is not affordable/funding is not available

 

As you can see, these are mythical in truth, but also, true in reality when it comes to the purchasers of the coverage.

 
Myth 1 – All businesses need it when a claim happens.  They don’t need it when one does not. The average D&O loss for Private Companies is $399, 394.  You need the shelter in place before the storm hits- not after.

Myth 2 – The lack of a claim up to now does not make for the assurance that a claim will not come.  Do not rely on past experience on future risk.  Instead, consider it a blessing and good management work.

Myth 3 – Family businesses especially need to heed the warnings of Myth 1.

Myth 4 – Contract or law requirement should not be a driving consideration. Exposure to risk and financial disaster planning abilities should drive the choice. I always say to my agents “If you can’t afford to buy the coverage, how can you afford to pay for a claim?”

Myth 5 – As stated above, GL does not protect a business from D&O Liability claims.

Myth 6 – Any business which is financially strong is in this position due to good management decision. Good management decision tends to make for a financially strong business. However, one of the good management decisions a board can make is to protect itself from external threats. It seems as if being financially strong and choosing not to buy D&O because of it are not compatible.

Myth 7 – Good policies and procedures in place are excellent and considered part of best practices and disaster planning alike. However, they do not prevent risk, they mitigate the exposure to it. Risk is always present just by the nature of being in business. It is the best practices we use, and the disaster planning (insurance) we have in place in case those practices do fail.

Myth 8 – This would be something from the retail agency level and educating today’s commercial consumer on today’s real risks- D&O, EPL and Cyber amongst them.

Myth 9 – Refer to Myth 4

3 tips for Protecting Against the D&O Claim

Posted by on Oct 15, 2018 in Cyber Source | Comments Off on 3 tips for Protecting Against the D&O Claim

Good practice is the best method of keeping losses from occurring.  Insurance is made to work in harmony with good behaviors.  Having best practices results in best premiums, and D&O Insurance is a must for every commercial insured, private or not.

For private companies, they see themselves as resilient to claims, therefore, it is difficult for many of them to consider what kinds of best practices to implement.  If they can see no foul, they can see no harm to fix.

 

Consider these 3 “best practices” to implement in your private business, as shared in the survey:

 
Broaden the Perspective
When setting up crucial operational structures for a private company, outside experts of all kinds should be hired to assist.

Formalize Operations Structures
Critical areas of operation should be formalized, such as accounting practices, areas requiring legal care or compliance, risk management practices, and employment practices, including hiring and vacation policies, bonus structures, and determining compensation levels. Also, a company code of ethics and mission statement should be created with the understanding that they could prove legally significant, since written documentation of all kinds can counter erroneous claims by providing published proof.

Diversify the Board Membership
To avoid a myopic orientation, especially when a company is poised to grow, board members who are experts in the field should be hired, rather than those with a company association who will inevitably limit, rather than diversify or broaden, the perspective.

Remember, we keep losses reduced in a proactive approach to all aspects of our business.

Teenagers and the Cloud

Posted by on Oct 10, 2018 in Cyber Source | Comments Off on Teenagers and the Cloud

Cyber Liability Insurance is misunderstood, and as a result, it is not purchased by most commercial insureds.  However, it is the most important insurance a business can buy, and protects against the highest average per loss of any other insurance they can buy.

As I speak to industry groups, associations, and chambers of commerce across America, I often am told the same thing over and over again, no matter, the size or class of the organization, municipality, or business:  “we are in the cloud”.  Fantastic- there are a lot of angels here amongst us!

All jokes aside, the cloud offers some excellent conveniences to every day commercial insureds:

  • Modern, current, updated and effective virus protection, filters, and firewalls
  • Encryption of data
  • Storage Space
  • Ease of Access
  • Reduce overall IT costs

Having and doing business in the cloud is an essential part of most businesses today, and business is efficient and safe to do.  The reasons listed are excellent benefits of cloud-based services.  But like all things new these days, it comes with it a dangerous loophole that is very difficult to close.

Protecting our possessions is something we spend a lifetime doing.  We keep our purses and wallets secure.  We put our money into a bank.  We lock our car doors.  We close our windows and lock the doors in our house.  We make an everyday effort at keeping our “stuff” secure.

However, a locked door is only as good as those who lock the doors.  Being in the cloud is like having a teenager in the house.  You go to bed at night, and you lock up the house.  Your teenager is still out at work, or out with the friends, and comes home, parks the car in the garage, and leaves the garage door open all night long.

It’s an invitation for the neighborhood to come on over and take what you find.  The same is said of your own employees.  You have built your beautiful business on your employees, and each is a card.  Therefore, you have built a house of cards.  All it takes is for one card to fail and the entire house collapses around you.

If your business is in the cloud:

  • Be diligent to never give out your access information, user ids, passwords, or any other information needed to gain access to information stored into the cloud.
  • Discuss any requests for such information from people you trust and know, like the IT department employees, over the phone first.
  • Train employees to keep the garage door shut and do not click links they were not expecting and from people they do not know.

Simple changes to user behaviors will save a lot of aggravation, costs, and potential financial ruin down the road.

Human Error: The Primary Cause of Fire

Posted by on Oct 10, 2018 in Cyber Source | Comments Off on Human Error: The Primary Cause of Fire

Cyber Liability Insurance is misunderstood, and as a result, it is not purchased by most commercial insureds.  However, it is the most important insurance a business can buy, and protects against the highest average per loss of any other insurance they can buy.

Simply put, Cyber Liability Insurance is the FIRE INSURANCE of the FUTURE.  What does that really mean?  Let’s take a look at the 4 kinds of fires:

  • Commercial Structure Fire
  • Property Fire
  • Forest Fire
  • Cyber Fire

All of these fires share human error as the primary or secondary reason for the loss.  It is the intentional or unintentional negligence of you or your employees that is the biggest driver of claims within the Cyber fire, just as it is with the other types of fires.

Knowing that your employees account for over 80% of all claims, and 235 million phishing attacks occurred against US businesses in just the 3th quarter of 2017, understanding the risk and planning for the disaster becomes a real and present necessity.

Two immediate things can be done to help commercial insureds get ready for what may be coming their way:

TRAIN

Train your employees to use best practices when working online.  Use the ALWAYS, NEVER, SET rule.  Become a US Pro policyholder and gain access to training portals through your carrier and educational materials from US Pro.  Repeat training, and require it for all employees.  Keep training current and updated.

EDUCATE

Changing the behavior patterns of people becomes easier when you educate them on the need for the changes, the threats they face together, and the potential impact of the threats to their business.  Employees who have a vested interest as educated consumers become better receivers of value added training.

 

Understanding Voluntary and Involuntary Parting

Posted by on Oct 10, 2018 in Cyber Source | Comments Off on Understanding Voluntary and Involuntary Parting

Cyber Liability policies today regularly include coverage for Cyber Crime events.  Many of these policies refer to this as social engineering or phishing coverage.  We call it Financial Fraud Loss, because it includes 3 elements in the coverage:

  1. Electronic funds transfer fraud ( the theft of money by electronic means)
  2. Involuntary parting
  3. Voluntary parting

Involuntary parting of money occurs when your financial institution is fraudulently instructed to transfer funds from your account(s) by a third party purporting to be you or your employee.

Voluntary parting of money occurs when your financial institution is instructed by you or your employee to transfer money, or you or your employee are instructed to transfer, pay or deliver money or property to a third party, because of a fraudulent instruction from a third party purporting to be your employee, customer or vendor.

The difference between involuntary parting and voluntary parting is that you intentional part with the goods and services.  There are many Cyber policies in 2018 that still do not cover these scenarios, and voluntary parting of money is much easier for a criminal to accomplish.  It is very easy to pretend to be one’s employee, customer or vendor and vigilance is needed to detect these phishing and other social engineering scams.

Consider that 62% of all Cyber Crime claims come from phishing to the tune of $97,000 per event.  It is estimated that 90% of all phishing claims arise from VOLUNTARY parting.  Be aware.

In order to mitigate the occurrence of these events, as well as the potential size of loss if they do occur, work in the extremes and follow these 3 steps:

  • ALWAYS be suspicious. If it doesn’t look right, it isn’t.  If it is unusual, then it is not usual.  It is better to be safe than to be sorry.  When it comes to a phishing loss, it is better to offend than to defend.  Pick up the phone for any big order or request for payment or transfer to verify authenticity.
  • NEVER open up an attachment or click on a link from ANYONE you do not know. You do not know Amazon.  You only buy from Amazon.  If they send you a link or attachment you did not ask for, delete it and move on to live another day.  If you use rule #1 correctly, rule #2 is automatic.
  • SET a maximum limit of funds that can be transferred electronically or paid by check without dual authorization. What is your pain threshold?  Also, SET a limit on either the value of property/goods that can be shipped or sold without some kind of additional authorization.

There are numerous other best practices that can be adopted company-wide to make your employees better digital users.  But if you do nothing else, be sure to ALWAYS, NEVER and SET.

2018 Experian Data Breach Industry Forecast: It will SHOCK You!

Posted by on Mar 14, 2018 in Cyber Source | Comments Off on 2018 Experian Data Breach Industry Forecast: It will SHOCK You!

An excellent resource available to anyone interested in Cyber security and insurance, the annual forecast that Experian does is highly recognized in our industry.  We had a chance to review Experian’s annual Data Breach Industry Forecast for 2018.  It was shocking.  Seriously.  Here are the top 5 key points as seen through the eyes of our President, Kevin Sneed:

  1. Operating in the digital world in 2018 with no disaster plan in place may be fatal for any size of business.  Effective Cyber Insurance is at the top of that plan.  Risk avoidance is impossible, and event probability is almost certain.  Therefore, risk transfer is an absolute.
  2. Remember 5/25/18.  This is a date that will live in Cyber Infamy.
  3. The line between Cyber threat and physical threat is now thin ice.
  4. More intelligence creates sophisticated attacks easier and faster.
  5. Small business risks death.

Over the next couple of weeks, the blog will be updated to dive into each one of these take away themes.  Make no mistake, everything in the report confirms what we have been saying at the ground battle level about Cyber Liability.  The risk is getting much bigger, not smaller.  The bad guys are winning the war right now- we implement security in reaction to threat.  Most of American small business’ still do not buy effective Cyber Insurance, yet, the transfer of risk is one of the only effective weapons when under attack.

US Pro is working to change this dynamic.  We are working to help America’s small business understand what they are facing.  We are teaching America’s retail agencies how to understand Cyber risk by industry class.   We are “America’s Cyber Insurance Experts”, and we are working for you.

For access to a copy of Experian’s report, please visit their website directly to get your copy.  We highly recommend this as a resource.

http://www.experian.com/data-breach/2018-data-breach-industry-forecast.html?ecd_dbres_feb_2018_blog

 

National Cyber Security Awareness Month: Week 5

Posted by on Dec 4, 2017 in Cyber Source | Comments Off on National Cyber Security Awareness Month: Week 5

Week 5: October 30-31 Theme: Protecting Critical Infrastructure from Cyber Threats

The best site I could find that dealt with the theme for Week 5 is Bluefin, and their recommendations is spot on.  A full reproduction of their article posted on their site October 31, 2017 follows:

(Reproduction of original document written by and posted on the Bluefin blog)

 

 

National Cyber Security Awareness Month: Week 4

Posted by on Dec 4, 2017 in Cyber Source | Comments Off on National Cyber Security Awareness Month: Week 4

Week 4: October 23-27 Theme: The Internet Wants You: Consider a Career in Cybersecurity

According to the official position of the DHS on this week’s topic:

“According to a study by the Center for Cyber Safety and Education, by 2022, there will be a shortage of 1.8 million information security workers.  It is critical that today’s students graduate ready to enter the workforce to fill the vast number of available cybersecurity positions.  Students and other job seekers are encouraged to explore cybersecurity careers.”

There is a blog that we found that talks at length about how to explore such a career.  The blog is found at White Hat Security and was written by Jeannie Warner in September of 2017.  You can link directly to this by clicking the link:

https://www.whitehatsec.com/blog/how-to-get-a-job-in-cybersecurity/

A summary of the key takeaway points from the article:

#1- Decide where in the cybersecurity rainbow your interests fit

#2- Keywords are important to communicate

#3- Know someone

#4- Don’t get discouraged

#5- Be passionate

Look for more useful information in next week’s review of Week 5 of Cyber Security Awareness Month.