As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy continues to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses.
In an age where a stolen laptop or data breach can instantly compromise the personal data of thousands of customers, protecting your business from cyber liability is just as important as some of the more traditional exposures businesses account for in their commercial general liability policies.
Claims Scenario: Outsourcing Gone Wrong
The company: A national construction company that outsources some of its cyber security protections
The challenge: A construction firm partnered with a third-party cloud service provider in order to store customer information. While this service helped the company save on server costs, the third-party firm suffered a data breach.
As a result, the construction firm had to notify 10,000 of its customers and was forced to pay nearly $200,000 in incident investigation costs. The incident was made worse by the fact that the firm did not have a document retention procedure, which complicated the incident response process.
Cyber liability insurance in action: Following a data breach or other cyber event, the right policy can help organizations recoup a number of key costs. Specifically, cyber liability policies often cover investigation and forensics expenses—expenses that can easily bankrupt smaller firms who forgo coverage.
What’s more, when third parties are involved, managing litigation concerns can be a challenge. By using cyber liability insurance, organizations have access to legal professionals well-versed in cyber lawsuits and response.
Claims Scenario: Pardon the Interruption
The company: An online retail store that relies heavily on e-commerce
The challenge: A small-sized, online retailer partnered with a data centre to host its website and store its data. This is not uncommon, as many small businesses don’t have the IT infrastructure to host products, process payments and fulfil orders on-site.
Unfortunately, the data centre was targeted in a distributed denial-of-service (DDoS) attack. As a result of this attack, the retailer’s website went down for several days. While functionality was eventually restored, business interruption costs from lost sales and website downtime was over $165,000.
Cyber liability insurance in action: DDoS attacks are one of many weapons cyber criminals use to infiltrate and disrupt businesses. These attacks can impact any organization that owns a website, regardless of where it’s hosted.
Cyber liability insurance is one of the only protections organizations have against costly DDoS attacks and similar disruptions. This is because cyber policies offer business interruption loss reimbursement. Following a disruption caused by a cyber event, policies kick in and help organizations recover from any financial losses.
Benefits of Cyber Liability Insurance
- Data breach coverage—In the event of a breach, organizations are required by law to notify affected parties. This can add to overall data breach costs, particularly as they relate to security fixes, identity theft protection for those impacted by the breach and protection from possible legal action. Cyber liability policies include coverage for these exposures, thus safeguarding your data from cyber criminals.
- Business interruption loss reimbursement—A cyber attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber attack may also be covered.
- Cyber extortion defence—Ransomware and similar malicious software are designed to steal and withhold key data from organizations until a steep fee is paid. As these types of attacks increase in frequency and severity, it’s critical that organizations seek cyber liability insurance, which can help recoup losses related to cyber extortion.
- Legal support—In the wake of a cyber incident, businesses often seek legal assistance. This assistance can be costly. Cyber liability insurance can help businesses afford proper legal work following a cyber attack.
When cyber attacks like data breaches and hacks occur, they can result in devastating damage. Businesses have to deal with business disruptions, lost revenue and litigation. It is important to remember that no organization is immune to the impact of cyber crime. As a result, cyber liability insurance has become an essential component to any risk management program.
Cyber exposures aren’t going away and, in fact, continue to escalate. Businesses need to be prepared in the event that a cyber attack strikes. To learn more about cyber liability insurance, contact Scurich Insurance today.
Read more
Continuity is critical in business, and there are few things more important than continuous revenue and cash flow, particularly for small to medium-sized organizations. In fact, just one brief business interruption can be incredibly costly for an organization, often leading to serious reputational damages or long-term closures.
That’s where business interruption insurance can help. This form of coverage provides protection against a variety of common interruptions, including natural disasters, equipment damage and vandalism.
Claims Scenario: You’re Fired
The company: A small, family-owned bagel shop.
The challenge: Following a recent fire, a bagel shop experienced major property damage. Not only were substantial repairs needed, the company lost crucial baking equipment.
Repairs for the damaged property and equipment were expected to take three months – a significant amount of lost time and revenue.
Business interruption insurance in action: Following a covered disruption, business interruption insurance can help businesses of all sizes stay afloat and recover quickly. This is because business interruption insurance can reimburse income organizations would have received had they been able to operate.
This was particularly important for the bagel shop, as paying for costly repairs and not having a steady flow of income could have bankrupted the business. With the right policy, organizations can take the necessary steps to get back up and running, all without sacrificing day-to-day income.
Claims Scenario: Relocation, Relocation, Relocation
The company: A mid-sized auto dealership.
The challenge: After a night of severe flooding, a number of area businesses experienced substantial water damage. Of these businesses, an auto dealership was hit the hardest, losing the majority of its inventory.
In addition, because the lot was flooded, the dealership had to move its operations to a new location. This, in turn, meant the dealership had to sign a new lease and cover steep moving expenses.
Business interruption insurance in action: In the face of a disaster or other disruptions, organizations may be forced to move locations in order to remain open. Without the proper policy, organizations would have to pay for these costs out of pocket.
Thankfully, business interruption insurance can reimburse organizations for all of the costs associated with a move.
Benefits of Business Interruption Insurance
- Revenue – In the event of a disruption, business interruption insurance provides coverage for income your business would have earned during a closure period if it had been operating normally.
- Rent or lease payments – Even if your premises are unusable following a disaster or other event, many leases still require that you make payments. Business interruption insurance allows you to continue making rent or lease payments, even while your business is not operating.
- Relocation – In the event that your primary location is unusable following a disaster or other event, you will likely have to relocate in order to remain open and continue generating revenue. Business interruption insurance can cover the expenses of moving your business to a temporary location and may include both moving and rent costs.
- Employee wages – If you are unable to operate, it is likely you will not be able to continue paying employees. Business interruption insurance can help you avoid losing staff while you’re closed by ensuring that you make payroll.
- Loan payments – If you have an outstanding loan, you will need to continue to make payments even if your business isn’t fully operational. Business interruption insurance will ensure you never miss a payment until you are fully operational again.
Read more
Your small business tax returns may not be due until April, but now’s the time to start your tax prep so you’re ready for the big day. As you gather documents and compile receipts, consider the commercial insurance premiums you can deduct as business expenses.
IRS Expense Deduction Guidelines
According to the Internal Revenue Service (IRS), small businesses can deduct ordinary and necessary costs associated with doing business. Certain insurance premiums fall into this category of deductible expenses.
Insurance Premiums you can Deduct
Here’s a partial list of business insurance premiums you may be able to deduct on your tax return.
- Auto insurance for commercial vehicles the business owns if you deduct the actual cost of the vehicles and not the standard mileage deduction.
- Business interruption insurance that covers lost profit if a covered event causes a temporary business shut down.
- Credit insurance that pays for losses caused by bad business debts.
- Group health insurance premiums if the company’s employees, managers and owners benefited and the policy is written in the business’s name.
- Liability insurance that covers accidents.
- Life insurance for officers and employees if you are not the beneficiary of any of those policies.
- Long-term care insurance available to employees, managers and owners.
- Malpractice insurance for personal liability that occurs because of professional negligence.
- Overhead insurance, which covers business expenses if you become disabled.
- State unemployment insurance fund contributions if they are taxed under your state’s law.
- Workers’ Compensation Insurance that covers employees’ occupational injuries or illnesses.
Insurance Premiums you Cannot Deduct
IRS rules prevent your business from deducting several insurance premiums, including:
- Certain life insurance or annuity premiums
- Insurance premiums paid to secure a loan
- Personal insurance premiums
- Self-insured reserve payments
- Sickness or Disability insurance premiums
How to Calculate Insurance Premium Deductions
To calculate your insurance premium deductions, gather your records and add all the allowable premiums you paid during the tax year. Include this figure with your other business deductions on IRS Form 1040. You can find additional helpful information about tax deductions in IRS Publication 535, the Business Expenses worksheet, and IRS Publication 334, the Small Business Tax Guide.
Insurance protects your business and offers invaluable peace of mind. Talk to your qualified professional tax preparer now as you prepare to file your taxes. He or she will evaluate your specific insurance policies and business circumstances, help you calculate your deductions properly and assist you in maximizing your tax return this year.
Read more
One of the biggest factors that goes into your workers’ compensation premiums are the classification codes for each type of work done at your business. Each of these codes has an associated loss cost that represents the expected amount insurers will need to pay for a claim. And even though each of these costs are standardized by the National Council on Compensation Insurance or state governments, your actual premiums may be higher because of a concept called loss cost multipliers.
What are Loss Cost Multipliers?
Standard loss costs are the amount insurers pay for a policy’s coverage, such as medical care, prescriptions and lost wages. However, many insurers face significant overhead costs when handling a claim and transfer these charges to policyholders with loss cost multipliers. Essentially, these multipliers reflect an insurance carrier’s expenses, such as:
- Payrolls
- Commissions
- Taxes, licenses and fees
- Sales and marketing charges
- Rent and utilities
Because each insurer operates differently, they all need to file separate loss cost multipliers with state insurance agencies. But, since multipliers alter standard loss costs and can vary greatly between different insurers, businesses may discover unexpectedly high premiums.
How Multipliers Impact Your Premiums
To determine a standard premium, insurers first take the loss cost for a specific employee classification code and factor in their unique loss cost multiplier. This figure is called the rate, which is then applied to your payroll to calculate a standard premium.
Insurers also weigh other factors to determine your final premium, such as your experience modification rate. However, because some insurers have loss cost multipliers of 2.0 or more, standard premiums have a significant impact on the final price of your policy.
How to Save on Workers’ Compensation
Although it may seem strange to pay for another company’s expenses through loss cost multipliers, there are still ways to save on workers’ compensation:
- Look up each insurer’s multiplier on your state insurance agency’s website when you buy or renew a policy.
- See if insurers use separate loss cost multipliers for different employee classification codes.
- Check with insurers to determine if they use various underwriting companies with unique loss cost multipliers.
- Call us at 831-661-5697 to discuss all of your workers’ compensation needs.
Read more
On Jan. 23, 2019, the Occupational Safety and Health Administration (OSHA) published a final rule that increases the maximum penalty amounts the agency may assess against employers that violate workplace health and safety requirements. For most violations, the new maximum penalty amount is $13,260. For willful or repeated violations, the new maximum penalty amount is $132,598.
Federal law requires OSHA to increase its penalty amounts by Jan. 15 every year. Because the federal government shutdown delayed the increases for 2019, however, OSHA announced the new amounts in a “pre-publication” version of the final rule issued on Jan. 15, 2019. Now that the final rule has been officially published, the new amounts apply for any civil penalties assessed after Jan. 23, 2019.
Employers should become familiar with OSHA’s new penalty amounts and review their workplace policies and practices to ensure compliance with OSHA requirements.
Federal law requires OSHA to adjust its civil monetary penalty levels for inflation no later than Jan. 15 of each year. Under the law, adjustments are made by issuing a final rule that becomes effective on the day it is officially published in the Federal Register. On Jan. 15, 2019, OSHA issued an unofficial final rule to increase the maximum penalty amounts for 2019. However, the federal government shutdown delayed the rule’s official publication. The final rule was officially published on Jan. 23, 2019.
Penalty Changes for 2019
The table below compares current penalty limits to the increased amounts for 2019 outlined in OSHA’s final rule. The new amounts apply to any penalties OSHA assesses after Jan. 23, 2019.
|
MAXIMUM PENATIES |
| VIOLATION
|
CURRENT
|
EFFECTIVE JAN. 23, 2019
|
| Other-than-serious violation
|
$12,934 per violation
|
$13,260 per violation
|
| Serious violation
|
$12,934 per violation
|
$13,260 per violation
|
| Failure to comply with posting requirements
|
$12,934 per violation
|
$13,260 per violation
|
| Failure to correct a violation
|
$12,934 per day until corrected
|
$13,260 per day until corrected
|
| Repeated violation
|
$129,336 per violation
|
$132,598 per violation
|
| Willful violation
|
$129,336 per violation (also subject to a minimum of $9,239 per violation)
|
$132,598 per violation (also subject to a minimum of $9,472 per violation)
|
Please contact Scurich Insurance or visit OSHA’s website for more information about OSHA penalties.
Read more
Cyber security threats and trends can change year over year as technology continues to advance at alarming speeds. As such, it’s critical for organizations to reassess their data protection practices at the start of each new year and make achievable cyber security resolutions to help protect themselves from costly breaches.
The following are resolutions your company can implement to ensure you don’t become the victim of a cyber crime:
- Provide security training—Employees are your first line of defense when it comes to cyber threats. Even the most robust and expensive data protection solutions can be compromised should an employee click a malicious link or download fraudulent software. As such, it’s critical for organizations to thoroughly train personnel on common cyber threats and how to respond. Employees should understand the dangers of visiting harmful websites, leaving their devices unattended and oversharing personal information on social media. Your employees should also know your cyber security policies and know how to report suspicious activity.
- Install strong anti-virus software and keep it updated—Outside of training your employees on the dangers of poor cyber security practices, strong anti-virus software is one of the best ways to protect your data. Organizations should conduct thorough research to choose software that’s best for their needs. Once installed, anti-virus programs should be kept up to date.
- Instill safe web browsing practices—Deceptive and malicious websites can easily infect your network, often leading to more serious cyber attacks. To protect your organization, employees should be trained on proper web usage and instructed to only interact with secured websites. For further protection, companies should consider blocking known threats and potentially malicious webpages outright.
- Create strong password policies—Ongoing password management can help prevent unauthorized attackers from compromising your organization’s password-protected information. Effective password management protects the integrity, availability and confidentiality of an organization’s passwords. Above all, you’ll want to create a password policy that specifies all of the organization’s requirements related to password management. This policy should require employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters in their password.
- Use multi-factor authentication—While complex passwords can help deter cyber criminals, they can still be cracked. To further prevent cyber criminals from gaining access to employee accounts, multi-factor authentication is key. Multi-factor authentication adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information (e.g., a phone number, unique security code) when attempting to access corporate applications, networks and servers.
- Get vulnerability assessments—The best way to evaluate your company’s data exposures is through a vulnerability assessment. Using a system of simulated attacks and stress tests, vulnerability assessments can help you uncover entry points into your system. Following these tests, security experts compile their findings and provide recommendations for improving network and data safety.
- Patch systems regularly and keep them updated—A common way cyber criminals gain entry into your system is by exploiting software vulnerabilities. To prevent this, it’s critical that you update applications, operating systems, security software and firmware on a regular basis.
- Back up your data—In the event that your system is compromised, it’s important to keep backup files. Failing to do so can result in the loss of critical business or proprietary data.
- Understand phishing threats and how to respond—In broad terms, phishing is a method cyber criminals use to gather personal information. In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information. These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information. Phishing is becoming more sophisticated by the day, and it’s more important than ever to understand the different types of attacks, how to identify them and preventive measures you can implement to keep your organization safe. As such, it’s critical to train employees on common phishing scams and other cyber security concerns. Provide real-world examples during training to help them better understand what to look for.
- Create an incident response plan—Most organizations have some form of data protection in place. While these protections are critical for minimizing the damages caused by a breach, they don’t provide clear action steps following an attack. That’s where cyber incident response plans can help. While cyber security programs help secure an organization’s digital assets, cyber incident response plans provide clear steps for companies to follow when a cyber event occurs. Response plans allow organizations to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damages.
Read more