WHILE RANSOMWARE is making the headlines as the major cyber threat, small and mid-sized businesses are increasingly being targeted by lower fraud that dupes them into wiring criminals funds, according to a new report.

These funds transfer fraud crimes involve hackers gaining access to a firm’s mailbox and extracting payments that go into their accounts. Companies should have in place proper systems safeguards to combat these attacks, and that includes regularly training staff on how to identify these attempts to steal funds.

How it works

Criminals will often try to penetrate your servers by sending “spearphishing” e-mails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. They may also send malicious e-mails in the hope that an employee clicks on a bogus link. The link then releases malicious software that infi ltrates company networks and gains
access to legitimate e-mail threads about billing and invoices.
Once the criminals have access to your business mailbox, they can manipulate your contacts and modify payment instructions. They may also use their access to your systems to send e-mails that appear to come from a known source making a legitimate request.

 

 

 

Insurance options

The best option for coverage is a commercial crime insurance policy. Most of these policies cover acts like:
• Employee dishonesty
• Computer and funds transfer fraud
• Forgery or alteration
• Money and securities theft
• Theft of client’s property.

Some policies may exclude funds transfer fraud, or they may have lower sublimits for such acts. In such cases you may need to get a policy extension to cover the risk. There is also cyber liability insurance, which covers direct losses resulting from cyber crime. But these policies will often exclude coverage for social engineering attacks, which are the kinds that the criminals behind funds transfer fraud use. You may be able to purchase a rider to your cyber liability policy that would cover these crimes.

COMMERCIAL PROPERTY insurance rates are continuing to climb, as the segment faces a number of headwinds that have pushed claims costs to new heights.
A number of factors are affecting rates, including the frequency and severity of extreme weather claims. the cost of rebuilding, rates for commercial properties not keeping pace with claims costs, and more.
The end result has been a steady increase in property rates across the board, but businesses with operations in areas that are more susceptible to natural disasters are seeing the highest
increases.
As a business owner with commercial property, you’ve probably already seen rates increase, and you should be prepared for further rate hikes in the coming year. Here are the main drivers of these increases.

 

Mounting natural catastrophes

The number of natural catastrophes hitting the U.S. continues increasing as does the cost of those disasters, which are affecting more properties around the country.
Depending on the part of the nation a property is located it can be exposed to hurricanes, wildfires, tornadoes, hail, flooding and more.
There has also been an increase in civil unrest, which often results in property damage to businesses.
Insured property losses in the U.S. hit $74.4 billion in 2020, the second-most expensive year on record.
Also, last year set the record for the most major natural catastrophe events to hit the U.S. in a single year (22 of them).
Five of the 10 most expensive catastrophe years for the insurance industry have occurred since 2011.

 

Reconstruction costs

Reconstruction costs have skyrocketed during the past five years, averaging 5% a year, according to the Associated Builders and Contractors analysis of Bureau of Labor Statistics data.
Lumber prices rose by 73% between April 2020 and July 2021, greatly increasing rebuilding costs. On top of that, iron and steel products jumped 15% in price during the same period, and steel mill products by nearly 7%.

 

Construction labor shortage

The construction industry faces a serious labor crunch. And many firms have backlogs that stretch out more than six months.
According to the U.S. Chamber of Commerce Commercial Construction Index, this shortage is leading to real-world setbacks for contractors:

• 68% of contractors say they are asking workers to do more work.
• 56% report a challenge in meeting project schedules.
• 50% of contractors are putting in higher bids.
• Over a third (35%) report turning down work due to skilled labor shortages.

 

Property rates are inadequate

Despite the fact that rates have been increasing for the last five years, insurers are still struggling to keep up with the rapidly rising cost of claims as well as the number of claims they are seeing.
Those factors have made it difficult for the industry to peg pricing at the right level, resulting in a string of losses in property insurance for most carriers.
As the industry struggles to get back to profitability, insurers will have to continue boosting rates.

 

Reinsurance rates

A portion of the property insurance rate gains can be attributed to insurance companies dealing with higher reinsurance costs.
Insurers buy reinsurance to pass on claims costs from catastrophic events, in order to reduce their overall risk.

 

The takeaway

There are some steps that businesses can take to try to affect their premiums.
If you have an older building, you can replace your mechanical, electrical and plumbing systems with newer, code-compliant variants.
Safeguard your building against location-specific hazards (for example, creating a defensible space and using fire-resistant roofing in wildfire areas and upgraded cladding in hurricane areas).
Also, electrical fires are the number-one cause of property damage, so you should consider installing fire-protection systems such as sprinklers and fire hose cabinets.

EVERY YEAR starts with a flurry of new laws and regulations that California employers have to contend with.
And 2022 is no different as the California legislature had a busy year and the stresses of the COVID-19 pandemic resulted in more activity. The end result is another round of new laws that employers need to stay on top of so they don’t run afoul of them.
With no further ado, here are the top regulations and laws affecting California businesses.

 

1. Big change to Cal/OSHA citations

SB 606 adds two new Cal/OSHA violation categories for purposes of citations and abatement orders: “enterprisewide” and “egregious” violations. Cal/OSHA can issue an enterprise-wide citation that would require abating the violation at all locations. And the employer can face a maximum penalty of $124,709 per violation.
The law also authorizes the agency to issue a citation for an egregious violation if it believes that an employer has “willfully and egregiously” violated a standard or order. Each instance of employee exposure to that violation will be considered a separate violation and fined accordingly.

 

2. Permanent COVID standard

On Sept. 17, 2021, Cal/OSHA released a draft text for proposed permanent COVID-19 regulations, which if adopted would be subject to renewal or expiration after two years and would replace the current emergency temporary standard, which is set to expire Jan. 14, 2022.
Adoption is expected in the spring of 2022. Here’s some of what the draft standard would do:

CDPH rules – It would require that employers follow California Department of Public Health COVID-19 prevention orders.
Masks for unvaxxed staff – Unvaccinated staff must wear masks. Employers must provide masks when the CDPH requires them.
Outbreak rules – During an outbreak in the workplace, all staff would be required to wear face coverings regardless of vaccination status. Employers would need to provide respirators during major outbreaks to all employees.

 

3. COVID exposure notification

On Oct. 5, 2021, AB 654 took effect, updating requirements for what an employer must do if there is an outbreak of COVID-19 cases at its worksites.
This law somewhat curtailed earlier outbreak-reporting requirements as well as other required notifications for certain employers, and updated several provisions of the 2020 outbreak notification law, AB 685.
Here are some highlights:

• Employers have one business day or 48 hours, whichever is later, to report a workplace COVID-19 outbreak to Cal/OSHA and local health authorities.
• Employers do not need to issue these notices on weekends and holidays.
• When an employer has multiple worksites, it only needs to notify employees who work at the same worksite as an employee who tests positive for  coronavirus.
• The new definition of “worksites” for the purposes of the law has been changed to exclude telework.

 

4. Expansion of the California Family Rights Act

AB 1033 expands the CFRA to allow employees to take family and medical leave to care for a parent-in-law with a serious health condition.
More importantly, it adds a requirement that mediation is a prerequisite if a small employer (one with between five and 19 workers) is the subject of a civil complaint filed by one of its employees.

 

5. Workplace settlement agreements and NDCs

A new law took effect Jan. 1 that bars employers from requiring non-disclosure clauses in settlement agreements involving workplace harassment or discrimination claims of all types. This builds on prior law that barred NDCs only in cases of sex discrimination or sexual harassment.
The new law expands that prohibition to all protected classes, such as: race, religion, disability, gender, age, and more.
One important note: While employees can’t be prohibited from discussing the facts of the case, employers can still use clauses that prohibit the disclosure of the amount paid to settle a claim.

 

6. OSHA vaccine mandate

As of this writing, Fed-OSHA’s new emergency COVID-19 standard was set to take effect on Jan. 1, with the most contentious part of the rule mandating that employees who work for employers with 100 or more staff be vaccinated or submit to weekly testing.
Unvaccinated workers would also be required to wear masks while on the job under the new rules, which have faced fierce challenges in courts.
The U.S. Court of Appeals for the Sixth District recently reversed a stay of the order as challenges to it are litigated, meaning the order can take effect as scheduled as the legal process challenging the rule proceeds.
The U.S. Supreme Court will hear expedited arguments Jan. 8 on the U.S. Court of Appeals for the Sixth Circuit’s decision to lift the Fifth Circuit’s stay.

 

7. Wage theft penalties

AB 1003, which took effect Jan. 1, added a new penalty to the California Penal Code: Grand Theft of Wages. The new law makes an employer’s intentional theft of wages (including tips) of more than $950 from one employee, or $2,350 for two or more workers, punishable as grand theft.
The law, which also applies to wage theft from independent contractors, allows for recovery of wages through a civil action.
As a result, employers (and potentially managers and business owners) would be exposed to both criminal and civil liability for wage and hour violations like failing to pay staff accurately and in a timely manner.
Review your compensation policies and practices to make sure you are in compliance with current wage and hour laws.

 

8. COVID cases may be included in X-Mods

The Workers’ Compensation Insurance Rating Bureau of California has proposed plans to start requiring COVID-19 claims to be included when calculating employers’ X-Mods.
The proposal, which would have to be approved by the state insurance commissioner, would bring to an end current rules that exclude the impact of COVID-19 workers’ compensation claims on X-Mods.
If approved, the new rule would take effect on Sept. 1, 2022. That means that employers will be held accountable for COVID19-related workers’ compensation claims and, if any employee needs treatment or dies from the coronavirus, it could result in higher premiums in the future.

 

9. Notices can be e-mailed

A new state law authorizes employers to distribute required posters and notices to employees via e-mail. SB 657 adds e-mail as a delivery option to the list of acceptable notification methods, which also includes mail.
Required posters and notices will still need to be physically posted in the workplace.

 

10. Warehouse quota rules

A new law that took effect Jan. 1 makes California the first (and only) state to regulate quotas used by warehouse employers.
While the bill was written with Amazon Inc. in mind, it affects all warehouses with 100 or more workers, and violations of the new law can be costly for an employer.
Under AB 701, warehouse employees must be provided with a written description of the quotas to which they are subject within 30 days of hire. Common quotas include the number of tasks the employee is required to perform, the materials to be produced or handled, and any adverse employment action that may result from a failure to meet the quota.

 

While employers may still implement quotas, employees are not required to meet a quota if it:

• Prevents them from taking required meal or rest periods,
• Prevents them from using the bathroom (including the time it takes to walk to and from the toilet), or
• Contravenes occupational health and safety laws. The law also bars employers from discriminating, retaliating or taking other adverse action against an employee who:
• Initiates a request for information about a quota or personal work-speed data, or
• Files a complaint alleging a quota violated the Labor Code.

 

SOME BUSINESSES are finding fewer insurers willing to write their policies for certain types of coverage that are seeing rapidly rising claims costs, particularly in liability lines as well as property insurance in areas with exposure to natural catastrophes.
When no insurers that are licensed in California are willing to write a policy, we as your agent have to go to another market made up of insurance companies that are not licensed or regulated by the state.
It’s called the surplus lines (or “non-admitted”) market, and it can be a valuable alternative for insurance buyers.
As insurers get more selective writing some risks, it’s important for you as an insurance buyer to understand this market.

Why use a non-admitted carrier?

The most well-known non-admitted insurer is Lloyd’s of London, famous for insuring insurance companies and celebrities’ or sports figures’ body parts and global sporting events. Often non-admitted insurance companies are located in other states or domiciled abroad, like Bermuda or another tax-haven country.
Unlike licensed insurance companies, non-admitted companies do not have to obtain approval from state regulators for the policy forms they use or the rates they charge.

 

 

Since they are not regulated by the state, non-admitted insurers can offer creative coverage options and they can quickly and easily introduce new types of insurance that businesses need.
Some types of policies that are standard today, such as cyber insurance and employment practices liability insurance, got their start in the non-admitted market.
State laws typically permit a broker to obtain coverage from a non-admitted insurer only if at least a few standard insurance companies refuse to offer coverage. However, most also have coverage options that are not available in the standard market.
When someone needs one of the latter coverages, no rejections from licensed companies are required. An example might be liability insurance for contractors who demolish buildings.

Risks

There are risks to purchasing insurance in the non-admitted market. Policies may provide less coverage than do standard policies, or there may be restrictions on when coverage applies. Policies should be reviewed carefully. Also, because the insurers can charge whatever they feel is appropriate, premiums can be higher than you may expect. The policies may also be exempt from state laws regarding notices of cancellation and non-renewal.
Also, in every state but one (New Jersey), non-admitted policies are not backed by a guaranty fund. Guaranty funds cover claims left unpaid when an insurer is unable to pay for them. If a non-admitted company becomes insolvent, the policyholder has no recourse.

The takeaway

Despite the risks, the non-admitted market serves an important function, giving buyers a place to get needed coverage that would be otherwise unavailable.
Those who think they may need to tap this market should consult with us to find the right coverage at an acceptable price.

INSURANCE RATES are rising rapidly for contractors, particularly for builder’s risk and excess liability policies as the cost of claims continues to increase dramatically.
While rates for builder’s risk have been averaging 10 to 20%, pricing for excess liability and umbrella coverage has in some cases doubled from the year prior.
Both lines of insurance have seen steep and unexpected losses in recent years, resulting in some insurers leaving the market and others becoming stricter in their underwriting and choosier about which builders they are willing to extend coverage to.
If you’ve been in the market for these lines of insurance, you know that it’s become more difficult to secure similar policies to those you may have had in years past. Here’s a look at what’s going on.

Builder’s risk

According to Construction Executive magazine, rates are going up between 10% and 20% for builder’s risk policies. There are a number of factors affecting rates:
• The cost of claims has increased, primarily because of the cost of rebuilding after a loss event due to the rapidly rising cost of materials, in particular lumber, the prices of which have tripled in the last year.
• The increasing cost and frequency of natural disasters. Projects that are near areas at high risk for natural catastrophes like brush fires, hurricanes, tornadoes or flooding, are all seeing higher rates and/or difficulty in securing coverage.
• Some insurers have also left the market, leaving fewer players willing to write this risk, which has driven up pricing.

Insurers are tightening eligibility guidelines and restricting how much they will cover. Some insurers are getting more selective and demanding that their insureds take extra precautions before they are willing to bind a policy.

Some of the more common demands include requiring:
• Video surveillance systems on worksites.
• Guards to patrol worksites at night.
• The installation of fencing and lighting.

One of the biggest pinch points is policy extensions, which are needed when projects go beyond the time expected to complete them.

Due to the issues mentioned in the bullet points above, policy extensions for ongoing projects have been difficult to secure, according to a report by WillisTowersWatson. The problem has been exacerbated by the COVID-19 pandemic, which disrupted many construction projects across the country and required more companies to seek out extensions for their builder’s risk policies.

Excess liability

Renewals for excess liability and umbrella insurance have been running 50 to 100% higher than in 2020, according to a recent report by Marsh LLC. Excess liability and umbrella coverage kick in after a claim breaches the limits of a primary general liability policy or auto liability.

The drivers: Increasingly large jury awards and the spiraling cost of liability claims, particularly for commercial vehicle accidents. Commercial auto insurance rates have also been climbing as the cost of auto injury and property claims continue to rise due to the increasing cost of repairs and medical costs for injured third parties…

Those claims are covered by primary auto and general liability insurers, but because more claims are exceeding limits, excess liability carriers are increasingly on the hook for those high-dollar claims. Like in the builder’s risk segment, this has resulted in fewer insurers willing to write new policies.

Those that are willing to write new business or renew policies have imposed stricter underwriting terms on the policies they are willing to accept.
Additionally, according to Marsh, primary and excess insurers are limiting the overall capacity extended to an individual buyer by capping per-project aggregate limits.

The takeaway

With the volatility in the marketplace, we recommend that you reach out to us early – and months before your policy is coming up for renewal – so we can work with you to make sure we can secure the coverage you need.

INSURANCE COMMISSIONER Ricardo Lara has approved a regulatory filing that will change the premium threshold for employers to qualify for an experience modifier (X-Mod).

The approval was part of a larger regulatory filing the Workers’ Compensation Rating Bureau made to also change expected claims costs, eliminate a few class codes and make new rules for companies that operate multiple enterprises.

The approved filing also updates expected claims cost rates for all 500-plus worker class codes that are used to calculate workers’ comp rates. Here’s a rundown of the changes:

X-Mod change

Currently, the minimum premium an employer must pay annually to receive an X-Mod is $9,900, but that is falling to $9,500, starting Sept. 1. That means any employer that has an annual premium of $9,500 starting on that date will be “experience rated.” The X-Mod is a number used by insurance companies to either discount or increase the premiums you pay for workers’ compensation insurance. It is based on your company’s workers’ comp claim history and reflects the most recent three years.

Multiple enterprises rule

The new rules make changes to what is known as the “multiple enterprises rule,” which applies to companies that have two or more operations that perform work that is classified differently. In those cases, the distinct operations must be classified under the multiple enterprises rule.

In the new rule, separation is the key requirement. If distinct operations are physically separated, each distinct location shall be separately classified.

Separation can be separate operations:
• Located in separate buildings,
• Located on separate floors of a building, or
• Separated by walls if they are on the same floor.
However, if two or more of the distinct operations are not physically separated, they must be assigned to the highest-rated classification applicable to the operations conducted in the common workspace.

The rule also addresses personnel that may float between multiple enterprises, performing different types of work at each operation.
Under the rule, such an employee’s work may be divided into two classifications. If you plan to classify them this way, make sure to keep accurate and complete records supported by time cards or time book entries that show how much time they spent performing each distinct work task for each entity.

If the employer fails to keep those records, the entire pay of the worker will be assigned to the highest-rated classification applied to any part of the work they perform.

Classification changes

There are also changes being made to some construction classes.
The 8110 – Stores Welding supplies classification is being eliminated and covered operations will be reassigned to 8010 – Stores hardware, electrical or plumbing supplies. Also, the iron or steel erection classes 5057 and 5059 will be eliminated, as well as subclasses 5102(3), 5040(2) and 5040(3).

Operations in those eliminated classifications will instead be assigned into one of two consolidated classes:
• 5040 – Structural Iron or Steel operations, or
• 5102 – Iron, Steel, Brass, Bronze or Aluminum Erection – non-structural.

BESIDES THE health and economic devastation that the COVID-19 pandemic has left in its wake, it has also caused supply chain disruptions that have affected a number of industries.

The fallout for companies of all types illustrates the fragility of most businesses’ supply chains. The pandemic has left retailers with half-empty shelf space because product manufacturers couldn’t keep operations going due to raw material or personnel shortages, while a number of carmakers and other manufacturers have had to suspend operations because of a global semiconductor shortage.

But it’s not only large companies that suffer, and small businesses are especially vulnerable. That’s why it’s important that you have in place a solid plan for averting and dealing with disruptions to your supply chain if you rely on materials and inputs from outside vendors.

Here’s what you can do to manage this growing risk.

Understand your supply chain

Start by identifying risks in your supply chain and develop ways to mitigate them.

FOUR MAIN EXTERNAL SUPPLY CHAIN RISKS

• Flow interruptions – Problems with the movement of goods and materials.
• Environmental risks – Economic, social, political, terrorism threat and weather-related factors that affect facilities and infrastructure. The pandemic falls into this category.
• Business risks – Problems caused by factors like a supplier’s poor financial or general stability, or the purchase or sale of supplier companies by other entities.
• Physical plant risks – Problems at a supplier’s facility. For example, a key supplier could have a machinery breakdown and/or regulators may shut the facility down.

 

Develop a plan

The best way to manage a supply chain disruption is to prepare for it. Start by undertaking a business impact analysis to prepare your company.

Form a team of key personnel to:

• Identify alternatives to key suppliers. One option is to contract with an alternative vendor in advance, so you can certify them and ensure they can ramp up if you lose a critical supplier.
• Model the impact of disruptions on your production and inventory for the four supply chain risks listed to the left. Think about how non-delivery of a key item
  would affect your operations.

Using that information, you can build contingencies for supply chain failures:

• Plan for how you would respond to all “what if” scenarios that could affect your operations. Be realistic about assessing your capacity to respond to these scenarios.
• Create a contingency plan for failure of any supply chain pillars. Identify the points at which you would need to execute risk-mitigating measures, like sourcing from other vendors or using new distribution channels.
• In advance, amass a contingency management team that will bridge the divide between your departments during disruptions. This team must include senior
  staff who are influential with top company decision-makers.
• Make sure your supply chain is flexible enough to deal with risks. Look at opportunities to address current supply chain bottlenecks; investigate alternative transportation network configurations or production systems.

 

The final backstop: insurance

You can address supply chain risks with business interruption insurance or contingent business interruption insurance.

Business interruption insurance.
This coverage, which is often included in a commercial property policy, covers lost profits after a company’s own facility is damaged by an insured peril.

Contingent business interruption insurance. This is often a policy rider that you can purchase. It covers lost profits if an insured peril shuts down a critical supplier, part of the transportation or distribution chain, or a major customer.

This coverage is triggered if there is:
1. Damage to property that prevents one of your suppliers from making products or delivering them.
2. Damage to property that prevents your customers from receiving your products.

BUSINESS COMPROMISE scams that use both technology and a human touch to steal funds from businesses are growing as criminals engage in social engineering tactics to dupe unsuspecting employees.

Businesses have lost millions of dollars to social engineering scams, where attackers impersonate a company president or executive who is authorized to approve wire transfers to trick employees into transferring funds into a fake client or vendor account.

According to the FBI’s Internet Crime Complaint Center, in 2019 U.S. businesses were hit with an estimated 23,775 e-mail compromise scams that
resulted in aggregate losses of $1.7 billion. Figures for 2020 are not yet available.

Vishing – or voice phishing – attacks have been growing. The FBI in January warned of an increase in vishing attacks targeting employees working remotely in the COVID-19 pandemic, and of the heightened risks companies face when network access and broadening of online privileges may not be fully monitored.

 

How to train employees

Providing practical employee phishing training is key to keeping your company safe. The following are activities and tips to help you train employees to stay vigilant.

Remote workers should be vigilant in checking internet addresses, more suspicious of unsolicited phone calls, and more assertive in verifying the caller’s identity with the company, the FBI recommends.

When training staff, you should:

• Explain what vishing and phishing is, how it happens, and what risks it poses on a personal and company level.
• Explain the different types of phishing attacks.
• Train your workers in identifying signs of phishing attacks, like e-mails with poor spelling and grammar, incorrect e-mail addresses (for example BobS@ Startbucks.com), and fraudulent URLs.
• Train your staff in recognizing phishing links, phishing attachments, and spoofed e-mails. Additionally, your employees should know what steps to take after they identify a threat.
• Conduct simulations that send employees fake phishing e-mails. The results should be shared with them to show how they fell for the scam and the damage that being duped into clicking on a malicious link can cause.

 

Insurance

As vishing and business e-mail compromise scams increase, more employers are seeking to add coverage in their commercial crime policies.
Typically, these policies have been used to cover losses for internal theft, but lately, about 50% of claims are for losses related to phishing and fishing scams.
The price of social engineering coverage varies by risk and limit, but it can often be added to a crime policy as a rider.
One thing though: social engineering coverage will often have lower limits than a typical commercial crime policy. This is because of the risk of much larger financial losses than a company could expect from internal theft or white-collar crime perpetrated by an employee.

 

ADVICE FROM THE FBI

• Consider instituting a formal process for validating the identity of employees who call each other.
• Restrict VPN connections to managed devices only (meaning not on employees’ personal devices).
• Restrict VPN access hours.
• Employ domain monitoring to track the creation of or changes to corporate brand-name domains.

CYBER INSURANCE rates are going to increase dramatically in 2021, driven by more frequent and more severe insured losses, according to a recent industry study.

The report by global insurance firm Aon plc predicted that rates would jump by 20% to 50% this year due to two main factors:

 

1. Cyber attacks are becoming more frequent

While publicly disclosed data breach/privacy incidents are actually occurring less often, ransomware attacks are exploding in frequency.

Ransomware incident rates rose 486% from the first quarter of 2018 to the fourth quarter of 2020. The comparable rate for data breach incidents fell 57% during the same period. The incident rates for the two types of events combined rose 300% over the trailing two years.

 

2. The costs of these attacks are growing

The average dollar loss increased in every quarter of 2020. Ransomware attacks were particularly severe – many of them resulted in eight-figure losses. Others may grow to that level as business interruption losses are adjusted and lawsuits against insured organizations proceed.

The combination of more frequent and more costly losses is a
recipe for higher rates.

Cyber insurance rates continued increasing in 2020, with rises of between 6% and 16% in the last four months of the year. In January 2021, most of the top 12 cyber insurance companies told Aon they were planning more drastic rate hikes. Nearly 60% reported that they would be seeking rate increases of 30% or more during the second quarter. None of them expected increases less than 10%.

 

New underwriting criteria

When insurers evaluate cyber insurance applicants, they will be particularly concerned with the organization’s overall cyber risk profile, its cyber governance and access control practices, and its network and data security. Prior loss history will be less important because the frequency of attacks is growing so quickly.

Some insurers may also cap how much they will pay for ransomware losses, or even exclude them entirely. They may also increase the waiting periods before coverage begins to apply.

 

WHAT BUSINESSES CAN DO

To improve your chances of getting more favorable pricing and coverage, the report recommends that you focus on:

• Reducing the risk of cyber losses.
• Measures to keep data private.
• Building an internal culture of cybersecurity.
• Preparing for ransomware attacks and disaster recovery planning.
• How your contracts and insurance will respond to a supply chain security breach.
• Understanding primary and excess coverage terms and
  communicating primary terms to excess insurers.

THE $1.9 TRILLION American Rescue Plan Act (ARPA) that President Biden signed into law on March 11 contains a number of provisions intended to help small businesses and other organizations hurt by the pandemic.

Foremost, it includes additional Paycheck Protection Program (PPP) loans to struggling businesses, and a number of special grants to companies in industries that have been especially hard hit, including restaurants, movie theaters, concert spaces, and museums.

The measure also includes provisions extending a number of tax credits to employers affected by the pandemic, in order to make it easier for people laid off during the health emergency to access COBRA coverage after they lose their jobs and their health coverage.

ARPA opens up a new opportunity for businesses that have been hurt by the pandemic to access financial aid to keep their doors open and stay viable. Many of the programs build on ones introduced earlier in the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) and extended by the Consolidated Appropriations Act of 2021 (CAA).

PPP extended

The law authorizes another $7.25 billion for the Paycheck Protection Program, which offers forgivable loans to small firms and other organizations that have been hit by the pandemic.

These loans are forgivable if 60% of the funds are used on payroll and the rest pays for mortgage interest, rent, utilities, personal protective equipment or certain other business expenses.

While the legislation set the deadline to apply for March 31, the deadline was extended until June 30 after Congress passed supplemental legislation.

Other assistance

There are a number of other provisions of the new law aimed at providing financial aid:

• $10 billion for state governments to help leverage private capital and make low-interest loans and other investments to help their small businesses recover.
• $15 billion to the Economic Injury Disaster Loan grants program to be given to small businesses in underserved areas, especially minority-owned enterprises.
•  $29 billion for financial relief grants to restaurants. The maximum grant size will be $5 million for restaurants and $10 million for restaurant groups. The Small Business Administration will administer these grants.
•  $15 billion will be added to the Shuttered Venue Operators Grants program, which was launched by the CARES Act. More funds will be made available to
  museums, theaters, concerts, and other venues that had to shut down due to COVID-19-induced restrictions. This program has not yet launched.

Tax credits

Originally enacted under the CARES Act and CAA, the Employee Retention Credit (ERC) lets certain employers take advantage of a tax credit for qualified wages paid to employees.

The CARES Act capped the ERC at $5,000 per employee for 2020. The CAA, passed in late 2020, expanded the ERC to apply to qualified wages made between Jan. 1 and June 30 this year. It also increased the maximum amount of the credit to $7,000 per employee per quarter.

The new stimulus law extends the ERC through the end of this year. That means that eligible small firms can take a tax credit of up to $28,000 per employee for 2021.

Who is eligible: Businesses that were either fully or partially suspended as a result of COVID-19-related government orders that restricted their ability to operate and generate sales. Also, any business that has gross receipts that are less than 80% of gross receipts for the same calendar quarter in 2019.

ARPA also makes eligible for the tax credit for any start-up businesses that also suffered revenue losses as a result of the pandemic. In addition, ARPA extends through September the availability of paid leave credits to small and midsize businesses that offer paid leave to employees who may take leave due to illness, quarantine, or caregiving due to the pandemic and any closure orders.

Employers that offer paid leave to workers who are sick or in quarantine can take dollar-for-dollar tax credits equal to wages of up to $5,000.