Gulfshore Insurance > Gulfshore Blog > Commercial Risk Management

Did you know that…

  • More than half of U.S. businesses have experienced a cyber attack in the past year.
  • Of those businesses hacked, 72% spent $5,000 or more.
  • 1 in 9 system compromises happen in under a minute.
  • 83% of compromises took a week or more to detect.
  • All 50 states require notification when a data breach occurs.

 

In recent years, cybersecurity threats have become increasingly complex, and businesses of all kinds – including the construction industry – face ever-growing risks to their reputation, their finances, their continuity of operations, and even to the safety of their job sites and equipment. A recent Forrester survey revealed that more than 75% of respondents in the construction, engineering and infrastructure industries had experienced a cyber-incident within the last 12 months. It is projected that cyber crime will cost businesses approximately $6 trillion per year on average through 2021.

Cyber threats can expose all of a company’s digital assets: business plans and acquisition strategies; proprietary construction plans and designs; customer, contractor, and supplier lists and pricing; personally identifiable information of employees and contractors; protected health information of personnel; and facilities security information. Cyber risk can also cause business interruption and reputational harm: for example, a ransomware attack might not lead to a loss of information, but by shutting down a company’s computer networks, and potentially destroying information, it can cause an enormous amount of lost productivity and business delay. And the ability for cyber attackers to hijack physical devices – from security cameras to vehicle telematics to industrial control systems – means that there is an ever-increasing risk of property damage and personal injury due to cybersecurity incidents.

There are a number of ways to mitigate cybersecurity risk, including:

  • Policies and training. The very best IT can’t prevent human error. It’s essential to implement clear policies on cybersecurity basics like use of strong passwords, multi-factor authentication, use of encryption for sensitive data, and restrictions on the use of removable media. It’s also essential to train employees on best practices, including how to recognize potential phishing emails and sensitive information to which they have been granted access.
  • Vendor management. Contracts with subcontractors, suppliers, and others are an essential component of mitigating cyber risk. Legal review of representations and warranties about the cyber practices of a business partner, along with appropriately tailored indemnification and hold harmless provisions, can be a foundation for mitigating cyber risk associated with doing business with third parties.
  • Insurance. Cyber insurance is widely available and can be an effective component of an overall insurance program. Most cyber policies cover the costs of forensic investigation and breach notification associated with a cyber incident, but many do not cover other costs that could be associated with a cyber incident. For instance, a business email compromise, in which a spoofed email dupes a company into wiring money or employee information to a fraudulent account, is often covered under a crimes policy. However, property damage, personal injury, and environmental damage, all of which are possible consequences of a cyber-attack, may be more likely excluded from cyber coverage and, instead, covered under general liability or other policies. Because of the many ways in which cyber threats can play out, and the intricacies of the intersection of various insurance coverages, it is essential to assess cyber coverage in the context of a comprehensive insurance program.

 

Cyber-attacks now occur to every class and size of business. Although the steps listed above can’t eliminate cyber risk altogether, they can greatly reduce the likelihood of an incident, and reduce its cost and impact if one occurs. The high cost of cyber-attacks makes going without cyber insurance a real risk.

Working with a trusted insurance agent who has proven expertise in cyber security and familiarity with the unique risks posed to the construction industry is the best way for companies to ensure that they are adequately covered.

Under a change to an NCCI rule, policyholders must now report any changes in the ownership of their business to their insurance carrier within 90 days.

When the ownership of a business changes, such as through a sale, transfer, merger, consolidation, or formation of a new entity, the change can affect your workers’ compensation experience modification factor (“mod”) that is assigned by NCCI. In the past, application of a revised experience mod, due to ownership change, was effective on the date a policyholder reported the ownership change. If the ownership change was reported to NCCI within 90 days of the change, the revised mod was applied as of the date of the change. If the ownership change was reported more than 90 days after the change, the revised mod was only applied as of the next rating effective date.

NCCI was concerned that policyholders were delaying their reporting of ownership changes/combinability status in order to delay a change in their current experience mod, so they proposed a change to the rule. NCCI determined that ownership and/or combinability status changes should be reflected in the purchaser’s and the seller’s mods as quickly as possible to ensure that the correct premium for the exposure is charged.

As of January 1, 2019, businesses have 90 days to report changes in their ownership in writing to their insurance carrier. Reporting may be done via a Confidential Request for Information Form (ERM-14), or in a narrative on your company letterhead and signed by an officer. If the change in ownership results in NCCI recalculating your experience mod, the insurance carrier will apply the new mod retroactively to the date of the change in ownership, regardless of whether the revised mod is an increase or a decrease.

The rule change also now requires all policyholders to report ownership changes to their workers’ compensation provider, even if the policyholder is not experience rated.

As always, if you have any questions regarding this update, please feel free to contact us. We are here to help.

On March 7, 2019, the U.S. Department of Labor (DOL) released its long awaited proposed rule to amend current overtime regulations. Specifically, the proposed rule would raise the minimum salary threshold under the Fair Labor Standards Act (FLSA) “white collar” exemption to $35,308 per year ($679 per week). The proposal does not call for automatic adjustments to the salary threshold; however, it does propose updates to the salary threshold every four years.

Currently, employees with a salary below $455 per week ($23,660 annually) must be paid overtime if they work more than 40 hours per week. Employees making at least this salary level may be eligible for overtime based on their job duties. This salary level was set in 2004.

Full information about the proposed rule is available here.

Next Steps

The public will now have 60 days to submit comments about the proposed rule electronically at www.regulations.gov. The DOL will take time to review submitted comments and an effective date for the final rule is not expected until 2020.

Gulfshore Insurance will continue to monitor any updates to the FLSA exemption rules and provide updates as they become available.

The National Flood Insurance Program (NFIP) just announced changes effective April 1, 2019 and January 1, 2020. The changes outlined below apply to new business and renewals that will become effective on or after April 1, 2019. The premium changes for Preferred Risk Policies (PRPs) and Newly Mapped procedure policies will become effective January 1, 2020.

Premium Increases and Surcharges
Average increase of 7.3%. These amounts do not include the HFIAA surcharge or the Federal Policy Fee (FPF).
For policies issued on or after April 1, 2019, there will be no changes to:

  • Deductible Factors
  • Federal Policy Fee
  • Reserve Fund Assessment
  • HFIAA Surcharge
  • Probation Surcharge


Pre-FIRM Subsidized Policies (a group of policies in SFHA Zones A, AO, AH, A1-30, AE, A99, AR, AR/A1-30, AR/AE, AR/AO, AR/AH, AR/A, V1-30, and VE, that receive rates insufficient to pay the anticipated losses and expenses for that group)

  • Other Pre-FIRM Subsidized Policies Not Subject to 25% Annual Increases: These are primarily condominium policies and multifamily policies. Premiums will increase 9%, with a total amount billed increase of 8%.


V Zones (coastal high-velocity zones)

  • Rate increases are being implemented again this year as a result of the Heinz Center’s Erosion Zone Study, which clearly indicates that current rates significantly underestimate the increasing hazard from steadily eroding coastlines.
  • Post-FIRM V Zones: Premiums will increase 6%, with a total amount billed increase of 6%.


A Zones (non-velocity zones, which are primarily riverine zones)

  • Post-FIRM A1-A30 and AE Zones: Premiums will increase 4%, with a total amount billed increase of 3%.
  • AO, AH, AOB, and AHB Zones (shallow flooding zones): Some policies within this rating category will have premium changes; however, for the entire category the average premiums and total amount billed will remain unchanged.


X Zones (zones outside the Special Flood Hazard Area)

  • Standard-Rated Policies: Premiums will increase 1%, with a total amount billed increase of 1%.

Click here to download the summary

Introduction

In the 1980’s, Congress amended the Social Security Act to include the Medicare Secondary Payer Act (MSP), which effectively enacted Medicare liens.  In 2003, the Government clarified its position that self-insured entities were also included in the MSP in passing the Medicare Act of 2003.  Prior to the Act, Medicare did not have an efficient mechanism to identify or evaluate instances where Medicare’s liability should have been secondary.  In 2003, the government took no steps to actively pursue settling Medicare eligible plaintiffs.  Medicare lacked efficient mechanisms to pursue cases where its liability should have been second to the responsible party.

On December 29, 2007, the Medicare, Medicaid, and SCHIP Extension Act of 2007 (MMSEA) was signed into law.  MMSEA amended the MSP to impose new reporting duties on liability insurance plans, private self-insured entities, Group Health Plans, no fault insurance plans and Workers’ Compensation plans. Read more