Top 9 Industries Vulnerable to Ransomware Attacks
Some industries are more vulnerable to ransomware attacks than others, both because of inherent vulnerabilities in some industries and because hackers historically have targeted these industries more often.
Looking at it from a top-down risk perspective, the industries subject to ransomware attacks the most in 2021 according to BlackFog (in descending order) were:
This list can give a general idea of where your business or industry may fall for big-picture risk.
Ransomware is a type of malicious software (malware) designed to encrypt files on a victim’s computer or network, making them inaccessible and unusable. The attackers behind ransomware demand a ransom, typically in the form of cryptocurrency, in exchange for providing the decryption key to restore the files.
Ransomware attacks can have severe consequences for businesses, and organizations. They can result in data loss, financial losses, operational disruptions, reputational damage, and legal implications.
It is crucial to have strong cybersecurity measures in place, including regular data backups, up-to-date software, strong passwords, and security awareness training, to help prevent and mitigate the impact of ransomware attacks.
If you are looking for a reputable cybersecurity company, outsourced IT provider, or cyber insurance options, contact me and I can connect you with local trusted providers to help your business to help prevent ransomware losses from affecting your daily business operations.
Sources: “The State of Ransomware in 2021” BlackFog; Risk Placement Services, Inc
2023 Distracted Driving for Business [Infographic]
The 2023 Travelers Risk Index finds that employees use their phones when they are behind the wheel, which may contribute to distracted driving behaviors.
In fact, most employers (87%) expect their employees to respond to work-related messages when they are out of the office during work hours.
And 44% of employees who take work-related calls while driving do so because they believe they always need to be available for work.
Business managers can help PUT A STOP to this dangerous behavior by communicating and reinforcing driving policies, speaking up when a colleague is driving distracted, and not calling employees when they know they are behind the wheel.
This is a huge liability for any company with vehicles on the road!
According to the National Highway Transportation Safety Association, the total economic impact of motor vehicle accidents was $340 billion in 2019, the equivalent of approximately $1,035 for every person living in the United States. Here’s a look at key findings from the 2023 Travelers Risk Index and how a distracted driving policy can help businesses.
Do Manufacturers Need Cyber Insurance?
Although ALL industries are at risk of cyber attacks now more than ever, did you know that manufacturers make the top 5 list of industries being targeted the most by cyber criminals according to Forbes?
That’s because digital systems such as IoT, shop floor controllers, and monitoring platforms have enabled the interoperability of different teams in the manufacturing industry to streamline processes.
Unfortunately, this convenience has also drawn the attention of cybercriminals for data theft or ransom demands capable of disrupting operations on a massive scale with global repercussions.
Here are five notable [and extremely costly] cyber risk exposures manufacturers face:
- Extortion: An organization’s security is only as strong as the judgment of its employees. All it takes is one employee clicking on what appears to be an innocent link, but it is actually malware, for all of the company’s data to be encrypted within seconds. A hacker will then contact the organization asking for a “ransom” ranging from a few thousand dollars to millions to decrypt the files.
- Forensic and Notification Costs: Should there be a cyber attack, the Manufacturer will need to engage a forensic investigator ($250-$500/hr) to determine the scope of the attack and if any sensitive data such as employee records or confidential corporate information was breached.
- System Damage: Manufacturers rely heavily on their computer systems to properly fill orders. Damage to a manufacturer’s computer system could be devastating and lead to defective products or a complete halt in production.
- Business Interruption: Manufacturers will experience a direct financial loss every hour that their systems are down. They will incur unexpected additional costs such as sourcing products by alternative means and paying staff overtime to meet deadlines.
- Social Engineering: Believe it or not, Cyber Crime (aka Social Engineering) is one of the most frequent claims in cyber insurance to date. Cybercriminals will trick financially responsible employees of the manufacturer to send money to a fraudulent bank account. Hackers have become patent and will open sit in the system undetected monitoring and intercepting email activity before executing their scam. Their tactics range from posing as the CEO, a vendor, or a client to simply creating fake employee profiles in the payroll system to siphon money out.
There are simple and effective measures that manufacturing businesses can put in place to be better prepared for emerging cybersecurity threats. These include having a formal incident response plan, effective backup strategy and testing, multi-factor authentication (MFA), Data Retention Policies, and endpoint Detection and Response (EDR) to name a few.
I won’t go into the weeds with technical IT details. That’s for the IT professionals to decide such as your in-house IT team, managed IT provider, or cyber security consultants to help develop. I suggest having your IT provider work in union with a quality cyber insurance policy so that you are prepared in the event of a data breach.
I work with some quality IT professionals and cyber security companies that I can recommend if you need help with this. Just reach out and ask if you need it.
Remember, there’s a reason why manufacturers make the top 5 list of industries being targeted the most by cybercriminals. You don’t just need to hold personally identifiable information to have a cyber exposure. The world is basically run on the cloud now and there’s no hiding from the cyber risk exposures prevalent in today’s technology-driven world.
Credit: Evolve MGA
What’s the Difference Between D&O Insurance and E&O Insurance?
I was asked in a meeting today, what’s the Difference Between D&O Insurance and E&O Insurance?
D&O (Directors and Officers) insurance and E&O (Errors and Omissions) insurance are two different types of insurance policies that provide protection to businesses and individuals in different ways.
D&O insurance is designed to protect directors and officers of a company from personal financial loss resulting from claims of wrongful acts committed in their capacity as directors and officers.
This type of insurance covers claims related to breach of fiduciary duty, negligence, misrepresentation, and other similar acts that can lead to legal action against directors and officers.
D&O insurance does not cover claims related to bodily injury, property damage, or other types of liability. These types of claims fall mostly under General Liability insurance.
Here’s a real-life claims scenario for Directors & Officers Liability:
A plaintiff filed a complaint against their competitor alleging that a former employee, now working for the competition, engaged in unauthorized use of confidential and proprietary information and committed other acts of unfair competition. As a result, the plaintiff alleges it has suffered an irreparable and immediate injury. In addition, the plaintiff alleges that the defendant has possession of its confidential information and intellectual property. The plaintiff asserts causes of action for misappropriation of trade secrets, confidential information, and unfair competition. Total Defense Cost and settlement exceeded $450,000.
On the other hand, E&O insurance is designed to protect businesses and professionals from claims of negligence or mistakes in their professional services or advice.
This type of insurance covers claims related to errors, omissions, or other mistakes made by professionals in the course of their work that result in financial harm to their clients.
Very often, it is not the result of a mistake, but rather a displeasure with the outcome that gives rise to an E&O claim. Even frivolous lawsuits will incur defense costs!
E&O insurance is commonly purchased by professionals such as lawyers, accountants, doctors, and consultants that provide a service to others for a fee.
Here’s a real-life claims scenario for Errors & Omissions Liability:
A software developer sold timekeeping software to a company. After removing all previous timekeeping clocks and installing software, the customer discovered it did not function properly. It failed to correctly apply the hourly and overtime rate of pay resulting in over and underpaid employees and the need to replace the original time clocks. The company sued the provider of the software for damages and expenses resulting in $550,000.
In summary, D&O insurance is focused on protecting directors and officers from personal liability, while E&O insurance is focused on protecting businesses and professionals from liability arising from professional services or advice.
If there’s one thing I can emphasize about each of these coverages, even frivolous lawsuits will incur defense costs! No matter if you were in the right on a given matter but were sued by a third party for alleged wrongdoing, you must hire attorneys to defend these allegations. This is most often the biggest cost when it comes to a claim and an insurance policy is intended to defend you for actual or alleged wrongdoing.
3 Most Costly Types of Cyber Insurance Claims
A good cyber insurance policy starts with two core coverage components. These are:
- Data Breach coverage
- Cyber Liability coverage
Data Breach coverage is also referred to as 1st party coverage. This helps your business respond to a breach if PII (personally identifiable information) gets lost or stolen, whether it’s from a hacker breaking into your network, or an employee accidentally getting their laptop stolen at a coffee shop.
Data Breach insurance coverage can help pay the [expensive] costs for such things as:
- Notifying affected customers, patients, or employees;
- Hiring a public relations firm for damage control;
- Offering ongoing credit monitoring services to data breach victims;
- Business income coverage to help replace lost income if you can’t run your business because of a data breach;
- Extortion Coverage helps cover the amount you paid if someone takes your business’ data and demands a ransom.
Between data breach coverage and cyber liability coverage, more than 95% of cyber insurance claims costs come from data breach losses! And these data breach losses fall into three broad categories:
Theft of funds
This is the straightforward theft of money from a company’s bank account. The fact that nearly every business can now move its money around electronically and remotely means that it is much easier to steal. Instead of stealing physical funds, criminals are increasingly stealing electronic funds through social engineering scams. And if a business has somehow been negligent in allowing this to happen, their bank may not reimburse them.
Theft of data
Data is valuable, and if something has value, it is worth stealing. Identity theft has reached record levels around the world and in order to commit identity theft, criminals need data. Seemingly harmless information such as names and addresses stored on a computer network can be worth more money than you think
Damage to digital assets
In order to operate, businesses now have an incredibly high dependency on their systems, and criminals know that. By either damaging or threatening to damage a company’s digital assets, attackers know that they can extort money from their victims who might prefer to pay a ransom rather than see their business grind to a halt. And even after paying up, the victim is often left with systems that are unusable and costly to fix. Your cyber insurance policy will help do this too…..fix and patch your system.
So, when contemplating the purchase of a cyber insurance policy, data breach coverage (1st party coverage) is the heavyweight coverage you must incorporate into your policy. Cyber liability (3rd party coverage) is just as important, but that’s not where the bulk of the claim dollars are paid in the event of a data breach.
Regardless, make sure both of these coverages are included in your cyber insurance policy. And then drill down even further into the data breach coverage section to make sure the line item coverages such as Incident Response Expenses, Cyber Extortion Loss, Network Restoration Expenses, and Business Interruption are included as well.
No two carrier policies are the same and cyber insurance is absolutely not one size fits all!
2023 Commercial Property Insurance Outlook
The commercial property insurance market has been a tough one over the past several years. Unfortunately, 2023 won’t be any better. The property insurance market will certainly see increased rates in 2023, so it’s critical to start renewals well before deadlines. At least 90 days + prior to expiration.
Most seasoned industry brokers and underwriters agree that 2023 will likely be the firmest market they have ever experienced, despite most buyers feeling that they didn’t think things could get much worse after the last few years.
Almost all carriers have had less reinsurance capacity and options available to them to offset rate and retention increases, so without a doubt, buyers need to be prepared for carriers to pass the bulk of these costs onto them.
It’s more important now than ever to start property insurance renewals as far out as possible because it’s likely that renewal terms will continue to come down to the wire, despite everyone’s best efforts. As insurance programs see changes and increased costs, policyholders will need to see various deductible and limit options, and each option will take time to iron out with underwriters.
This post definitely has a pessimistic tune which is not how I like to sound. I’m simply passing along what I’ve seen in the market and what I have heard from industry leaders.
The positive in all of this is knowing that this is the state of the commercial property insurance market which we cannot control. What you can control is being prepared ahead of time for your policy renewals, so that you can secure the best possible terms for your organization.
Is the Cyber Insurance Market Stabilizing?
I just wrapped up a sizable Cyber insurance policy renewal and based on the results of our marketing efforts, I think it’s a good indication that the market is beginning to stabilize.
The cyber insurance market has been in a hard market for the past several years.
This particular cyber insurance renewal is for a middle market company that works with Fortune 500 companies. They’re required to carry $50,000,000 in coverage by contract.
The insured’s services are viewed as a higher risk for the cyber market. It is a technology-based business that holds a lot of third-party sensitive data. They do about $75M – $80M in annual revenues. Cyber liability and data breach are definitely their primary risk exposures.
This policy renewal took 10 carriers to quota share the risk and the year-over-year premium is down in 2023 by 4-5%.
I had a feeling the renewal premium wouldn’t spike as hard as it did last year, but I was pleasantly surprised there was actually a slight DECREASE for this renewal.
The cyber insurance market is a lot like the mortgage industry prior to 2008.
Up until a few years ago, you could buy cyber insurance by providing very little information and carriers practically gave away quotes. And not very expensive ones relative to the risk.
Then hackers decimated the cyber insurance market with ransomware and social engineering attacks. Millions upon millions of claims dollars were being paid by carriers as a result.
Underwriting ultimately tightened and those looking to secure cyber insurance coverage must now show preventative measures are in place for their organizations such as data encryption, multi-factor authentication (MFA), data backups, etc.
Underwriters won’t even think twice about insuring a business if these types of measures are not in place.
Cyber insurance pricing and trends vary by company. However, in this particular case where we have a sizable middle market company with above-average cyber risk, a decrease in premium this year is a positive sign.
Let’s hope the cyber insurance market continues trending in this direction.
Each and every company/policyholder will see different outcomes with their cyber coverage and rates based on their own unique makeup. However, if you can show that your organization takes preventative measures to help mitigate cyber risk up front, you’re in a favorable spot.
It Takes Twice as Long to Close California Workers’ Comp Claims Compared to Other States
File this under the “I’m not surprised” file, it takes seven years to close most workers’ compensation claims in California, more than double the time in the median state.
The Workers’ Compensation Insurance Rating Bureau of California (WCIRB) released a report detailing duration drivers for California workers’ compensation claims.
The report, Drivers of California Claim Duration, describes duration drivers for California workers’ comp claims, including how claim duration differs regionally across the state.
Here’s the report:
Highlights of the report include:
- It takes seven years to close 90% of claims in California compared to three years for the median state.
- Longer California claim duration is driven by four “duration drivers,” including a higher share of permanent partial disability and cumulative trauma claims in California, greater utilization of medical-legal services in California and regional differences within the state.
- Claim closing rates rose steadily following the reforms of Senate Bill 863, particularly for PPD claims of lower-wage workers.
- Claim closing rates declined during the pandemic in 2020 and were relatively flat in 2021.
California, why do you have to make everything so complicated? [banging head on desk]
Source: Insurance Journal
Legal Requirements to Fulfill Before Hiring Employees
Are you planning on hiring an employee for your business for the first time? I know, I know, we’re basically heading into a recession right now, if not already in one, but I am finding that most of my clients still seem to be thriving at the moment.
What’s weird about the current state of the economy is that there are still record job openings. I hope that your company is one of them that needs employees. I take it that’s a sign that things are favorable with your business.
But have you taken all the necessary steps to set yourself up as a lawful employer?
There are several steps required by the federal and state government that must be taken before you can hire someone.
I’m not an attorney, nor a Human Resources consultant, but here is a list 10 legal requirements every employer must do before taking on a new hire:
- Apply for an EIN
- Register with your state’s unemployment insurance office
- Verify each prospective hire’s eligibility to work
- Look into your state’s workers’ compensation insurance rules—and get coverage
- Report new employees to state registry
- Set up a payroll and tax withholding system
- Have all employees fill out form W-4
- Get and post employee notices
- Comply with OSHA rules
- Establish any necessary employee benefits
For more specifics, please visit this link from The Hartford.
Though these are the main steps employers must take that are required by federal or state law, there are other smart things to do before you start employing people.
These include creating an employee handbook, so there are no questions about your rules and protocols for employees (even your first hire), and creating a personnel file for every employee.
But I encourage you to not try to tackle this on your own. Consider the help of a Business Transactional Attorney, a Human Resources Consultant, a legitimate payroll provider, etc.
I can help if you need connections to any of these professionals through my large network of seasoned professionals that I know, like, and trust.
The cost to get this initiated will be less than if you try to do it on your own and end up running into roadblocks, getting dinged for penalties and fees, etc.
Yes, the economy is in a funky place at the moment, but if you’re planning on hiring, that’s a good sign that things are going well for your business.
To keep things going on a positive trajectory, make sure to use trusted professionals to get you going on the right foot and keep your focus on your passion, your business.
Heightened Action in Cal/OSHA’s Task Force Enforcement
Southern California businesses have recently experienced a noticeable escalation of inspections and enforcement by Cal/OSHA’s Labor Enforcement Task Force Unit based in Santa Ana.
Unprecedented Hotel and Motel Labor Enforcement Task Force inspections are diligently being processed to verify whether these companies have a current:
- Housekeeper Ergonomic Written Plan (MIPP)
- Illness & Injury Prevention Plan (IIPP)
- Hazard Communication Plan/Checkup (Dealing with Chemicals & Toxic Materials)
Many small and mid-sized Southern California employers have overlooked these compliance requirements during the past several years but now must consider the strong possibility that their company will be visited soon.
So, Here’s The Big Question: ARE YOU READY?
A safety review and compliance check can save thousands of dollars in fines and citations.
If you would like help with this, contact me. I have trusted partners that provide large or small companies with comprehensive inspections – efficiently, quickly, and with total expertise. They can assist you in reviewing existing practices and then help you design policies and training that are compliant with 2022 new and evolving laws.