This article was originally published on Insurance Journal.
The heightened fear and anxiety that COVID-19 is causing people worldwide brings vulnerable targets for cyber hackers.
“We are living in a heightened time of cyber risk. Cyber criminals will take advantage of public fear and due diligence health measures to generate coronavirus-themed phishing attacks. We should be aware of unsolicited COVID-19 emails with specious links or attachments,” says Virginia Tech expert David Simpson.
In addition to scams that prey on people’s fear — the uncertainty and doubt regarding their own health — Simpson explains that the increased utilization of voice, video and data to replace in-person contact will open new threat vectors.
As many organizations shift to remote work environments, Simpson offers the following tips to avoid online scams:
Employees working from home for the first time will potentially use PCs, laptops, tablets, and smartphones that are not protected to the same level as workplace devices. Consider using additional risk reduction measures like document and file encryption, VPNs, regular scanning and other best practices to lower the potential for business intellectual property or financial theft.
The use of company credit cards to replace more rigorous financial office processes can expose business accounts. Employers should work with their banks and credit card companies to reduce exposure and limit potential losses should an ad-hoc process compromise account information.
Time and attendance programs for employees that don’t normally work from home are commonly exploited. Employees want to and think they are doing the right thing to document their time, but they can be directed to a false site and ultimately fooled into sharing credentials that incrementally lead to more sensitive accounts.
Increased network traffic from massive telework can lead to network disruptions. Employee attempts at workarounds can incorrectly set up VPNs or not recognize traffic re-direct attacks. Distributed denial of service attacks can not only shutdown work functions but can also lead to less secure workarounds.
Companies should take steps to ensure their employees know where to call when suspicious events occur, staff up to handle non-standard helpdesk issues and err on the side of caution for IT environments they have little control over.
Organizations that were used to getting “in-person” permission to do something are now implementing new approval processes that could be susceptible to man-in-the-middle attacks. They should be thinking about multi-factor authentication for newly established ad-hoc practices.
Originally posted on ClearRisk by Rebecca Webb.
Many companies do not keep claims information internally. They simply defer this record-keeping process to their insurance provider. However, there are several benefits to tracking this data in-house.
While it may be a bit of an adjustment at the start, you will quickly see a return on your investment as your risk management department and your organization as a whole benefits.
4 Reasons to Track Claims In-House
1. Track incidents as well as claims
If you don’t record or manage information in-house, it is likely that records are only created when you need to report a claim to your insurance provider. This means that you will only gather data on claims, where a formal case is brought against you, and not incidents.
However, incidents are the number one indicator of claims and can allow you to prevent predictable losses.
2. Identify trends and decrease losses
Having ownership of claims data means you can incorporate incidents and self-insured claims into your overall risk analysis. This will give you a more accurate and complete picture of where your risks lie and what trends are present.
For example, if ten people slip on your front step and you only record the one who tries to sue you, you would have no idea that there was historical data that could have predicted and prevented this outcome. With this tactic, you can better identify issues before they become claims and implement proper mitigation techniques, making occurrences less frequent and less severe.
Without tracking information in-house, this type of analysis is impossible.
3. Receive better insurance premiums
Insurance companies want to insure businesses that have “good” risk – those that they feel will have a minimum amount of losses.
A loss ratio is the premium paid divided by the cost of claims incurred. A low loss ratio will make your company attractive to insurers, which will result in competition over your account and lower premiums. Also, managing claims in-house will allow you to raise your deductible to the optimum level. The general principle is: the higher the deductible, the lower the premium.
By analyzing past losses in conjunction with insurance premium quotes for different deductible options, it becomes clear which deductible is best. If you raise this amount and agree to pay a higher portion of claim costs, the insurer will provide a discount on the premium payments in return.
Assuming you are financially able to pay this higher deductible, this strategy will save you money in the long run as the monthly savings will likely outweigh the higher cost if an accident occurs.
For more information on how strategically raising your deductible lowers premiums and saves your company money, check out this article. Internally handling claims data also means that you will have a complete and accurate record of losses if you decide to switch insurance providers.
4. Ensure compliance and productivity
It will be easier for your employees to understand the purpose and benefits of risk management practices if data is easily accessible. Compiling data and reports will be less time-consuming, as you will not have to rely on anyone but your internal risk management team.
Employees in other departments may also be more comfortable working with people within your company than those from an external insurance provider.
Originally posted on Insurance Business America by Alicja Grzadkowska.
Despite the onslaught of natural disasters and cyber incidents seen in the past year, many people are still unprepared for dealing with crises. It’s not just the 83% of homeowners who are vulnerable to hurricanes, flooding, and other weather events because of a lack of preparedness – even global multinationals don’t necessarily have plans in place should they have to deal with a major hit from a storm or hacker, according to one expert.
“At least 50% of companies have a limited to no grip on the business implications of a cyber attack on their day-to-day operations. They’re thinking about it as an IT problem,” explained David Nolan, CEO and founder of Fusion Risk Management, a provider of business continuity and risk management solutions. “They’re not thinking about it as a business problem.”
Take Facebook, said Nolan. If companies were good at having foresight about potential crises, the social media giant’s leaders would’ve been able to predict the fallout of providing such widespread access to its users’ data. And when it comes to nat cats, organizations are still using spreadsheets and static documents that don’t lend themselves well to maintaining and incorporating accurate forecasting and analytics, said Nolan.
“There’s a lot of forgiveness in this world for acts of god and cyber attacks because everybody has to face them, but I don’t think there’s a lot of tolerance for people being unprepared and not having given it significant thought,” he said.
Just as corporations will want to stay on top of what’s new in technology and find ways to incorporate tools to cut down on costs and increase efficiency, understanding what’s cutting edge in risk management and business continuity planning is likewise crucial to preventing losses and protecting a company’s reputation.
“We’re the ones protecting the brand equity – the things that are essentially uninsurable – while the insurance companies are covering their part of that,” explained Nolan. “Ours is a management system for managing these risks to avoid them or to be able to respond effectively in the event that one of them happens.”
Fusion thinks about business continuity and resilience using four scenarios: workplace disruption, workforce disruption, supply disruption or technology disruption. Acts of terrorism or volcanic eruptions and any kind of catastrophe in between could result in one of these situations.
Companies should be thinking about what happens if they lose a key asset or location, and what operations would be impacted, as well as how that loss would materially affect their ability to deliver products and services, according to the CEO. Fusion can help simulate that potential fallout and, when a risk becomes reality, provide answers on how to manage it instantaneously.
“If an executive is trying to deal with a crisis, we’re going to know exactly what happened, we’re going to know what the direct damages are, we’re going to know what the collateral damages are, we’re going to know what our resources are, we’re going to know what our expectations should be because we will have simulated an actual response,” said Nolan.
One example of a Fusion client that dealt with a problem and was able to avoid major losses was a business in Florida that was preparing for the approaching hurricane, which could’ve come across the Gulf, the west coast of the state or the east coast and hit the Carolinas.
“They were able to model those scenarios in advance and, before the hurricane hit, they were able to make adjustments in where their products were shipped,” said Nolan. “They adjusted their logistic operations and they essentially kept all of the supply assets outside of the impact zones, and essentially avoided any disruption because they didn’t continue to move product or supplies or even people inside an area that was potentially going to get hit.”
Fusion works with some of the largest companies in the world and counts around 80 Fortune 500 firms among its clientele, along with many companies as small as 500 employees or less. The team has seen firsthand how important having a plan in place, besides just property and casualty insurance or business interruption coverage is to a company’s brand.
“Those things don’t protect the covenant of trust that an organization has with their customers, and so that’s where we come in,” said Nolan. “How do we protect the brand and how do we protect the covenant of trust that an organization has?”
Originally posted on Health Consultants Group.
In some cases, you might end up being responsible for insuring contractors or workers who should have their own insurance. The issues can be complicated when you have outside workers performing jobs on your property without clearly defined roles and responsibilities.
Subcontractors, casual laborers, or other non-employees bring with them a whole new set of liability issues above and beyond your own business operations. If they aren’t your employees, you may have a difficult time controlling their actions and preventing the liability problems they create. Theoretically, workers and subcontractors are responsible for their own actions, but they might not have the resources to cover their negligent acts.
Insuring subcontractors and contractors
Contractors and subcontractors should have their own liability insurance, but it’s up to you to make sure they have coverage in force before they begin working for you. You can do this by requiring a certificate of insurance from their insurance company.
You might also require that independent contractors name your company as an additional insured on their liability policies. If you allow an uninsured contractor to work on your property, you’ll be making a choice to accept their liability exposures, whether intentionally or not.
Define responsibilities in a contract
A written contract is a great tool for documenting responsibilities and minimizing hassles related to insuring contractors and their liability exposures. Before a subcontractor begins working for you, you should execute a formal contract that reviews duties, expectations, requirements, and costs.
Your contract should also include hold harmless, duty to defend, and indemnification clauses. These compel a contractor to be responsible for the damages and injuries they cause. They also require them to indemnify your company for costs incurred because of their actions. Even if a subcontractor has no insurance, you’ll have a right of recovery for your costs to pay or defend claims because of their negligence.
Insuring casual laborers and non-employees
One concern with casual laborers or non-employees is that they may actually be employees by definition. The IRS topic, “Employee or Independent Contractor? Know The Rules” should help you determine if your arrangement with casual laborers and non-employees constitutes an employer/employee relationship.
The key issues involve your financial and physical control over a worker’s activities and your working or contractual relationship. If your workers meet IRS employee guidelines, you may be legally responsible for their on-the-job actions even if you don’t consider them employees. In addition to their liability exposures, you may also be responsible for their unemployment, workers’ compensation and other compulsory benefits.
You can’t eliminate all contractor-related liability issues
You should choose your subcontractors and casual workers carefully. Their actions may cause liability issues you can’t avoid. Connecticut and Massachusetts Premises Liability Statutes require you to maintain your property and warn of dangerous conditions or hidden hazards. Even if a negligent subcontractor, casual worker, or non-employee has liability insurance and you have a contract in place, as a property owner, you’ll always have some responsibility for their actions.
Sometimes responsibility issues don’t come up until after a subcontractor or worker causes damage or injuries while they’re working on your property. That’s why you should address key responsibility issues ahead of time. Consider reviewing any liability or employee vs non-employee concerns with your legal representative.
Workers’ compensation provides coverage for injured workers’ lost wages and medical expenses.
Originally posted on Property Casualty 360 by Patricia L. Harman.
Worker’s compensation is administered at the state level – all 50 states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands have their own programs, as does the federal government for its employees. It is designed to provide coverage for injured workers’ medical costs, pay them for lost work time and even cover death and funeral benefits if necessary. Approximately 75% of workers who file a claim only require medical benefits coverage and benefits for replacement wages are determined by the severity and length of the workers’ disability. Benefits usually begin following a brief three to seven-day waiting period.
In order to file a claim, there are four eligibility requirements that must be met:
- The worker must be an employee of the company where the workers’ compensation claim will be filed.
- The employer must carry workers’ compensation insurance for employees.
- The injury or illness must be work-related.
- The employee must comply with the state’s deadlines for reporting the injury and filing a workers’ compensation claim.
Workers’ compensation provides six types of benefits:
Temporary total disability — This benefit covers approximately two-thirds of a worker’s pre-injury wages (tax-free) until the worker is able to return to work. The benefits end when the employee resumes full-time employment. The majority of employees receiving these benefits return to work.
Temporary partial disability — This benefit is paid to workers who return to work with reduced responsibilities and a lower salary and helps offset the loss in salary.
Permanent total disability — While few workers’ compensation cases result in permanent total disabilities, this coverage applies when an injury results in permanent impairment or the worker has reached his or her maximum for medical improvement from the injury.
Permanent partial disability — When an employee has permanent impairments that do not completely limit his or her ability to work, the permanent partial disability benefit kicks in until the employee has accomplished maximum medical improvement. These benefits are generally limited to a specific period or total dollar limit.
Death benefits — For workers who pass away from a work-related injury or illness, compensation for death benefits is based on a formula that calculates the worker’s earnings and the number of dependents who are determined to be eligible survivors.
Medical benefits — For workers whose cases do not extend beyond the three to seven-day waiting period, only medical benefits are paid.
Filing a claim
“The workers’ compensation system in the United States was built on a ‘grand bargain’ between employers and employees,” explains Desiree Tolbert-Render, Sedgwick AVP of national claims tech compliance. “Injured employees and their dependents gave up the right to sue their employers in civil court in exchange for assured and specific benefits, regardless of fault, provided by the employer. The employee’s rights and responsibilities under workers’ compensation, as well as the requirements and procedures for filing a workers’ compensation claim can vary from state to state.”
When a worker is injured, he or she should notify the employer as soon as possible, especially since each state has different timeframes for filing. By promptly filing a report, the injured employee can receive any necessary medical treatment sooner and the employer can address any safety issues to prevent additional injuries to co-workers.
Tolbert-Render shares some do’s and don’ts for injured workers considering filing a workers’ compensation claim:
- Do file a claim on a timely basis.
- Do take time to review the important information about your rights, responsibilities, benefits, and assistance available to you sent by the claims examiner and the state workers’ compensation agency.
- Do be honest and upfront about the injury and any prior injuries or accidents to the affected body parts.
- Do communicate with the employer and the claims adjuster about your medical status and work status to avoid delays in receiving benefits and the necessary medical treatment.
- Do follow the doctor’s orders.
- Do work within the established restrictions.
- Don’t delay in filing a claim.
- Don’t discontinue medical treatment before being released.
- Don’t work outside of the established restrictions.
- Don’t seek medical treatment from unauthorized providers in those states where the employer can manage medical care.
- Don’t delay returning to work and resuming a productive lifestyle.
In 2016, there were approximately 2.9 million work-related illnesses and injuries reported or approximately 2.9 cases per 100 full-time employees according to the U.S. Bureau of Labor Statistics. Interestingly, the areas of finance and insurance saw a slight increase in the number of illnesses and injuries, while the construction, manufacturing, wholesale trade and retail industries saw significant declines.
According to the federal government, benefit payments totaled $61.9 billion in 2015, a 1.3% decrease from 2014. Medical payments accounted for half of that spend, totaling $31.1 billion, while payments for lost wages were $30.7 billion.