If you are a contractor who bids for local or state jobs, you may have experienced losing a bid every now and then.  While I am sure you simply moved on to the next bidding process, did you stop to wonder how the winning bidder was able to bid so low and still maintain profitability? Obviously, the contractor that keeps his expenses the lowest will see the highest profits. What is not so obvious is how to keep one particular expense, which likely adds the most to your bottom line, the lowest it can be. The culprit expense is your Workers’ Compensation premium. If you haven’t reviewed your classification codes, your claims history or haven’t implemented back-to-work or safety programs, read on. We'll cover how to lower your Workers’ Compensation premium which will ultimately make your company more competitive when bidding for municipal or state contracts.

The first step to ensuring that your Workers’ Compensation is priced correctly is to review your classification codes.  Are your office personal classified as roofers or other field titles? If so, this can make your Workers’ Compensation much higher than it should be. Review the Workers’ Compensation policy to see what each of your employees is classified as and make changes if necessary.  Auditing and review of your current payroll for inaccuracies or deductions you can take, like overtime, Davis-Bacon Act wages, etc. can help lower your cost.  Confirming that subcontractors have valid certificates of insurance, and deducting valid business expenses like auto allowances can have the same effect. Your organization’s classification codes and payroll dollars are the foundation for the base premium.  An error on these numbers could cost severely.

The next factor in determining a Workers’ Compensation rate is the past three years of claims history, which contributes to your experience modifier.  The more claims against your Workers Compensation policy, the higher your experience modifier will be.  This, of course, increases your premiums. If you haven’t had an accident, ask your carrier for a loss run just to make sure there aren’t any accidents incorrectly reported. If you had an accident, unfortunately, this will show on your loss runs for the next three years. You can, however, control how much these claims will cost by implementing “back to work” programs.  The gist of these programs is that employers maintain communication with injured workers and, if possible and through permission of the physician, find work that can accommodate the worker’s injury.  By bringing the employee back to work, the claim will cost less by mitigating lost wage payments and ultimately will affect the claims reporting on your policy and shouldn’t hit your experience modifier as hard.

Various States have programs that can assist in lowering workers compensation costs, e.g. a certified safety committee credit, a contactors credit program, etc.  Utilize these whenever possible to lower your costs.

Finally, making sure safety procedures are developed and enforced will mitigate the risk of an injury. Depending on the type of work your organization does, you may want to institute a two-person rule when workers need to carry heavy objects over a certain weight limit; institute the use of safety harnesses for employees working in high areas or other procedures that would make sense for your individual organization.  After these policies are put into place, be sure to they are communicated to the employees and enforced.  

Keeping your Workers’ Compensation premiums low will take investigating your current policy and pre-planning when it comes to implementing procedures that keep your claims  low or non-existent.  While this takes effort, it will be worth it if you are able to keep your expenses low enough to be the lowest bidder in municipal and state bid processes.

Cyber risk entails more than you think. Given the latest reported data breach from Yahoo (again), people constantly think of hackers when they hear “cyber risk." It is important for executives whose responsibilities include protecting the financial welfare of their companies to understand that cyber risk goes much deeper than the highly publicized security/data breach.  Learning all facets of cyber risk, ways to protect a company’s data infrastructure and financial well being and what remedies are available in the event of a loss, are all paramount to any financial executive in today’s digital world.

If cyber risk isn’t just data breach, what exactly does cyber risk involve? In addition to intentional hacking, cyber risk can include accidental loss of employee or client data, actual physical damage to computers, servers or other networking materials, or even lawsuits resulting from web activities. Comments made on public websites by an executive or employee, inaccurate or libelous statements made online, and a third party sustaining losses from a virus picked up from a company website, can all be considered “cyber risk”. The potential scenarios presented are not an exhaustive list of risk possibilities, but it is safe to say that if your company operates online - including accepting payments, storing/transmitting data, or using social media or web pages to advertise, analyzing your cyber risk should be a top priority.

Proactive IT security measures including implementing security tools, disaster recovery plans and training employees on policies and procedures are essential to mitigating cyber risk.  Many companies already take these precautions.  According to a September 7th, 2012 published report, 8 Surprising Disaster Recovery Stats by CRN.com, “Only 51% of small businesses have an IT business continuity plan…compared to 74% of large businesses.”  Furthermore, downtime created by disasters such as fires (26% of the time), human error (60%), server room issues (44%) and power outages (29%) lasted on average of 2.2 days and cost the companies $366,363 a year.   While having disaster recovery procedures in place to mitigate downtime is essential, these plans don’t take into account recuperating lost revenue, money spent on fixing the problem and possible branding damage.  This is where learning remedies available to companies in the event of a loss become vital.

The first step is to analyze your exposures to loss, considering the type of business you are involved in.  For example, if you have a media company, you should have cyber risk coverage that guards against digital copyright infringement and libel suits.  If you are in the  healthcare industry and are subject to HIPPA laws, you need to have cyber risk insurance that covers breach or negligence events.  After your consideration of the potential exposures, review your current insurance for coverage for loss of equipment, media, business income loss, etc. Often, the standard property and general liability policies provide some coverage that addresses some of your exposures, but more likely, there may be gaps that need to be addressed.

Keep in mind that we are available to assist you in addressing your exposures, and developing an insurance and risk management program to address them

Security and Privacy Liability Insurance protects the insured from loss due to a security failure or privacy event.  Security Failure is defined as:

(1) a failure or violation of the security of a Computer System including, without limitation, that which results in or fails to mitigate any unauthorized access, unauthorized use, denial of service attack or receipt or transmission of a malicious code;

(2) physical theft of hardware controlled by a Company (or components thereof) on which electronic data is stored, by a person other than an Insured, from a premises occupied and controlled by a Company; or

(3) failure to disclose an event referenced in Sub-paragraphs (1) or (2) above in violation of any Security Breach Notice Law.

“Security Failure” includes any such failure or violation, resulting from the theft of a password or access code from an Insured’s premises, the Computer System, or an officer, director or employee of a Company by non-electronic means in direct violation of a Company’s specific written security policies or procedures.  

Privacy Event is defined as:

(1) any failure to protect Confidential Information (whether by “phishing,” other social engineering technique or otherwise) including, without limitation, that which results in an identity theft or other wrongful emulation of the identity of an individual or corporation;

(2) failure to disclose an event referenced in Sub-paragraph (1) above in violation of any Security Breach Notice Law; or

(3) violation of any federal, state, foreign or local privacy statute alleged in connection with a Claim for compensatory damages, judgments, settlements, pre-judgment and post-judgment interest from Sub-paragraphs (1) or (2) above.

Event Management provides coverage for costs the insured incurs as a redult of the above referenced Security Failure or Privacy Event. Loss for this coverage part is defined as:

the following reasonable and necessary expenses and costs incurred by an Insured within one year of the Security Failure or Privacy Event:

(1) to conduct an investigation (including a forensic investigation) to determine the cause of the Security Failure or Privacy Event;

(2) for a public relations firm, crisis management firm or law firm agreed to by the Insurer to advise an Insured on minimizing the harm to such Insured, including, without limitation, maintaining and restoring public confidence in such Insured;  

(3) to notify those whose Confidential Information is the subject of the Security Failure or Privacy Event and advise of any available remedy in connection with the Security Failure or Privacy Event, including, without limitation, those expenses and costs for printing, advertising and mailing of materials;

(4) for identity theft education and assistance and credit file or identity monitoring;

(5) for any other services approved by the Insurer at the Insurer’s sole and absolute discretion;

(6) to restore, recreate or recollect Electronic Data; or

(7) to determine whether Electronic Data can or cannot be restored, recollected or recreated.

Provided, however, Loss shall not include compensation, fees, benefits, overhead or internal charges of any Insured.

Media Content Insurance- protects the insured for any Wrongful Act during the gathering, collection, broadcast, creation, distribution, exhibition, performance, preparation, printing, production, publication, release, display, research, or serialization of material, which results in:

(1) infringement of copyright, title, slogan, trademark, trade name, trade dress, mark, service mark, service name, infringement of domain name, deep-linking or framing, including, without limitation, unfair competition in connection with such conduct;

(2) plagiarism, piracy or misappropriation or theft of ideas under implied contract or other misappropriation or theft of ideas or information; including, without limitation, unfair competition in connection with such conduct;

1. invasion, infringement or interference with rights of privacy or publicity, false light, public disclosure of private facts, intrusion and commercial appropriation of name, persona or likeness; including, without limitation, emotional distress or mental anguish in connection with such conduct;

   1. defamation, libel, slander, product disparagement or trade libel or other tort related to disparagement or harm to character or reputation; including, without limitation, unfair competition, emotional distress or mental anguish in connection with such conduct;

   2. wrongful entry or eviction, trespass, eavesdropping or other invasion of the right to private occupancy, or false arrest, detention or imprisonment or malicious prosecution; including, without limitation, any emotional distress or mental anguish in connection with such conduct;

   3. negligent or intentional infliction of emotional distress, outrage or prima facie tort in connection with Material; or

   4. Loss because a third party, which has no ownership relationship with any Insured, acts upon or makes a decision or decisions based on the content of the Material disseminated by an Insured or with an Insured’s permission.

Network Interruption Insurance- provides coverage for loss that occurs as a result of a security failure. Loss is defined as the below listed costs incurred within 120 days after the end of a Material Interruption (or 120 days after the Material Interruption would have ended if an Insured exercised due diligence and dispatch):

(1) costs that would not have been incurred but for a Material Interruption; and

(2) the sum of all of following, which shall be calculated on an hourly basis:

(a) Net Income (Net Profit or Loss before income taxes) that would have been earned; and

(b) Continuing normal operating expenses incurred, including payroll.

“Material Interruption” means the actual and measurable interruption or suspension of an Insured’s business directly caused by a Security Failure.

Cyber Extortion Insurance- provides coverage for the insured that the insured incurs as a result of a security threat. A security threat is defined as: any threat or connected series of threats to commit an intentional attack against a Computer System for the purpose of demanding money, securities or other tangible or intangible property of value from an Insured.