Cyber Insurance – Many Choices Now That There Is NO Choice

Cyber Insurance: Many Choices Now That There Is No Choice

 

Every organization, of every size and operational orientation, needs cyber insurance to manage its exposures in this age of networked information.

That was one thing speakers agreed on at the recent 2017 Cyber Liability Symposium held by the Professional Liability Underwriting Society (PLUS).

No organization is off the radar for bad actors who relentlessly seek the weakest links for accessing valuable personal and financial information, threatening to shut down an operation, or seeking to do physical damage.

For example, said Robert Anderson, a managing director for Navigant, the health care sector is now under siege from “rampant” attacks by “ransomware,” malicious computer coding that essentially captures or disables an organization’s information assets until a ransom is paid.

“It’s not just payroll that’s affected,” he said. “You can’t do surgery. You can’t do dialysis. Every aspect of the institution is tied up.”

In a subsequent session, attorney Jennifer Coughlin, a partner in Mullin Coughlin LLC, commented, “Did we ever think hackers could take down an MRI? At one care facility, they took down the patients’ tracking anklets. For some time, they couldn’t find two patients. That’s a big deal.”

As cyber attacks and data breaches become more common, organizations “victimized” by an attack will find themselves under potentially harsh scrutiny for their level of security and preparedness. “If you suffer a major breach, it’s an investors’ event, it’s a board event,” said Brad Gow, global cyber product leader for Endurance.

Cyber vulnerabilities will almost certainly increase exponentially as the Internet of Things (IoT) expands. Today, there are now more equipment sensors and related devices connected to the Internet than cell phones, and Zurich estimates there will be more than six connected devices per person worldwide by 2020.

As a reflection of the spread of “smart” technology, symposium keynote speaker Pieter Zatko noted that a current fighter jet has 3,500 components that are directly or indirectly connected to the Internet. Zatko, known by the nickname “Mudge,” is a renowned hacker who has worked for the federal government and now serves as director of the Cyber Independent Testing Lab (CITL).

Adding to the pressure on organizations is the increased attention federal and state regulators are devoting to cyber security.

Symposium attendees heard several references to “OCR” and “NIST,” the federal Office of Civil Rights and the National Institute of Standards and Technology, respectively. OCR, a branch of the Department of Health and Human Services, is entrusted with promoting NIST standards with regard to the security of individuals’ health information.

Speakers expressed hope that the Trump Administration would relax OCR activity in this regard, but there was no indication of that yet.

“I’ve seen OCR step up its involvement [in recent years],” said Jennifer Coughlin. “The states are also more comfortable starting [cyber-security investigative] proceedings the past few years.”

“We were hoping for [the OCR] to step back [since President Trump’s inauguration], but unfortunately that’s not happening,” added Kimberly Horn, global focus group leader for Beazley breach response and information security claims.

As regulators consider whether to require organizations to obtain cyber insurance, a growing number of companies are requiring their business partners to do so. These requirements raise a fundamental question, according to Angela Gleason, senior counsel for the American Insurance Association: “What constitutes cyber insurance?” she asked. “Would standard data breach coverage suffice, or is something more needed?”

As organizations increasingly recognize the imperative of purchasing cyber insurance, they are still confronted with a complex variety of policy forms and coverages, and a daunting application process.

Cyber insurance is available from about 70 carriers, most of them with very different coverage features, according to Stephanie Snyder, national cyber sales leader for Aon. “When you look at coverage offers and review the triggers, definitions, and exclusions, it really runs the gamut.”

Moreover, she added, cyber risk changes from month to month, as do an organization’s exposures for digital assets, and the methods and systems for securing those assets. Given all this complexity, Snyder said even organizations that have purchased cyber insurance “may not have the appropriate coverages” when claims come in.

For example, she noted, retailers need coverage for breaches or violations of Payment Card Industry Data Security Standards, better known as “PCI DSS.” The presence or absence of a single coverage like that can be overlooked, however, when applicants are considering comprehensive packages.

Things are starting to improve for cyber insurance buyers, however. For one thing, “we’re starting to see policies come together;” i.e., become more standardized, according to Snyder.

Also, insurers recognize they can no longer compete effectively using applications with a “list of 100 questions,” said David Gilmore, director of business development for Symantec. Yet, he added, “there’s no three-question magic bullet either.”

Sales of cyber-insurance are bolstered by a slowly changing attitude toward the coverage among IT professionals.

Whereas IT professionals once considered cyber-insurance as unnecessary, or implicitly critical of their work, Snyder noted that “there’s been a change in IT professionals’ perception of cyber-insurance. They now understand how cyber-insurance is a backstop that protects them.”

“Cyber insurance is a part of cyber security,” added Gilmore from Symantec, an important acknowledgement from a leader in cyber-security.

 The purchase of cyber-insurance coupled with risk control and event response services is becoming a routine part cyber-security planning, according to Kevin Kirst, director within the forensic technology practice of PricewaterhouseCoopers.

 Given resource constraints, Kirst said that even highly sophisticated IT operations must choose between mission-critical cyber risks they must manage themselves and risks they can transfer. For some organizations protection of personally identifiable information of customers will be a top priority for maintain customer confidence and avoiding regulatory sanctions. For others, avoiding disruption of operations will be the top priority.

 Adding to the complexity of the process is the daunting array of cyber-security programs available from IT vendors.

 There are more than 600 products on the market for protecting digital assets, said Shaun Brady, executive director of the Center for Model Based Regulation. Some large organizations utilize and manage more than 100 of them.

 Acquiring cyber-security software is no guarantee that one will be protected from breaches, however. Zatko’s Cyber Independent Testing Lab rigorously examines networked applications for security vulnerabilities, and has concluded that “about a third of the vulnerabilities are vulnerabilities of security software we have installed to protect our systems.”

 For all organizations, therefore, the most important factors in loss control continue to be well-established and well-communicated employee data management practices, reinforced by staff training and stringent individual accountability for lapses.

 “Some of our clients push down accountability to the business units,” said Kirst of PricewaterhouseCoopers. “The business unit manager should be responsible.”

 Cyber-insurance may do little good for an organization, however, if the organization does not immediately recognize an attack or breach and notify the insurer. On this score, some IT departments are still slow to act, believing they can handle the problem themselves, or that reporting an incident will be seen as acknowledging an error on their part.

“There’s a real disconnect sometimes between frontline IT and the risk manager,” said Kim Horn of Beazley.

Horn shared an anecdote of a client that had contracted for credit monitoring service and engaged a forensics firm and several lawyers before notifying the cyber carrier of a breach. It turns out that the cost of most of those services fell unreimbursed to the client, as those services were not covered under the policy.

“It could have been so much better if they had come to us first,” she said. “It you work with your carrier, your whole response might be covered. At least you will be acting with an informed view when you respond.”

Horn’s observations were echoed by Brad Vatrt, assistant vice president for cyber, media, and technology for AIG. It’s common, he said, for an IT department to “sit on” a breach report, and then try to address it, before reporting it to upper management. “Now we’re not dealing with a claim a few hours old but a few days old,” he said. “[Response] work may have already begun, some of it not covered.”

 The sooner you call the carrier, the better,” said attorney Coughlin in her remarks. “The longer you wait, you’re losing evidence, perhaps over-notifying people, and perhaps giving the wrong notice information.”

While an incident must be reported immediately, the response should not start, if possible, until the principal actors under the nature and extent of their cyber coverage.

“You need to understand how those coverages [in a cyber policy] relate to each other,” Vatrt said. “You have multiple retentions and multiple waiting periods. Know the costs [of notice and remediation] but also know how those costs are allocated under the policy.”

By now, no one should feel embarrassed at being the target of a cyber attack, even a successful one, as long as their response is prompt and effective.

“Attacks keep happening, and we can’t stop them completely,” said Matt Shabat, director of performance management for the U.S. Dept. of Homeland Security. The key question, he said, is “what do I do when that breach occurs?”

By Joseph S. Harrington, CPCU, ARP | April 12, 2017

 

 

Cyber Insurance ~ Understanding the Pitfalls

 

Cyber Insurance – Understanding the Pitfalls

As more and more companies enter the burgeoning cyber insurance marketplace, they often ask policyholder counsel like me how they can choose the best cyber policy when confronted with so many choices.

When the marketplace was still in its infancy just a few years ago, this was a considerably harder question because the policy forms, including the scope of first party and liability coverages being offered by different insurers, varied so drastically. But as the cyber insurance marketplace enters its adolescent stages, there is beginning to be more standardization in available coverages and exclusions, at least at a high level.

But what has not changed is that many key terms of these policies remain negotiable (considerably more so than for other types of insurance policies), and the courts have been presented with few opportunities to provide guidance on how key provisions in these policies are likely to be interpreted.

Cyber insurance remains a work in progress when it comes to assessing the risks carriers face and providing a clear…

The net result is that prospective policyholders can and should continue to negotiate aggressively in the underwriting process, especially when purchasing cyber coverage for the first time. But what provisions should a prospective policyholder be most concerned about? The answer depends largely on the most prevalent risks faced by individual companies, which are unique to them.

However, there are some provisions common to many cyber policies that, in my view, present risk to all policyholders due to imprecise or inappropriately restrictive coverage language. Because these provisions are almost certain to be the basis of numerous denials of coverage, they are likely to be tested in litigation in the next few years and deserve particular focus by prospective policyholders. Some of these looming battleground provisions include:

Retrospective dates

Most cyber policies are subject to a specified retrospective date, which means that liability claims, such as data breaches, arising from events occurring prior to that date are not covered. Often, the insurer will set the retrospective date at the inception date of the first policy the insurer issues to a particular insured. This can be a significant problem, especially for first-time insureds, due to the close temporal proximity between the retroactive date and any potential claims.

To make matters worse, many cyber policies contain language purporting to relate all causative events back in time to the date of the initial causative event. In many cases, this problem will begin to alleviate itself over time if the policyholder renews its cyber policy with the same insurer (i.e., the retroactive date will remain fixed at the initial inception date as successive policies are issued). That said, I still see more cyber claims denied on this ground than any other.

Some cyber insurers will agree to backdate applicable retroactive dates for prospective policyholders and some will not. Particularly with respect to the latter, significant factual disputes regarding the specific events precipitating an otherwise covered claim are entirely foreseeable. The complex technical aspects of data networks and the inherent uncertainties regarding the genesis of many breaches are likely to exacerbate these disputes even further.

Unauthorized access to computer systems

Many cyber policies provide coverage only where access to the insured’s computer system is “unauthorized.” Some insurers will argue that this precludes coverage where an employee negligently provides access (such as losing his or her password) or is tricked into providing access (such as in a spear phishing attack).

Some insurers have sought to clarify the scope of “unauthorized access” by defining that term in their policies, but others have not. Like many cyber policy provisions, the scope of this definition may be negotiable, and any ambiguities should be resolved in favor of the policyholder under general principles of insurance policy interpretation. But given the ever-increasing frequency of cyber fraud and the ever-increasing ingenuity of cyber fraudsters, the extent to which there is coverage under cyberpolicies for unintentional but arguably authorized access to computer systems is likely to be disputed vigorously.

War and terrorism exclusions

Many cyber policies exclude loss arising from acts of war and terrorism, and define those terms broadly. Because these exclusions are carryovers from older types of liability policies, they often are overlooked as mere boilerplate for companies whose operations are largely domestic. But the danger of these exclusions in the cyber context, if not worded appropriately, is that they potentially preclude coverage for cyber attacks initiated by individuals or entities in foreign countries, where many of the most serious attacks originate.

I have seen a number of these exclusions in which the insurer could make a reasonable argument that a state-sponsored attack by a foreign government (e.g., the North Korean attack on Sony), or even loosely affiliated groups or individuals with a particular political or social agenda, fall within the scope of the exclusion. Because cyber attacks by foreign entities are now so ubiquitous, this should be a serious concern for policyholders, not just an academic discussion.

Some insurers are now willing to negotiate a more appropriate scope of these exclusions (e.g., carving “cyberterrorism” out of the exclusion). But for insurers that refuse to negotiate this language, the extent to which attacks originating abroad constitute acts of war or terrorism is likely to be a hotly disputed issue.

Exclusions for generalized acts or omissions

Some cyber policies exclude coverage where the insured fails to follow “minimum required security practices,” employ “best security practices,” or comply with its own security policy. In my view, these exclusions are inappropriately overbroad and lend themselves to subjective application.

Even though these exclusions are becoming far less common in cyber policies (probably due to marketplace pressures to remove them), they still persist in some cyber policy forms. In fact, one of the few coverage lawsuits filed to date involving coverage under a cyber policy was focused on precisely this issue (although it was dismissed on other grounds). As long as these exclusions persist, their inherent ambiguity and uncertain application are likely to make them the subject of considerable dispute.

 

 

 

~Tow Truck Market Gets Hit Hard as Carriers Exit~

 

red tow truck

Our friends at the Insurance Journal shared this article with us.  It is a little long but worth the read to gain a better understanding what is going on in this specialized industry.

 

Tow truck drivers operate in a dangerous world. Every day they face angry drivers while repossessing vehicles, dangerous driving and road conditions, near misses while operating heavy equipment, and close calls on U.S. freeways while hitching up wrecked vehicles.

These are just a few of the reasons why the tow truck market is in a state of emergency, says one broker specializing in this class. Another reason: a crumbling insurance market with fewer and fewer carriers willing to write the business.

Chip Thompson, president and CEO of American Transportation Insurance Group (ATIG), has never seen the insurance market for tow trucks this bad since opening the doors of his specialty agency in 2001.

“I’ve never seen anything like what I’ve seen happen in the last six months,” said Thompson, whose book of towing and repossession business nears $20 million in premium. He’s been specializing in the higher risk transportation market, particularly in the garage, towing, trucking and repossession markets, on a nationwide basis since 2001.

“Right now, we are working three times as hard just to keep the risks that we have on the books.” The P/C industry’s competitive environment is not the problem, Thompson adds. The insurance market is so difficult for tow trucks some are forced to close shop. “We are losing one out of every four customers and we are not losing them to other agents. They are shutting down,” he said.

Mike House, vice president, producer, broker for USG Insurance Services Inc. in Canonsburg, Pa., agrees.

“Towing is a very difficult market right now,” House said. “None of my markets will write a towing operation and schedule a tow truck for auto liability or physical damage.” House said his markets will write the garage liability but won’t touch the scheduled auto for the tow truck. “It is a very difficult market and I’m hearing a lot of companies are pulling out.”

The tow truck insurance market has been hit with myriad factors leading to its current state of disrepair, according to Thompson. From reinsurance drying up to the commercial auto market exploding, combined with the ever-increasing costs of litigation and health care, tow truck firms are facing heavy obstacles and it’s only just begun.

Most of the U.S. commercial auto insurance market has had a tough time in recent years and tow truck operators are no exception.

The commercial auto market as a whole has posted underwriting losses for five consecutive years and has evolved into the most chronically underperforming product segment for U.S. property/casualty insurers, according to Fitch Ratings.

“It’s the perfect storm for garage and commercial auto in the last six months and I don’t see it letting up anytime soon,” Thompson said.

Shock Wave

The biggest shock wave hit the industry in September 2016 when Progressive pulled the plug on the towing sector nationwide, Thompson said.

“That was the bellwether for everything else that followed after that,” he said. “In the last 18 months, we’ve lost eight to nine carriers in this space and it’s a small field anyway.”

Some carriers made a profit and exited, some carriers lost money and exited, and some decided they didn’t want to write the class of business anymore, Thompson said. “It’s gone all ends of the spectrum.”

Progressive’s exit shut down any hope of new carriers coming into the space as well. “When Progressive shut it down that shut everybody else down,” Thompson said.

“It seemed as if the carriers that were entertaining coming into the market thought, ‘If Progressive is going the other way why are we going toward it?’ Progressive is very technologically savvy,” Thompson said. “They understand the rates per the ZIP code per the risk per the street. They are pretty good at what they do and if they can’t make money on towing who can?”

Progressive hasn’t gone so far as to leave current policyholders empty-handed, but will not be taking on new accounts.

“We’re not currently taking on new towing business, however, we continue to insure our existing customers,” Brett Stalnaker, Progressive’s commercial auto product manager told Insurance Journal.

Stalnaker says the insurer will return to the towing segment in the future. “In order to be more accurately priced, we’re making some small changes to our program, including introducing new segmentation and fully expect to continue insuring new tow truck business at some point in the near future,” he said.

The current state of the market for tow trucks hit very hard and very fast, Thompson said. “Normally I would think there would be 20 percent or 30 percent increases (in difficult times) but we are seeing 100 percent to 150 percent increases on accounts with no claims,” he said. “Anyone in the commercial auto space right now, if they haven’t gotten hit, they are going to be hit with a sledge hammer in the first two quarters of this year.”

Cost Drivers

Continuing challenges in commercial auto liability range from distracted driving to increased miles driven and vehicles on the road to higher vehicle repair costs and rising severity in liability claims. Tow trucks are no exception.

“Commercial auto in general is not going to catch a break for the next several years,” Thompson said. Most everything that’s commercial auto from trucking to dump trucks to garage risks is difficult. “Any place now where there is a human being touching an auto is warfare.”

For tow trucks, it’s rear-end collisions that are “bringing insurance companies to their knees,” Thompson said.

“Drivers are going too fast and are distracted,” Thompson said. “When you are driving a heavy commercial vehicle, like a tow truck, and you hit a car with three or four people in it, all of those people have neck and back injuries, you total their car, you will have $30,000 worth of damage to your tow truck, and it’s just a rear-end collision, which theoretically is preventable.”

Right now, Thompson and ATIG are doing damage control and just trying to keep their current clients insured. “We are working three times as hard to keep the risks that we have but there’s a lot of angry people right now. We are catching it from all sides.”

‘None of my markets will write a towing operation and schedule a tow truck for auto liability or physical damage.’

MGAs, other brokers, and the few insurers left in the space are swamped. “We are trying to hold our clients’ hands through this and explain what’s going on.”

Thompson has even had to turn away new business. “People are calling up panicked, they are in tears because they are going to lose their business. They expire in two days and their premium tripled but you can’t help them,” he said. “I’m at the mercy of the MGAs/brokers/insurers and they only have so much manpower. Everyone is on edge.”

Managing Risk

The only thing towing companies can do is to manage their risk, Thompson said.

“I’ve got guys that are now putting cameras inside the trucks both facing outward and inward and if they catch their drivers eating or talking on the phone or texting, there is zero tolerance. They are fired,” he said.

He doesn’t expect the insurance market for towing to bounce back anytime soon either. “It will be a long time before insurers react to improved risk management in firms.”

For now, focus on driver training, he said. “I can’t specify that enough. And settle more claims out of pocket if you can legally. And if you have insurance right now, and it’s semi affordable, then protect it with your life.”

(by Andrea Wells, via Insurance Journal)

~Orlando Passes New Drone Ordinance Effective Immediately!~

131213_ Drone flying in Brooklyn,  NY, NY, Exclusive for Sunday, J.C. RIce

We borrowed this article from the Orlando Weekly. It is only a matter of time before other cities and jurisdictions follow suit.

“It’s now a little harder to shoot one of those slick drone videos over Lake Eola.

The City Beautiful has passed a new drone law that requires permits for drone users, fines for violators and jail time for those operating the flying machines under the influence.

According to the new ordinance passed by city officials on Monday, drone use is now restricted within 500 feet of city-owned parks, schools and venues, such as the Amway Center, Camping World Stadium and Harry P. Leu Gardens. Drones are also restricted within 500 feet of gatherings with more than 1,000 people.

A permit is required to fly a drone in these areas, which cost $20 per flight or $150 annually.

Those caught in violation of the ordinance will have to pay fines between $200 and $400.

Anyone who operates a drone under the influence of alcohol or drugs also runs the risk of arrest or jail time, on top of the fines for violating the ordinance.

Opponents of the ordinance say that the federal government already has drone regulations and that this will discourage the sale and recreational use of the machines.

City officials say that they want to encourage drone use in the city, but also make sure that popular public places are kept safe for citizens and tourists.”

If you have a drone and need insurance coverage we have options for you. Give our office a call and speak with Rick Roman today.

~Breach Claims on the RISE!~

cyber hacker concept

The threats are all around in the Cyber world. We can help you with that!

 

Image caption Ransomware was less popular than breaches involving stolen credentials or the theft of cash

Insurance claims for data breaches are being made at a rate of more than one a day, figures from CFC Underwriting suggest.

The firm said that in 2016 it had handled more than 400 claims on cyber-breach policies it had issued.

The main types of attack being claimed for were privacy breaches and the theft of cash, it said.

The massive amount of stolen data shared online was driving many attacks, said the firm.

No recovery

Claims on CFC policies were up 78% on 2015, said Graeme Newman, chief innovation officer at the underwriter.

“About 90% of our claims by volume are from businesses with less than £50m in revenue,” he said, adding that a “disproportionate” number of claims were being made by British firms.

“This is largely down to the fact that on the whole, UK businesses have a lower level of security maturity than their US counterparts,” he said.

Ransomware, in which data is encrypted unless victims pay cash to a hacker to unscramble it, was behind 16% of the claims filed with CFC, putting it third behind data breaches and theft, he added.

Mr Newman also pointed out that the major breaches seen in 2016, which have seen huge amounts of login details stolen and shared, was starting to be used much more frequently.

These “phantom breaches” and account takeovers were proving tempting for criminal hackers, said Mr Newman.

“They are going after the low-hanging fruit,” he said.

Cyber-breach claim categories
Privacy breach 31%
Financial loss 22%
Ransomware 16%
Malware/viruses 7%
Website attacks 5%
Unauthorised access 5%
Business interruptions 4%
Other 10%
Source: CFC Underwriting

Cyber-insurance was becoming necessary to help firms cope with the volume of attacks they faced every day, he said.

“It’s now become more of an incident response service that pays all the costs associated with that,” he said. “You ring up the insurer and they get people in to help.”

Many insurance firms now had security, data forensics, incident response and PR firms on call to help respond when a claim is filed, he said.

Some also employed experts who had experience negotiating with kidnappers and can advise about the best way to deal with ransom and extortion demands.

The insurance policies were proving popular, said Paul Delbridge, a partner at professional services network PWC, who has studied the market, because the costs associated with investigating and fixing a breach were potentially so high.

“It can be incredibly expensive to work out what was stolen and remediate,” he said.

In the UK, most policies were for a few million pounds, said Mr Delbridge, and the highest cover that firms can buy is for £25m. In the US, the highest policies cover about $100m (£80m).

The cyber-breach policies were particularly attractive to smaller firms which cannot afford to staff and run a large internal security unit, he added.

“Not investing in your cyber-defense’s is very risky because if there’s a material breach it becomes a very public event and often the PR fallout is such that the business never really recovers,” he said.

 

~Florida Work Comp Rates Are Increasing in December~

postage-rate-increase

Florida Workers’ Comp Rates will Increase December 1, 2016

The Florida Office of Insurance Regulation (OIR) has approved an overall statewide average increase for Florida’s workers’ compensation rates of +14.5%.­ The rate increase will apply to new and renewal policies starting December 1st.­ There is no rate change to existing policies.­

NCCI made an initial rate request of +19.6% in July in response to two Florida Supreme Court cases affecting the workers’ compensation law:­ the Castellanos decision invalidated the statutory cap on fees paid to attorneys representing injured workers and the Westphal decision increased benefits for workers receiving temporary total benefits. ­

The +14.5% rate increase is the statewide average; individual class codes may increase more or less than this amount.­

~Workers Comp Exemptions At A Glance~

Because it can be challenging to keep up with the Florida law requirements on what businesses are required to have workers’ compensation insurance and who is eligible to exempt out of these requirements, we have expanded our handy “Exemptions At-A-Glance” reference guide.­ This guide now contains coverage requirements as well as exemption information and has been retitled “Key Coverage Requirements and Exemption Information At-a-Glance.”­

The expanded guide covers the following topics:­

  • Key workers’ comp coverage requirements
  • Exemptions for construction companies
  • Exemptions for non-construction companies
  • A list of class codes the State of Florida considers to be in the construction industry.

The Exemptions At A Glance:

FLORIDA WORKERS’ COMPENSATION KEY COVERAGE REQUIREMENTS AND

EXEMPTION INFORMATION AT-A-GLANCE

FUBA Workers’ Comp created this document as a general summary of Florida law regarding workers’ compensation exemptions, and

is not intended to provide legal advice or insurance coverage advice. For specific questions, please contact a licensed insurance

agent, an attorney, or the Division of Workers’ Compensation.

Key Coverage Requirements:

1. Non-construction employers with 4 or more employees (full-time or part-time) must provide workers’ compensation

coverage for all employees.

2. Construction industry employers with 1 or more employees (full-time or part-time) must provide workers’ compensation

coverage for all employees. Florida law does not allow independent contractors in the construction industry; everyone is

either a business owner or an employee. For a list of the industries considered to be in the construction industry under

Florida law, see Rule 69L-6.021, attached to this document. If any portion of a company’s operations is in a construction

code on this list, the business is considered to be in the construction industry.

3. Construction industry employers hiring subcontractors must ensure that a subcontractor has workers’ compensation

coverage or a valid exemption. If the subcontractor has employees, the subcontractor must have a workers’ compensation

policy, even if the owner is exempt. If the subcontractor does not have workers’ compensation coverage for its employees,

those workers become the employees of the contractor. If an injury occurs, the contractor is responsible for paying the

benefits for the injury and will be assessed premium for the payroll of the subcontractors.

4. Corporate officers and LLC owners may exempt themselves from workers’ compensation coverage by filing for an

exemption with the Division of Workers’ Compensation. Corporate officers and LLC owners receiving exemptions are not

entitled to workers’ compensation benefits should they be hurt on the job.

Exemptions for Non-Construction Companies:

(Required to have workers’ compensation coverage if they have 4 or more employees)

A. Sole Proprietorships or Partnerships

1. Sole proprietors and Partners are not considered “employees” and are automatically excluded from workers’ compensation

coverage by law; they do not have to file for an exemption.

2. Sole Proprietors and Partners have no workers’ comp coverage and cannot be included on a workers’ compensation policy

unless they file form DWC 251 Election of Coverage with the state Division of Workers’ Compensation (“DWC”).

3. They can go back to being excluded by filing form DWC 251-R with the DWC.

B. Corporations

1. Corporate officers are considered “employees” and are included for coverage purposes unless they file for and receive an

exemption with the DWC (online only – paper forms are not accepted). There is no limit to the number of corporate

officers who can exempt out of workers’ compensation coverage.

2. Corporation must be registered and listed as “active” with the Florida Division of Corporations (sunbiz.org). Applicant must

be listed as an officer of the corporation in the Division of Corporations’ records.

3. There is no charge for a non-construction exemption.

4. Non-construction exemptions issued on or after 1/1/13 expire after 2 years and must be renewed every 2 years to remain

valid. Non-construction exemptions issued prior to 1/1/13 are valid until they are revoked; they do not expire.

5. Exemption can be revoked by filing form DWC 250-R with the DWC.

C. Limited Liability Companies (LLC)

1. Owners (usually called “members” or “managing members”) of non-construction LLC’s are considered “employees” and are

included for coverage purposes unless they file for and receive an exemption from the DWC (online only – paper forms are

not accepted).

2. The LLC must be registered and listed as “active” with the Florida Division of Corporations (sunbiz.org). Applicant must own

at least 10% of the LLC to be eligible for an exemption.

3. Up to 10 LLC owners may elect to be exempt.

4. The exemption is free and must be renewed every 2 years to remain valid.

5. Exemption can be revoked by filing form DWC 250-R with the DWC.

Construction Companies:

(Required to have coverage for all employees)

A. Sole Proprietorships or Partnerships

1. Sole proprietors and partners in the construction industry are considered employees and are automatically included for

workers’ compensation coverage purposes. They are not eligible to exempt out of workers’ compensation coverage. They

must have workers’ comp coverage to work legally in the state of Florida.

B. Corporations

1. Corporate officers are considered “employees” and are included for coverage purposes unless they file for and receive an

exemption from the DWC (online only – paper forms are not accepted).

2. Up to 3 corporate officers of a construction corporation can file for an exemption.

3. Corporation must be registered and listed as “active” with the Florida Division of Corporations (sunbiz.org). Applicant must

be listed as an officer of the corporation in the Division of Corporations’ records.

4. Applicant must own at least 10% of the corporation’s stock to apply for an exemption.

5. Exemption costs $50 and must be renewed every 2 years to remain valid. Renewal costs $50.

6. Exemption can be revoked by filing form DWC 250-R with the DWC.

C. Limited Liability Companies (LLC)

1. Owners (usually called “members” or “managing members”) of LLC’s are considered “employees” and are included for

coverage purposes unless they file for and receive an exemption from the DWC (online only – paper forms are not

accepted).

2. Up to 3 LLC owners may file for an exemption with the DWC.

3. LLC must be registered and listed as “active” with Florida the Division of Corporations’ database (sunbiz.org). Applicant

must be listed as an officer of the corporation in the Division of Corporations’ records.

4. Applicant must own at least 10% of the LLC to be eligible for an exemption.

5. Exemption costs $50 and must be renewed every 2 years to remain valid. Renewal costs $50.

6. Exemption can be revoked by filing form DWC 250-R with the DWC.

All exemptions must be applied for online at the Division of Workers’ Compensation’s website: www.myfloridacfo.com/wc.

Applicants must provide a driver’s license or ID card number.

 

This information is provided as a general summary of Florida law regarding workers’ compensation exemptions.­ It is not intended to provide legal advice or insurance coverage advice. For specific questions, please contact a licensed insurance agent, an attorney, or the Division of Workers’ Compensation.

 

~Cyber Risk Misconceptions Popular with Midsized Firms~

cyber

 

Despite frequent reports of hacking, cybercrime, security breaches and related events in all parts of the U.S., many middle market companies continue to underestimate their exposure to these attacks along with their need for focused risk management measures, which may include the purchase of specialized insurance.

A new report from Assurex Global, a privately-held commercial insurance brokerage group, identifies four misconceptions about cyber risks, predominantly among mid-sized and small businesses

Number one on the list is the notion that cyber events primarily affect larger businesses.

“Even though you may not hear about breaches at $50 million or $100 million manufacturers, they’re happening,” says Mike Richmond, a risk advisory executive at The Horton Group, an Assurex Global partner. “Sometimes that’s because the cyber protection at smaller companies isn’t as sophisticated, so hackers consider them an easy target.”

Even though you may not hear about breaches at $50 million or $100 million manufacturers, they’re happening.

The second biggest misconception: “My type of business isn’t a target.”

“As the growing number of victimized companies attest, that misconception is being debunked nearly every day,” Richmond says. “There’s no question that every enterprise is now a potential target for a cyber-attack – public, private or nonprofit, you still may be vulnerable.”

The report cites Symantec’s list of the top sectors breached in 2015 by number of incidents: services; finance, insurance and real estate; retail trade; public administration; and wholesale trade.

The third leading misconception: a business can self-insure against a data breach.

In fact, the high cost of cyber-attacks makes this a perilous option, especially for small and mid-sized companies, say the Assurex experts. The average cost of a data breach for 350 companies participating in the Poneman Institute’s 2015 Cost of Data Breach Study was $3.79 million, up 23 percent from 2013.

“If a data breach occurs today, businesses are almost certain to be subject to defense costs even if customers have yet to suffer any immediate or identifiable loss from the data breach,” says Richmond. “Once there’s a breach, costs can mount rapidly.”

The fourth misconception: many firms believe they’re insulated from financial consequences of cyber events because they outsource their network security, data management and payment transactions.

Yet, according to the report, as the original data owner, a company sustaining an attack will likely be named in third-party lawsuits and be held liable in most jurisdictions. While a vendor agreement may contain indemnification provisions, there may be caps on indemnification amounts and exclusions for certain types of data breaches. Further, the vendor may become insolvent, bankrupt, or simply not honor the agreement.

Cyber Coverage

“We’re working with customers now to continuously improve their front-end protection; then, adding insurance to make sure that if something slips through the cracks, the company has insurance to pay for it,” Richmond says.

With respect to insurance, Richmond recommends companies consider two primary types of coverage for cybercrimes: a cyber liability/data breach policy and a commercial crime policy.

Cyber liability/data breach policies can include third-party coverage, first-party coverage, and media liability. Meanwhile, many commercial crime policies can be structured to address certain cyber-related risks otherwise not covered under a cyber liability policy, such as those involving certain phishing scams and corporate account takeover.

Although many firms opt to structure cyber coverage as an endorsement to their package policy rather than purchasing standalone cyber insurance, Richmond says standalone policies usually have higher limits, fewer exclusions, and are more comprehensive.

In choosing insurance he suggests businesses work with an insurance agent, get support from the company’s C-level executives, and take steps to identify the firm’s risk and critical protection needs.

Richmond adds: “Start with the question: If a data breach happens, how would your company pay for the damages? This should impel businesses to assess their risks, shore up their risk management, and investigate and purchase cyber liability insurance.”

Assurex Global is an exclusive partnership of independent agents and brokers with $28 billion in annual premium volume and more than 600 partner offices.

 

If you would like to speak with one of our agents please contact our office.

 

 

 

~Drones Being Tested & Used For Delivery~

711drone

 

The world of drones is on the move. Check out these blurbs we received today from AUVSI.

7-11 Makes Food Deliveries with Flirtey UAS

Last week, 7-Eleven and drone delivery company Flirtey successfully teamed to make what they said are the first Federal Aviation Administration-approved commercial drone deliveries to customers’ homes in the United States. Using an unmanned system, deliveries of snacks, including Slurpees, were made to two different hungry families in Reno, Nevada.

 

Amazon Test Drone Parcel Deliveries in the UK

Amazon announced it has partnered with the United Kingdom government to test drones in rural and suburban areas of Britain. The U.K.’s Civil Aviation Authority has given the retail giant permission to explore beyond-line-of-sight flights, sense and avoid sensors and multiple UAS control by a single operator. Recent rules released by the U.S. Federal Aviation Administration won’t allow most of those types of flights.