APRIL 2021- Cyber Insurance – As Attacks and Costs Mount, Rates Climb Higher


CYBER INSURANCE rates are going to increase dramatically in 2021, driven by more frequent and more severe insured losses, according to a recent industry study.

The report by global insurance firm Aon plc predicted that rates would jump by 20% to 50% this year due to two main factors:

 

1. Cyber attacks are becoming more frequent

While publicly disclosed data breach/privacy incidents are actually occurring less often, ransomware attacks are exploding in frequency.

Ransomware incident rates rose 486% from the first quarter of 2018 to the fourth quarter of 2020. The comparable rate for data breach incidents fell 57% during the same period. The incident rates for the two types of events combined rose 300% over the trailing two years.

 

2. The costs of these attacks are growing

The average dollar loss increased in every quarter of 2020. Ransomware attacks were particularly severe – many of them resulted in eight-figure losses. Others may grow to that level as business interruption losses are adjusted and lawsuits against insured organizations proceed.

The combination of more frequent and more costly losses is a
recipe for higher rates.

Cyber insurance rates continued increasing in 2020, with rises of between 6% and 16% in the last four months of the year. In January 2021, most of the top 12 cyber insurance companies told Aon they were planning more drastic rate hikes. Nearly 60% reported that they would be seeking rate increases of 30% or more during the second quarter. None of them expected increases less than 10%.

 

New underwriting criteria

When insurers evaluate cyber insurance applicants, they will be particularly concerned with the organization’s overall cyber risk profile, its cyber governance and access control practices, and its network and data security. Prior loss history will be less important because the frequency of attacks is growing so quickly.

Some insurers may also cap how much they will pay for ransomware losses, or even exclude them entirely. They may also increase the waiting periods before coverage begins to apply.

 

WHAT BUSINESSES CAN DO

To improve your chances of getting more favorable pricing and coverage, the report recommends that you focus on:

  • Reducing the risk of cyber losses.
  • Measures to keep data private.
  • Building an internal culture of cybersecurity.
  • Preparing for ransomware attacks and disaster recovery planning.
  • How your contracts and insurance will respond to a supply chain security breach.
  • Understanding primary and excess coverage terms and
    communicating primary terms to excess insurers.

April 2021 – Stimulus Plan Expands Business Assistance


THE $1.9 TRILLION American Rescue Plan Act (ARPA) that President Biden signed into law on March 11 contains a number of provisions intended to help small businesses and other organizations hurt by the pandemic.

Foremost, it includes additional Paycheck Protection Program (PPP) loans to struggling businesses, and a number of special grants to companies in industries that have been especially hard hit, including restaurants, movie theaters, concert spaces, and museums.

The measure also includes provisions extending a number of tax credits to employers affected by the pandemic, in order to make it easier for people laid off during the health emergency to access COBRA coverage after they lose their jobs and their health coverage.

ARPA opens up a new opportunity for businesses that have been hurt by the pandemic to access financial aid to keep their doors open and stay viable. Many of the programs build on ones introduced earlier in the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) and extended by the Consolidated Appropriations Act of 2021 (CAA).

PPP extended

The law authorizes another $7.25 billion for the Paycheck Protection Program, which offers forgivable loans to small firms and other organizations that have been hit by the pandemic.

These loans are forgivable if 60% of the funds are used on payroll and the rest pays for mortgage interest, rent, utilities, personal protective equipment or certain other business expenses.

While the legislation set the deadline to apply for March 31, the deadline was extended until June 30 after Congress passed supplemental legislation.

Other assistance

There are a number of other provisions of the new law aimed at providing financial aid:

  • $10 billion for state governments to help leverage private capital and make low-interest loans and other investments to help their small businesses recover.
  • $15 billion to the Economic Injury Disaster Loan grants program to be given to small businesses in underserved areas, especially minority-owned enterprises.
  •  $29 billion for financial relief grants to restaurants. The maximum grant size will be $5 million for restaurants and $10 million for restaurant groups. The Small Business Administration will administer these grants.
  •  $15 billion will be added to the Shuttered Venue Operators Grants program, which was launched by the CARES Act. More funds will be made available to
    museums, theaters, concerts, and other venues that had to shut down due to COVID-19-induced restrictions. This program has not yet launched.

Tax credits

Originally enacted under the CARES Act and CAA, the Employee Retention Credit (ERC) lets certain employers take advantage of a tax credit for qualified wages paid to employees.

The CARES Act capped the ERC at $5,000 per employee for 2020. The CAA, passed in late 2020, expanded the ERC to apply to qualified wages made between Jan. 1 and June 30 this year. It also increased the maximum amount of the credit to $7,000 per employee per quarter.

The new stimulus law extends the ERC through the end of this year. That means that eligible small firms can take a tax credit of up to $28,000 per employee for 2021.

Who is eligible: Businesses that were either fully or partially suspended as a result of COVID-19-related government orders that restricted their ability to operate and generate sales. Also, any business that has gross receipts that are less than 80% of gross receipts for the same calendar quarter in 2019.

ARPA also makes eligible for the tax credit for any start-up businesses that also suffered revenue losses as a result of the pandemic. In addition, ARPA extends through September the availability of paid leave credits to small and midsize businesses that offer paid leave to employees who may take leave due to illness, quarantine, or caregiving due to the pandemic and any closure orders.

Employers that offer paid leave to workers who are sick or in quarantine can take dollar-for-dollar tax credits equal to wages of up to $5,000.


Law Adds Independent Contractor Exemptions – OCTOBER 2020


A NEW LAW has come to the rescue of a number of freelance professions by exempting them from the onerous requirements of AB 5, which required most independent contractors to be classified as employees in California. Governor Gavin Newsom on Sept. 1 signed AB 2257 as an urgency measure so that it took effect immediately. If you remember, AB 5 set a new standard for hiring independent contractors, requiring many to be reclassified as employees covered by minimum wage, overtime, workers’ compensation, unemployment and disability insurance. It created a three-pronged test that needs to be satisfied to determine if someone is an independent contractor or an employee.

To be independent contractors under AB 5’s “ABC test,” workers must (A) work independently, (B) do work that is different from what the business does, and (C) offer their work to other businesses or the public. All three conditions must be met.

It is prong B that’s problematic. For example, a freelance writer working for a magazine would not be doing something different than the business does. The new law sets limits on the amount of income someone can receive while doing this kind of work before being considered an employee. AB 2257 also expands the “business-to-business” definition in AB 5 to cover a relationship between two or more sole proprietors.

 

 

 

 


New Law Creates COVID-19 Claim Framework – OCTOBER 2020


GOVERNOR GAVIN Newsom has signed legislation that creates a new framework for COVID-19- related workers’ compensation claims. SB 1159 replaces an executive order that Newsom made on March 18 that required all employees working outside the home who contracted COVID-19 be eligible for workers’ compensation benefits if they file a claim. The new law expands that rebuttable presumption” that a coronavirus case is work-related to front-line workers, as well as employees in workplaces that have had an outbreak of cases. The new law is retroactive to July 6, the day after Newsom’s executive order expired, and is set to expire Jan. 1, 2023.  Employers with fewer than five employees are exempt under the statute.

SB 1159’s three parts

Part 1. The law codifies Newsom’s prior executive order that provided a “rebuttable presumption” that COVID-19 was contracted in the scope and course of work by employees working outside of the home who get infected.

Part 2. The law provides a rebuttable presumption that firefighters, law enforcement officers, health care workers and home care workers who contract COVID-19, contracted it in the workplace.

Part 3. The law creates a rebuttable presumption that a worker’s COVID-19 diagnosis is work-related within 14 days of a company outbreak. Under SB 1159, an outbreak is defined as when four employees test positive at a specific place of employment with 100 or fewer employees and, for larger places of employment, when 4% of the employees test positive. It’s also deemed a workplace outbreak if the employer had to shut down due to the coronavirus.

Rebutting a claim

Employers can rebut the presumption that COVID-19 was contracted at work if they have:
• Proof of measures they put in place to reduce potential transmission of COVID-19,
• Evidence of the employee’s nonoccupational risks of contracting COVID-19,
• Statements made by the employee, or
• Any other evidence normally used to dispute a work-related injury.

REPORTING REQUIREMENTS

When an employer learns of an employee testing positive, they must report to the insurer the following information within three business days:
• The date the employee tested positive.
• The address or addresses of the employee’s specific place(s) of employment during the 14-day period preceding the date of their positive test.
• The highest number of workers who reported to work in the 45-day period preceding the last day the employee worked at each specific site.

Filing False Information Can Result in a $10,000 Fine

The Rossi Law Group has the following recommendations for employers in California:
• Keep track of all locations each employee works at, the number of employees on each day at each location, as well as a log of those that test positive (including the date the specimen was collected).
• If you are aware of any staff who have tested positive between July 6 and Sept. 17, you have 30 days after Sept. 17 to report the positive test to the claims administrator.
• You must also report to the insurer positive COVID-19 results for employees that are not filing claims. In that case, you must omit personal identifying information of the employee.
• Provide any factual information to the claims administrator that could help rebut any claim of work-relatedness.

The law also has some teeth: Anyone who submits false or misleading information shall be subjected to a civil fine up to $10,000.

One last thing…

The governor also signed into law AB 685, which requires employers to report an outbreak to local public health officials. Employers must also report known cases to employees who may have been exposed to COVID-19 within one business day.


Do you have a risk management plan? You should.


RISK MANAGEMENT – Even Small Firms Need a Crisis Management Plan

With risks to companies and employees growing, sometimes the unthinkable happens and a business has a real crisis on its hands. While large companies are usually well-prepared for a crisis should one occur, most small and mid-sized firms don’t have the resources or have not put much thought into how they would handle a crisis.

One of the most difficult parts of crisis planning is just what to prepare for, since a crisis could be a number of different events, like:
• The sudden death of a key member of your team.
• A defective product leads to an injury, illness – or worse.
• An accident severely maims or kills a number of your workers.

Your strategy

To get started, assemble a team that includes key members from your organization who will be responsible for creating your crisis-response plan. INC. Magazine recommends the following for your team:
Make a plan – You cannot start planning without first identifying your objectives. Once you identify them, you can make response plans for each type of event. Typically, that includes:
• Safeguarding any person (employee, vendor, customer and/ or the public) who may be affected by the crisis. Your plan would include how to respond to the crisis if people’s health and wellness are at stake.
• Making sure the organization survives. This would include steps you would take to ensure the company can continue as a going concern after a significant disruption.
• Keeping stakeholders (employees, vendors, clients, the public and government) informed on developments.

Create a succession plan – You should clearly outline the necessary steps to follow if you or one of your key managers suddenly became unable to perform their duties. This plan may include selling the company, or transferring ownership to family members or key employees.
Seek advice from the experts – This includes your leadership team, employees, customers, communications experts, investment bankers, exit planners, lawyers and financial managers. Each of these individuals has unique insights that can be invaluable for how to tackle a crisis.
Name a spokesperson – This is important if you have a crisis that spreads beyond your organization and affects the health and safety of a member of the general public, your staff or customers. Funneling all media communications through a spokesperson can help you deliver a clear and consistent message to media, as well as to the public at large.
Honesty is the best policy – A lack of honesty and transparency can lead to rumors, as well as a general distrust of your organization if the truth is exposed. The best approach is to be transparent and truthful about what happened and what you are doing to resolve the crisis.
Keep your staff up to speed – To stop the rumor mill and also keep employees from becoming worried amidst the uncertainty, keep your workers abreast of developments – and what the crisis means for the organization, and what you are doing about it.
Keep customers and suppliers informed – If you have an event that’s causing some disruptions, you also owe it to your clients and vendors to let them know what’s happening. Like your employees, keep them regularly updated on events and the steps you are taking to address the crisis. Put together a plan for how you would keep them posted.
Act fast and update regularly – Keeping the communications alive is important and once you grasp the situation and its effects, you can issue summary statements of the crisis and what’s happened. Then you can follow up with regular updates on your action plans, on people affected, any hotline you may set up, and more.
These days news travels fast and like wildfire on social media. You need to move at the same pace.
Social media is vital – More and more people get their news from social media and the discussions that ensue on posts, so you need to make sure that your company stays on top of the flow. You may want to assign a person or two to monitor social media and post and react to posts on social media. That way, your team can tell the company’s side of the story and put to rest unfounded rumors.
Make a plan for what a social media contact’s responsibilities would be during a crisis.

Get an early start

Your plan won’t be effective if you create it during a crisis. Plan in advance, so everyone can approach the strategizing unrushed and with a clear head.