US Pro CLUE Blog

US Pro CLUE Blog

Cyber Liability Underwriting Exposures (CLUE) is a leading industry news source and information medium specifically developed by US Pro for its agency partners.

CLUE gets its information from many resources, including industry experts, underwriters, insurance publications, and multiple web-based articles to keep our customers current in the areas surrounding Cyber Liability Insurance programs.

 

Protect It!

Posted by on Oct 31, 2019 in Cyber Source | 0 comments

Each year the government recognizes October as the month for which we need to renew our efforts at understanding what our online footprint is, and how to keep it safe. The theme for 2019 is Own ItSecure ItProtect It.

Today, we take an inside look at the part 3 of this theme – Protect It.

 

The Digital Footprint

Your internet profile, both professional and personal, is a digital footprint you leave as you go. Think of walking through the sand down the beach, and looking behind you to see your footprints in the sand. Eventually, the tide comes and washes them away, or others walk over them. They fade away.

Your digital footprint can be more like your footprints in the sand, but not unless you Own It and Secure It- but most of all, PROTECT IT. One of the many problems with our online presence is that we tend to fall trap to the idea that whatever is on the screen must be credible. This means both content and destination. This is how we fail to protect it- IT being our digital footprint.

Let’s remember there are multiple automated programs and social media bots and sites dedicated to skewing your perception and thus your information and thus your attitude and thus your response. From political viewpoints to religious indifferences, and every other social issue in between, programs are generating the discussion points- not people.

So keep a few things in mind:

  • Consider the source. A lot of information, even on credible news sites, is really not the truth. Whenever you are reading anything online from anyone or anywhere, be sure to use a filter. Remember, filtered water is much better than well water. Unfiltered information may just end up like well water- undrinkable.
  • Re-verify. Two is always better than one online. This is why MFA is always suggested. If you comes across news or information in one place, be sure there are different reports or stories of the same news item. Avoid regurgitated stories. This is just a mainstreaming of an idea rather than a reporting of the news.
  • Separate. So much of what we see these days is another person’s opinion. Everything we read is cast through a narrow lens using descriptive adjectives. Avoid the white noise and focus in on the truth of what you are reading. You can usually see through smoke and mirrors when you focus.

Knowing that there is always someone somewhere trying to scam you personally or through the social media posts you see or the news that you read is your first layer of protection. An educated consumer is a better protected user. Here are some more things to know.

 

Common Internet Scams

The bad guys want your information, identity and money. Same old story, but with a non-physical flair to the crime. Knowing what to look for adds value to protecting you against those threats. In 2018, these 3 threats were to top risks to the online experience:

  • Identity Theft. This is the criminal acquisition of another party’s personal information used to obtain money, property, or credit. Red flags for this activity include bills for items you did not purchase, unrecognized credit card charges, or evidence of new accounts opened in your name not authorized by you.
  • Imposter Scams. Also known as phishing scams, these are actions where a third party purports to be someone who they are not that you believe is whom they represent to be that fraudulently collects personal and confidential information directly from you. Once they have this information, they use it to commit additional Cyber Crime with this information.
  • Debt Collection Scams. In these cases, cyber criminals attempt to collect from you on fraudulent debt. Red flags for these actions include request for wire transfers, credit card payment, or gift cards and reloadable cards.

In order to Protect what you have owned and secured, recycle the tips we gave you during Parts 1 and 2 of this series. The biggest one is to enable MFA protocol to be sure when you do communicate with sensitive information you are certain it is going to the right people.

But a review of all of these tips is in order to move through the worldwide sand with fading footprints.

As always, have a safe browsing day.

Take an inside look at all three themes for 2019: Own ItSecure ItProtect It.

Secure It!

Posted by on Oct 29, 2019 in Cyber Source | 0 comments

Each year the government recognizes October as the month for which we need to renew our efforts at understanding what our online footprint is, and how to keep it safe. The theme for 2019 is Own ItSecure ItProtect It.

Today, we take an inside look at the part 2 of this theme – Secure It.

Secure It is an online way of life. How we engage ourselves online, and the processes we implement to keep ourselves safe makes for a better online experience. A user who works secured is less likely to become victim to digital crimes. The 5 main areas of Secure It that are featured this year repeat in many cases what we learned in the Own It blog. Remember, education is not effective unless it leads to behavior change and repeating the same sets of processes whenever we move in our digital footprint gives us better protection.

Let’s dive into the topics of Secure It!

 

Creating a Password

Passwords are compromised by algorithms, phishing attacks, and malware. This translates to hacking, voluntary giving, and theft. Creating strong password is not an easy task, especially when you have multiple passwords across multiple sites. Here are the tips and tricks to know and use:

  • Go long! We suggest using the longest password possible or permissible. Sentences or compound phrases are very effective password uses.
  • Be sneaky. Keep your own information to yourself. Avoid using any personal identifiers in your password. Your personal information can be found on social media and other places and can be used to try to crack your password.
  • Set yourself apart. Avoid uses of common words in your phrases and change certain letters into numbers or characters that only you understand.
  • Creativity kills the catfish. Use phonetic phrases for letters, such as PH instead of F, or deliberate changes to words, such as “pasghetti” instead of “spaghetti”.
  • Down-low is the way to go. Your information is your own. Do not share it with anyone ever unless such action was first initiated by you for a specific purpose. Never do so in response to an email or call you receive. If you do not initiate, then you do not participate.
  • Unique boutique. Find a way to standardize but customize your passwords across all sites to make it easier for you to remember a unique password specific to each unique site.
  • MFA is always the way. Having multiple layers of identification or protection when working online is the best practice. Use the tips we discuss below in the MFA theme.
  • Hire a manager. Using a password manager to store all of your online passwords is effectively a combination toolbox and safe. Consider adding this into your security arsenal.

 

Multi Factor Authentication (MFA)

You have probably seen it before and have probably been asked to do it. But you may not know what it is called and why it is done. A TWO-STEP verification process to confirm your identity when logging in to a specific site (usually banking or financial) is known as Multi Factor Authentication, or MFA for short. This requirement to enter your password and also to confirm via a code sent by call, text or email to your known contact information is very effective in mitigating potential breaches of your information, accounts, and property. The government goes through a few elements of MFA to help users understand its value:

  • What it is. MFA is the security process that requires more than one method of authentication from independent sources to verify the user’s identity (as described in the example above).
  • How it works. In order to gain access, your credentials must confirm from at least 2 different categories. It works using the following three credential system:
    • Something you know- Password, PassPhrase, Pin #
    • Something you have- Security Token or App, Verification Text/Call/Email, Smart Card
    • Something you are- Fingerprint, Facial Recognition, Voice Recognition
  • When should it be used. It should be used in all sites wherever enhanced security is desirable due to the sensitivity of the information being used. It should especially be considered whenever your financial or healthcare information is being access or used.

 

Cyber Security in the Workplace

Employees at every level of the ladder are the army in the battle against Cyber criminals. They are also the top cause of events and are responsible for 100% of all successful phishing attacks. Employees should know and adhere to these 5 rules of the road when driving in cyberspace:

  • Own your work. When online at work, treat your work product as your own property. Be vigilant in your effort and always suspicious and alert.
  • IT is not your problem. Technology today is extensive in its detection and prevention capabilities. Many cloud provider and IT supports systems have excellent processes in place for keeping you secure. However, all of these preventive measures will only work if your employees work to keep the bad guys out. It is like having a strong security system but not locking the doors. Criminals use employees as the means of gaining unauthorized access to the systems or data.
  • Keep it up! As we discussed during the Own It blog, keeping up to date is extremely important and a certain part of your IT support’s processes. All machines and software should be updated as required, and these should be automated rather than manual whenever possible.
  • Keep social media social. As is the case with your personal social media accounts, minimize how much information about your customers, employees, and vendors is shared online. This information can be used to launch sophisticated phishing scams against those customers, employees and vendors, amongst other things.
  • 1 shot and you’re out! Hacking of a network or the infrastructure of a computer system is infrequent. It is often a single vulnerability within the security perimeter, and as previously noted, often cause by an employee. It only takes one door to be opened for the entire organization to fall.

 

Phishing

Phishing is a form of social engineering, and just one of many. However, its effectiveness and relative ease of execution makes it the most frequent of them to be used. Most phishing attacks come in the form of emails, and others as malicious websites. These tools are used to gain unauthorized access to or use of your systems to steal personal or corporate confidential information, and more importantly, steal money. A few tips to remember to not be “hooked”:

  • Play hard to get. Always be suspicious. Anything online can be other than what it seems to be, especially emails and online posts with hyperlink or attachments. When you are not expecting such a link, did not ask for one, or are in any way unsure of its source, do not click on the link or attachment.
  • Don’t be a jiminy clickit. Urgency in an email requiring immediate action is suspect. Pay attention. Use the PUTP defense in these cases – Pick Up The Phone. Do not respond to these kinds of emails without first picking up the phone to call the sender at a number known to you to be certain they did send the email. Think first and click later.
  • Secure what is yours. Your professional online profile contains a lot of your personal information. Be sure to limit this only to what is needed and be aware that if your customer can see the information and use it to do business with you, Cyber Criminals can use it to do their business against you.
  • Be hypersensitive. Hyperlinks in emails are doorways to hell. For a Cyber Criminal, its their black hole to your stuff. Always hover over hyperlinks and read them from right to left to verify both authenticity and destination.
  • MFA is always the way. Having multiple layers of identification or protection when working online is the best practice. Use the tips we discuss below in the MFA theme.
  • Shake it up.
  • Keep it up! As we discussed during the Own It blog, keeping up to date is extremely important and a certain part of your IT support’s processes. All machines and software should be updated as required, and these should be automated rather than manual whenever possible.

 

Owning it is securing it. The best way to stay secure personally and at work is to believe you will be a victim, and to take up your defensive position. Your personal and professional life are under attack every day, and your best weapon to fight is being in the know as you go.

 

As always, have a safe browsing day.

Take an inside look at all three themes for 2019: Own ItSecure ItProtect It.

Own It!

Posted by on Oct 18, 2019 in Cyber Source | 0 comments

Another October is upon us, which means our Cyber Security Awareness reminders are in order. Each year the government recognizes October as the month for which we need to renew our efforts at understanding what our online footprint is, and how to keep it safe.

 

The theme for 2019 is Own ItSecure ItProtect It. Today, we take an inside look at the first part of the theme – Own It.

Own It begins with you. Each of us have a responsibility to work in community to combat Cyber criminals. An educated user group is less likely to become victims to digital crimes. These 4 tips provided by Homeland Security are good practice to put into place not only when traveling, but as a general rule:

  • Stay updated with all current patches to all of your devices
  • Backing up information is a must. Be consistent and routine in this practice, as restoring information is expensive and timely.
  • Lock your devices when not in use. Be sure that your PIN number and password are not obvious and easy to crack.
  • Use multi factor authentication if you can. This requirement to have double access points in order to access important accounts or information is essential in the fight to maintain privacy of your data.

When you are traveling, an additional step to take is to disable auto-connecting features of your devices. You will want to be able to control the wifi access of your devices manually.

The 3 main areas of Own It that are featured this year are in the areas of Social Media Cyber Security, Online Privacy and the Internet of Things (use of IoT devices).

 

Social Media Cyber Security

Let’s first take a look at the statistics:

  • 3.48 billion people worldwide use social media platforms. Simply put, 45% of the worldwide population is wired into social media.
  • The digital consumer spends about 2.5 hours on social media networks or messengers each day
  • 69% of US adults use at least 1 social media site and the average American has 7.1 social media accounts

This means that people spend a lot of time taking, chatting, reading, posting and investing their life into social media. However, most people do not remember that the internet is almost a forever-ever land. In order to protect your personal identity, online presence, and internet reputation, an urgent sense of ownership is required. Let’s be sure to use these advices to better protect what is most important- you!

  • You cannot hit the delete button fast enough. Items you share or post, even when deleted, are likely seen by someone within seconds of posting it. Be sure to share with care!
  • Privacy is an ongoing struggle. Update- don’t wait. Be sure to know what your privacy settings are and what apps you are sharing information on.
  • Disable geotgagging. People just do not need to know your physical location, unless you tell them personally. Be rid of the grid.
  • Be sure you trust who you connect with. Avoid being deceived into connecting with people you really do not know. On the internet, strangers are dangers.
  • Be like an etch and sketch. Your information that you share needs to be limited in its nature, worth little to criminals, and protective to your identity. When you are not online, your footprint should be innocuous.
  • Don’t be intimidated. If something posted about you makes you uncomfortable, ask for it to be removed. If necessary, escalate your concern, or concern of any suspicious activity, to the appropriate individuals. If you see something, say something.

 

Online Privacy

The facts are just staggering:

  • 64% of U.S. adults have been the victim of a major data breach impacting their personal data
  • As a result, 69% of consumers believe companies are vulnerable to Cyber attacks
  • 49% of Americans believe their data is less safe than it was 5 years ago

The 49% figure rises to 58% when that same question is asked of people 50 years and older. This creates an aging population concerned with online privacy and security. Here are some best practice tips for easing this struggle:

  • Owning it means guarding it. As previously discussed, used multifactor authentication (MFA) to protect unwanted access. Every door needs an extra deadbolt on it in high crime areas.
  • There is strength in length. People treat passwords as the path of least resistance. Short sweet and simple. After all, better to remember than to reset. Wrong! Complexity lies in the length of your password, and even in the use of password phrases. Make your passwords as long as possible. Customize them by site and keep them different from each other.
  • Execute routine updates. An absent mind may end up with an empty computer. Set your updates to automatically execute.
  • Rinse and repeat. The tips we provided earlier are redundantly utilized to keep your online presence clean as possible. Follow those advices and improve your connection experience.

 

The Internet of Things

Americans loves toys and we have a lot of them. Our homes are filled with all the latest there is to offer, and we call them alarm monitoring systmes, cameras, Alexa, washing machines, garage door openers, sump pump systems, thermostats, light fixtures, computers, TVs and so much more. So, what is the big deal?

The Internet is a giant toy box for all of these toys. Who is in your toybox, and why should you care? Did you know:

  • All of these things and more contain sensing devices and can talk to another machine and trigger other actions. This means they can be talked to as well.
  • If we want to connect to these devices, we have to expose some of our private information to do it.
  • The security of these devices and your information is not always guaranteed or protected. An internet connection becomes an unlocked door to your stuff.

Knowing it is owning it. The best way to stay protected in an IoT world is to follow all of the previous tips we have suggested. Additionally, keep your home and business networks secure, and if possible, use Virtual Private Networks (VPN) as an additional layer of security. After all, what a bad guy cannot see he cannot steal.

Non-physical fires arising from Cyber security attacks are destroying American businesses every day. How we behave online works in direct correlation to what we deal with in unauthorized access to our devices and our data.

 

Do not be a Jiminy Clickit and always remember to have a safe browsing day.

Take an inside look at all three themes for 2019: Own ItSecure ItProtect It.

Your Customer’s Cyber Tune Up Is Way Past Due

Posted by on Jan 17, 2019 in Cyber Source | 0 comments

2018 has turned and the New Year is here.  Have you been writing Cyber Insurance for your customers for some time?  Or fairly new?  Have you been packaging them into the BOP?  Writing it with standard carriers?  Working in online programs offered by carriers and MGA’s?

If this is you, then you are in a need of a Cyber Tune Up.  Just what is a “Cyber Tune Up”.  Each year, exposures to new risks, changes in language and coverage, new regulations, and a host of other external factors combine to require an annual review of the coverage.

However, these times are even trickier, as agents and brokers are now being targeted for E&O claims as a result of their Cyber expertise, and more so, their lack thereof.  Are you confident that you have offered the best coverage available to your client?  Can you be sure that any gaps in your coverage are not customarily available with other carriers, including ones you may have quoted but not sold?

To be sure that your customer’s current policy is the right policy for them, be sure to consider these important areas of coverage:

Regulatory Liability

Has the carrier confirmed that they do have coverage for GDPR claims under the regulatory liability coverage part?

Cyber Crime

Does the policy include coverage for phishing attack loss, both first-party involuntary and voluntary parting, and third-party voluntary parting coverages?  What are those limits?

Business Interruption and Data Restoration

Is coverage triggered only by a security breach, or is any system interruption a trigger?

Dependent Business Interruption Coverage

If you outsource your systems and data, if your provider has an interruption that forces you into an interruption, will the policy respond?

Privacy Breach

Just what is a privacy breach and does it include failure to disclose of a privacy breach in a required manner, or failure to destroy private information within a required time frame?

Definitions/Exclusions

Are you familiar with all of the definitions that pertain to coverage?  Often, coverage gaps and coverage enhancement are buried within the language itself, rather than as a coverage part.  The same goes for the Exclusions.  In Cyber, a policy exclusion is usually not something that would have triggered under a coverage part anyways.

 

The truth is that you have due diligence to know what it is you are selling to your clients.  Cyber Liability Insurance is really a digital assets package policy, and it should be viewed and sold as such.

 

Let US Pro Insurance Services have a look under the hood and give your customer a Cyber Tune-Up today.

 

Choosing the Right Broker for Placing Cyber Insurance

Posted by on Nov 28, 2018 in Cyber Source | 0 comments

In a previous blog post, we stated that “Most agents have not been trained on how to sell it, and most commercial insureds don’t believe they need it or have any risk.  Bridging the gap between the two requires an understanding of what the Cyber Liability Insurance policy in question really does cover, and how it relates to the Insured in question.

This is the overwhelming part for agents, and the lack of real-time training on how these policies work, what coverages they provide, and why these coverages matter just doesn’t happen. Carriers promote their policies and what they cover, rather than teaching on what this coverage is needed for and by whom.

Compounding this problem is the variance in language between the carriers who offer Cyber Insurance.  So for an agent, they are bombarded with so many options.  Do I quote it as a part of a BOP or package policy?  Do I quote it monoline?  Do I quote it all?  If I do quote it, how do I explain why they need it?  How do I know one quote is better than the other?

A long time ago we wrote the 10 Commandments of Cyber.  The 1st commandment was to be an expert or use one.  Choosing the right wholesale broker partner to place Cyber Liability Insurance is the most essential part of the Cyber Insurance process.  Let’s look at the questions you need to ask and the reasons why each matters:

Training.

The first tool a broker can give his agent is training on what the coverage is and how to sell it.  Have you asked your current broker to do sales training for your staff?  If so, was it specifically by industry class?  Do they have a working understanding of each coverage part being quoted, and what impact it has on the exposures of its customer?

A properly trained agent will understand the liability parts of the Cyber policy vs. the property parts of a Cyber policy and how they work as a digital assets package policy to protect an Insured against non-physical fires.

Resource.

Does your current broker blog about current Cyber trends?  Do they write papers on how a coverage part works? Can they give insight on how to answer questions on the application?  Can they direct you to resources helpful in making sales presentations?   Can they help you assess what limits to purchase?

Having resources that break down in very elementary terms sophisticated coverage parts and questions simplifies the understanding process for agent and customer alike.  For example, the Teenagers and the Cloud blog posting is a funny way to understand the very real threat to fire created by putting your business into the cloud.  Having a guide to assess financial risk to a privacy breach, PCI DSS event, or Cyber Crime scenario helps explain these real time financial impacts your customer faces.  Being able to get a comparison of quotes by coverage part when needed.  A website devoted to these resources and a blog dedicated to making agents smarter salespeople.  These are valuable resources most brokers cannot and do not provide.

Education.

What is the GDPR?  What is voluntary parting?  What is the difference between phishing and whaling?  Is ransomware the same as extortion?

The ongoing education of our customers is a big priority of US Pro.  We want to train them to be great sales persons of the coverage.  But we want more to educate them on the trends in Cyber risk.  We want them to understand what the out of dollar pocket cost is for a PCI DSS breach in 2018 on a per card basis.  We want them to be able to explain to an Insured why employees are the top threat they have to a Cyber event.  When a properly trained agent who speaks with an educated and authoritative manner, a customer is more likely to purchase the coverage.

Knowledge

Perhaps the biggest question you need to ask is what does my broker really know?  Ask yourself and investigate.  Check their website out.  How many white papers do they write?  Are they blogging?  Do they do sales training?

The simple truth is most wholesale brokers know something about Cyber.  But few are going to be specialists in it, and even less will be experts.  What we know is that any expert broker of Cyber Insurance is making the Training, Resource, and Education of its agents its primary focus.  US Pro long ago made as its mission “Your Sale is our Success.” 

 We are recognized as one of America’s Cyber experts because of the work that we do the understand ALL of the carrier policy forms, and use our underwriting experience to explain them to our agents.  A properly educated and trained retail agent with resources in their arsenal will become a premier and value-added service to its customer.  

 Our sales training modules are valuable tools our agents have used that were created by our intimate knowledge of Cyber Insurance and how it impacts any one commercial insured.  We live in a digital world, and risk moves as quick as technology. 

Be sure that when you do use a broker, remember that first commandment.  USE AN EXPERT.

Choosing the Right Cyber Insurance Policy

Posted by on Nov 28, 2018 in Cyber Source | 0 comments

Cyber Liability Insurance can be overwhelming for both agents and their customers.  Most agents have not been trained on how to sell it, and most commercial insureds don’t believe they need it or have any risk.  Bridging the gap between the two requires an understanding of what the Cyber Liability Insurance policy in question really does cover, and how it relates to the Insured in question.

So why is choosing the right policy so important?  Let’s start with a couple of basic truths about Cyber Insurance, the digital world in which we live, and who is really at risk:

  1. Everyone with a network or a routine connection to the Internet has been breached.
  2. All commercial insureds (corporations, nonprofits, public entities/schools) have some form of risk covered by a Cyber policy
  3. The overwhelming cause of the such risk is the employee

This means that if you fall within 1, 2, or 3 above, you are in need of Cyber Liability Insurance, and unlike other insurances, the price of such insurance is far less expensive than the cost of out of pocket expenses for an event.

For example, although you pay for car insurance, you may choose not to file a claim if the damage is less than the possibility of paying higher premiums in the future as a result.  Cyber is not like this.  The average Cyber claim exceeds $200,000, the average Phishing attack loss is near $100,000, and these continue to rise.  Yet, Cyber prices continue to remain competitive and inexpensive.

In choosing your client’s Cyber Insurance policy, you must look at each coverage part as its own policy in itself.  Be sure to identify what the top threats are for each specific industry class you are working in, and prioritize those risks as compared to the coverage the carrier is providing.  What you are trying to do is marry the client exposure to the carrier coverage in your best attempt to avoiding the gapping of coverage through underinsurance or uninsurance.

Finally, keep a clear perspective of Cyber Insurance as a digital asset package policy.  There are many moving parts, and understanding how they work with each other is the key to choosing the cyber policy.  Follow these steps and make the right choice:

  • Identify what the top perils are for the industry class in question
  • Prioritize the top 3 perils in order of importance of coverage
  • Market the risk to carriers who have strong forms in those perils
  • Recommend the preferred choice based on the first 2 steps.

Remember, Cyber is like a forest fire.  Once a fire breaks out in one place, very quickly it had spread to multiple fires at the same time.

How Gapping of Coverage Occurs in Cyber Liability Insurance

Posted by on Nov 7, 2018 in Cyber Source | 0 comments

There are many different ways to Insure against Cyber Liability Insurance exposures in today’s marketplace.  The last 10 years have seen a lot of change in the coverage, as well as the number of carriers who write it.  Many package insurance policies now provide some form of protection against Cyber risks.

While retail agents have become more aware of the need to offer coverage, as much as 50% of all businesses and 70+% of small businesses still are not buyers of this coverage.  A big part of this is the lack of carrier education of retail producers of the need by industry class for the coverage and the right tools to sell it.

As a result, there is a significant gap in coverage for commercial insureds of all sizes and industry types across America.  The retail agent must have in order to properly protect their customer while at the same time protecting from a potential E&O claim against them.

There are three (3) primary ways that gapping occurs when insuring against Cyber exposures:

Segregation

Any risk providing technology services of some kind to its customers has an E&O risk, and such risk should always be written in combination with the Cyber Liability coverage.  When these are segregated, gapping occurs in determining the cause of a security or privacy breach.  Was it caused by the error or omission of the company providing the services?  Or was it the negligence of the employees/company of the company receiving the services?

When the same carrier writes both the E&O and Cyber together, this coverage dispute is eliminated and the Insured is protected for either scenario.

Underinsurance

Often times we see a retail agent who has packaged their customer’s Cyber coverage into an endorsement onto their BOP or CPP policies.  Other times we see them providing a coverage part in conjunction with their package policy.  Still, other times we find them placing their customer’s into separate, monoline low-cost Cyber Insurance policies.  Finally, we can also see insureds who are written into broad Cyber policies with brand name carriers. In all of these scenarios, the same danger to gapping occurs: “underinsurance”.  Underinsurance occurs when a commercial insured has purchased some form of Cyber coverage that does not provide the Insured with the broadest protection or enough protection, which exposes to them to both unfunded claims and underfunded claims.  Here is how it looks by each of the 4 scenarios:

  1. Package policy endorsements: The cheapest and easiest way to get some coverage, endorsements or riders to existing BOP and CPP policies offer protection from basic third-party lawsuits.  However, at the same time, they offer very little to no first party cost coverage.  Also, when they do provide the third party and/or any first party coverages, the limit of liability provided is usually lower than a monoline policy placement, and many times lower than what an Insured is actually exposed to in risk.
  2. Package policy coverage parts: Like their endorsement counterparts, these are more robust and broader coverage parts that are added to a CPP.  They often provide more of the first party coverage parts that a standard Cyber Liability policy would provide, however, like their endorsements, they still provide lower limits than what is needed, and some of the third and first-party coverage parts are still not included.  Further to this, the language of the coverage parts that are provided is not as broad as those coverages are for some of the other stand-alone policies in the marketplace, especially when looking at the triggers of coverage.
  3. Low-cost Cyber policies: Saving money up front is always a good thing- unless it is just costing you money in the long run.  Low-cost Cyber policies many times means low-coverage Cyber policies.  In today’s marketplace, a lot of the carriers provide coverage parts similar to the broadest Cyber policies out there.  However, the proof is always in the pudding, and almost always a low-cost policy compared to others who quote means there is some form of gapping happening.  Usually, it is in the lack of coverage found in the guts of the policy itself- sort of a “read the fine print” theory.  Be very careful and read policy triggers and definitions intently when choosing a low-cost Cyber Insurance policy.
  4. Brand name Cyber policies: Finally, there are always those agents and insureds who think that placing a Cyber policy with a well-known “Brand-name” household insurance company means they have the best coverage.  This is quite the contrary.  The boutique Cyber carriers have been the broadest coverage programs for many years, and have become leaders in the Cyber Insurance line of business because of their specific expertise in it.  Many of the larger and brand name carriers offer Cyber as another line of business.  As a result, they have visible holes in their coverage forms that retail agents must familiarize themselves with to avoid gapping in their coverage that could be avoided.

Uninsurance

Simply put, this is providing no insurance for Cyber exposures every commercial insured has.  This is where we are going to see the most problems arise for retail agents who are not offering Cyber coverage to their clients.  However, “providing no insurance” occurs in two ways, and a smart retailer will be wary of both of these traps to avoid a claim for gapping of coverage

  1. The first trap is to provide no insurance at all. Do not allow the commercial insured to dictate their exposure to Cyber risk to you.  Instead, educate them on the risks they face because of their industry class and despite their proactivity to protect against it.  Be sure to quote Cyber for every risk, and document BOTH your education of them to their risk and their declination of that risk AFTER being educated of it; and
  2. The second trap is to provide no insurance for specific coverage parts that an Insured has exposure to risk for. These include coverages such as Cyber Crime, Dependent Business Interruption, and Reputational Harm.  Be sure to understand what perils your client is facing because of his industry class, and provide quotes with coverage parts that address these top perils to avoid gapping.

Bridging the gap is a priority for every retailer when working in the Cyber Liability space.  Know what to look for, and which carriers offer the broadest coverages at the most competitive rates.  Be sure to be an expert, or use an expert like US Pro Insurance Services to help you avoid having any gaps.

Why a Business Should Buy Employment Practices Liability Insurance

Posted by on Oct 24, 2018 in Cyber Source | 0 comments

In 2018, 65% of all businesses are now buyers of this essential business coverage. It is no longer that is just an employer/employee workplace risk- the risk also extends to third parties that are exposed to your employees and workplace. This includes customers, vendors, delivery persons, visitors, and any others you or your employee comes into contact with in a corporate capacity.

A key finding from a recent survey of private companies was “the fact that more than half the respondents listed attracting and retaining quality employees as their top employment challenge. That being the case, it behooves companies to pay special attention to the area of Employment Practices Liability (EPLI), since fostering a respectful workplace — and addressing and resolving any situations that run counter to that cultural goal — will help them meet the challenge of attracting and keeping needed talent.”

In addition to this, claims covered under the EPLI policy represent a majority of the total reasons for claims under a combined management liability policy. These include claims relating to harassment, bullying, retaliation, and discrimination.

On an interesting note, this same survey took a closer look at the remaining 35% of those who continue to NOT purchase EPLI. The respondents listed these reasons as the top drivers of their choice to go uninsured:

• 37% had not experienced related incidents in the past
• 30% believe claims are covered by other business insurance (e.g., general liability or Business Owner’s Policy)
• 26% were not required to purchase (by contract or law)
• 24% said they “Don’t believe we need because business is privately held”
• 22% have company policies or procedures in place to prevent exposures
• 17% don’t believe there is a need because the business is family run
• 13% are not aware of this insurance coverage
• 7% said that coverage is not affordable/funding is not available

When faced with these reasons, you should present these counter arguments:

1. Prior claim experience is not an indicator of future claim risk. In addition, it is more difficult to get the coverage after a claim, and more expensive, than it would be had coverage already been in place at the time of a claim.

2. EPLI claims are unique to the EPLI policy. All other policies contain an exclusion relating to any “employment-related matters”. Since EPLI is not usually required to be purchased by law or contract, businesses should not use that as a marker for buying coverage.

3. Being either privately held or family owned has no bearing on the exposure to EPLI claims. Businesses should not confuse the risk to be limited to employee vs. employer claims. Third party claims account for many of the actions brought against businesses, therefore, the risk is an external as it is internal.

4. Having good policies and procedures in place is what makes you an excellent insured, but it doesn’t make you self-insurable. EPLI claims are costly, and they can occur against businesses with good policies and procedures in place just as they can against those who do not. It only takes a single incident to result in a loss, and those costs continue to rise.

5. EPLI is very competitive an affordable in 2018, and average claims are now over $100,000, which is multiples of the cost of a policy. All agents should make every commercial insured aware of this coverage, and for the reasons above, the need to buy this coverage. Pay special attention and concern to the risk of third party claims, and why employers just do not know of their exposure to this risk.

Today’s commercial insured will look at their insurance portfolio as a means of disaster planning. D&O, EPLI, and Cyber Liability insurance coverages are essential to every commercial entity. Rather than being offered or asking if they want a quote, they should be presented with options that make financial sense while being properly educated on their exposures to risk they just may not have seen.

Finally, offering the right protection to your customers will at the same time offer protection for you. A big reason today’s E&O carriers are paying claims is due to the un-insurance or underinsurance of these coverages for their customers. Diligence in understanding these policies and the risk they present to your customer is your best offense and defense simultaneously.

Employment Practices Liability Insurance- What’s In a Number?

Posted by on Oct 24, 2018 in Cyber Source | 0 comments

Statistics is an important tool.  Extremely useful for gaining support for or against making a decision, they really are much more than that.  Statistics tell a story about the subject matter, and in EPLI, the statistics are very revealing indeed.

We use a lot of numbers and percentages, and sometimes they are used so much that we just glaze over them.  In one ear and out the next.  But today we will break down some important numbers and the real-life impact they have on your customer’s everyday business life:

65/35%

65% of businesses today are buyers of EPLI.  35% of businesses do not buy EPLI.  This is a risky bet for those in the latter group based on many of the below facts.

$102,915

The average loss for an EPLI claim today is now exceeding $100,000.  Third party claims, wage and hour disputes, high-income wage earner suits, spikes in EEOC complaints, and litigious attitudes of younger employees are driving this figure up.

91,503=$480,000,000

2016 statistics from the EEOC found there were 91,503 total charges of workplace discrimination that were filed.  These charges resulted in penalties and awards that totaled more than $480 million dollars in damages

41%

Many are surprised to find that 4 in every 10 lawsuits filed for EPLI actions are filed against small business with less than 100 employees.  This is only 6% less than those filed against large companies with more than 500 employees.  Yet, many of those in the 35% bucket who do not buy EPLI today are these same small businesses.  Fascinating.

$75,000 vs $217,000

So why do you really buy EPLI?  The real reason is to pay for the defense costs when the claim does come.  This is not more plainly seen than comparing the settlement to the trial.  An EPLI claim that is settled averages $75,000 in damages awarded.  However, one that goes to trial instead is almost 3 times that amount, averaging $217,000.  There is a real value into having an effective insurance policy that can properly defend you in the event of a claim.

21st

The biggest problem of all is the turn of the century.  With the turn of the century also came an increase in claims.  Employees in 2018 are far more likely to bring suit against their employer than they were in the 1990s.  Consider that within the last 20 years, overall employee lawsuits are up 400%, and wrongful termination lawsuits have increased by 260%.  This means that your chances of being sued for an employment-related matter are now greater than having any kind of fire in your property.

The top reasons employers were sued in 2017 are as follows:

  • 13% sexual harassment
  • 11% wrongful termination
  • 11% retaliation
  • 10% discrimination
  • 8% workplace bullying/intimidation

All of these statistics combine to paint a very clear picture of the need to have the right coverage in place.  Share this information with your customer so they can make better decisions about how to properly disaster plan for their business.

Wage and Hour Coverage: What’s New?

Posted by on Oct 18, 2018 in Cyber Source | 0 comments

Wage and Hour Coverage, also known as FLSA coverage, provides for a sublimit of coverage to defend an Insured against claims arising from wage and hour disputes under the Fair Labor Standards Act. The importance of this coverage for all commercial risk types must be considered when quoting the Employment Practices Liability Insurance.

The FLSA is continuously reviewed as complaints continue to be litigated alleging employer violations of it. Notably, it is reinterpreted over the years, and has evolved through time.

Jackson-Lewis, a firm that leads in the areas of employment practice law, noted in their Wage & Hour Law Update some interesting takeaways recently in this specific area. An excerpt of this article, written by Jefrrey W. Brecher and Eric Magnus, states as follows:

“The most recent opinion letters address (with links to the letters themselves):

FLSA 2018-20: Whether time spent by employees voluntarily attending benefit fairs and undertaking wellness activities such as biometric screening, weight-loss programs and use of an employer-provided gym, are considered compensable working time (it is not).

FLSA 2018-21: Whether 29 U.S.C. § 207(i), the commissioned sales employee overtime exemption, applies to a company’s sales force that sells an internet payment software platform (under the facts presented, it does). Notably, this opinion letter is the first acknowledgement by the DOL of the Supreme Court’s recent holding in Encino Motorcars LLC v. Navarro, 138 S. Ct. 1134 (2018), that FLSA exemptions are to be given a “fair reading,” rather than a “narrow construction” as previously applied by the Department and many courts.

FLSA 2018-22: Whether members of a non-profit organization who serve as credentialing examination graders for one to two weeks per year, and who are not paid for their services but are reimbursed for their expenses, may properly be treated as volunteers rather than employees (under the facts presented, they may).

FLSA 2018-23: Whether 29 U.S.C. § 213(b)(27), exempting from overtime employees who work at a movie theater establishment, likewise applies to those employees who work at dining services operated by, and accessible only within, the theater (it does).”
 

The entire article can be read at https://www.wageandhourlawupdate.com/ which US Pro highly recommends.

Despite each of these opinions favoring the employer, the risk to a wage and hour complaint being brought by non-exempt employees continues to rise, and in some industry classes, remains a very big risk. It is preferred to purchase an EPLI coverage form that includes some limit of wage and hour coverage.