New Law Imposes New COVID-19 Reporting Requirements

covid-19

California employers already have a lot to digest after Cal/OSHA issued sweeping new COVID-19 safety regulations in November.

Now they face additional requirements starting Jan. 1, 2021, thanks to a new law that expands notification requirements and gives Cal/OSHA the authority to issue stop-work orders on workplaces that have COVID-19 outbreaks. Here’s what you need to know to be prepared in case your workplace sees a flare-up.

California employers already have a lot to digest after Cal/OSHA issued sweeping new COVID-19 safety regulations in November. Now they face additional requirements starting Jan. 1, 2021, thanks to a new law.

AB 685 expands Cal/OSHA’s authority to issue stop-work orders to workplaces it deems a COVID-19 “imminent hazard.” It also requires employers to send notices to a number of parties (state agencies, local authorities, employees, contractors, and more) if the employer has coronavirus infections in any of its facilities.

The law, which takes effect on January 1, 2021, covers a lot of territory and employers need to understand their obligations if any of their employees test positive to avoid penalties, fines or possible legal action. Here are the main points to be aware of:

Employee notice requirements

The new law requires employers who learn of an employee’s COVID-19 infection to send out notifications to all employees and subcontracted workers who were on-site at the same time as the infected employee. An infected employee (or qualifying individual in the law) is defined as any person who has:

  • A laboratory-confirmed case of COVID-19,
  • A positive COVID-19 diagnosis from a licensed health care provider,
  • A COVID-19-related order to isolate provided by a public health official, or
  • Died due to COVID-19, determined by a county public health department.

The notice must provide information regarding COVID-19-related benefits the employees may be eligible for under federal, state, and local laws, such as:

  • Workers’ compensation benefits,
  • COVID-19-related leaves,
  • Company sick leave,
  • State-mandated leave, and
  • Supplemental sick leave.

The notification must also include the employer’s COVID-19 disinfection and safety plan.

Public health agency notification

The new law also requires that employers notify their local public health agency within 48 hours of learning of an “outbreak” among its workers. An outbreak is defined as: At least three probable or confirmed COVID-19 cases within a 14-day period at a worksite.

Notifications must include:

  • Information about the worksite – name of company, business address, and North American Industry Classification System (NAICS) industry code.
  • Names and occupations of workers with COVID-19.
  • Additional information requested by the local health department as part of their investigation.

If there are additional laboratory-confirmed COVID-19 cases at the workplace, the employer will once again need to send notice to the local health department.

Expanded Cal/OSHA authority

AB 685 grants Cal-OSHA authority to close workplaces that “constitute an imminent hazard to employees” due to COVID-19.

But the stop-work order must be limited to the immediate area in which an “imminent hazard exists.” Cal-OSHA is not authorized to bar entry to any areas outside the hazard area.

When issuing a stop-work order the agency must post a notice in the workplace. Entry will only be permitted for cleaning, disinfecting, and eliminating the danger.

The timeline for issuing serious citations is also greatly reduced. Typically, whenever Cal/OSHA plans to issue a serious citation it has to provide notice and give the employer 15 days to provide additional evidence to refute the need for a serious citation.

For COVID-19 serious citation, Cal/OSHA will not have to provide this notice, meaning that will not have 15 days to mount a defense.

Your to-do list

You should start drafting employee COVID-19 notices, particularly what would be boilerplate information, the preamble about the outbreak as well as benefits the employees can tap.

Also, you need to be prepared to notify public health authorities if you have an outbreak.

Finally, if you are being investigated for COVID-19-related safety violations, it would be wise to produce all backup documents to inspectors during the probe as you won’t have the usual 15 days to mount a defense if you are cited for a serious violation.

What Companies are Doing for Holiday Parties During Pandemic

Christmas party Pandemic

One of the hallmarks of the holiday season is the company Christmas party, but with the COVID-19 pandemic in hyperdrive, many companies are rethinking their plans.

A number of businesses have cancelled their parties altogether, but other managers feel that in light of this very difficult year for many people, a company Christmas party might be just what employees need to lift their spirits for a while.

On the other hand, with the Centers for Disease Control even recommending that people not get together for family celebrations like Thanksgiving and Christmas, an office party would completely go against those recommendations.

Also, you could face liability and potential legal action if you do hold an in-person party and members of your staff come down with COVID-19.

Instead of in-person events, many companies are planning Zoom teleconference “parties” and they are asking their workers to join in by getting dressed up and bringing their favorite beverages and snacks to the online do.

According to Challenger, Gray & Christmas, Inc., 55% of human resources professionals surveyed said their company is not having a holiday celebration this year, which is the highest number since the consulting firm started surveying employers about their holiday plans.

Here’s what the survey found:

  • 45% of HR professionals said their company had cancelled holiday party plans due to the pandemic.
  • 3% said cost-cutting was the reason for cancelling their party.
  • 4% said they never host holiday parties.
  • 23% said they were unsure of holiday plans and were awaiting state and local guidance before deciding.

“It is no surprise that many companies are forgoing the holiday party this year,” said Andrew Challenger, senior vice president of Challenger, Gray & Christmas. “It’s difficult to celebrate and implement all the precautions needed to keep everyone safe. The last thing any employer wants is an outbreak due to their year-end party.”

Additionally, the survey found that 55% of respondents continue keeping most of their staff working from home and another 5.5% have all of their employees telecommuting.

When asked when employers plan to bring all workers back to the office, 44% were unsure or did not answer. Another 21% planned to bring all workers back in early 2021, and 8% will wait for a vaccine.

Precautions for an in-person event

The companies that said they would be holding in-person holiday events plan to take steps to reduce the chances of COVID-19 spreading among their workers by taking the following precautions:

  • Requiring social distancing while at the party.
  • Requiring all attendees to wear masks.
  • Providing hand sanitizers, alcohol wipes and face masks.
  • Taking temperatures of all workers when they arrive.
  • Limiting the number of employees at the party.
  • Holding the event in a large area where employees can socially distance from one another (venues should be well-ventilated with several doors and windows).
  • Keeping hand sanitizer in various locations around the office.
  • Hosting outdoor events.
  • Regularly checking the CDC’s website to be up to date on precautions and advice.
  • Keeping up on state and local guidelines to get more accurate information on current case levels in their area.

Other options

Some companies that plan to skip festivities this year have come up with other ways to celebrate and reward their employees during the holidays, including:

  • Organizing virtual gift exchanges or virtual Secret Santa exchanges.
  • Giving away cooking classes or gifts like Apple Airpods or other small electronics (the cost per person will often be less than if you held an actual party and paid for the facility, catering, decorations, entertainment and drinks).
  • Assembling care packages with baked goods or gift certificates and delivering them to employees’ doorsteps.

 

California’s COVID-19 Tracking Requirement Challenges Employers

COVID-19 tracking

SB 1159, signed into law in September, requires that when a California employer “knows or reasonably should know” that an employee has tested positive for coronavirus, it must report that positive case to its workers’ compensation carrier within three business days.

There is a lot of ground to cover in these reports and the legislation was passed without much publicity, so many employers may not even know about their obligations. And that could cost them: the fine for non-compliance is $10,000 per incident.

The law goes further than merely reporting a positive case: The report must include a number of details that employment law experts say will place a significant reporting burden on employers:

  • The date the employee tested positive;
  • The address or addresses of the employee’s place or places of employment during the 14-day period preceding the positive test, and
  • The highest number of employees who reported to work in the 45 days preceding the last day the employee worked in the workplace.

The task will be made even more difficult if an employee works at multiple worksites, and an employer could have to spend a significant amount of time doing all that detective work.

Making the task even more difficult, California employers will have to go through the same process every time an employee catches COVID-19.

At its essence, the law creates a presumption that employees who suffer illness or death resulting from COVID-19 between July 6 this year and Jan. 1, 2023, contracted the virus at work, which makes them eligible for workers’ compensation benefits. If a worker dies, their dependents will be eligible for workers’ compensation death benefits that range from $250,000 to $320,000 depending on the number of dependents.

The presumption applies to all employees:

(1) who test positive during an outbreak at the employee’s specific place of employment; and (2) whose employer has five or more employees.

The term “injury” below includes illness or death resulting from COVID-19, and all of the following conditions must exist for the presumption to apply:

  • The employee tests positive for COVID-19 within 14 days after a day that they performed labor or services at their place of employment;
  • The date of injury shall be the last date the employee performed labor or services at the employee’s place of employment at the employer’s direction prior to the positive test.
  • The employee’s positive test occurred during a period of an outbreak at the employee’s specific place of employment.

What is an ‘outbreak’?

An “outbreak” exists if, within 14 calendar days, one of the following occurs at a specific place of employment:

  • If the employer has 100 employees or fewer at a specific place of employment, four employees test positive for COVID-19;
  • If the employer has more than 100 employees at a specific place of employment, 4% of the number of employees who reported to the specific place of employment test positive for COVID-19; or
  • A specific place of employment is ordered to close by a local public health department, the State Department of Public Health, the Division of Occupational Safety and Health, or a school superintendent due to a risk of infection with COVID-19.

The Takeaway: Be Prepared

The most important thing is that you are prepared for the paperwork and detective work you’ll have to engage in in case one of your workers’ contracts the coronavirus. You may want to put systems in place now so that gathering the information will be easier and you can set up an efficient system to get the information you’ll need in case of a COVID-19 infection at your workplace.

Mandatory Employer Sign-ups for CalSavers Have Begun

CalSavers

If your company does not offer its staff a 401(k) plan, you need to be aware of deadlines for registering your employees in the CalSavers Retirement Savings Program.

The program is designed to help California workers who do not have access to an employer-sponsored retirement plan start socking away money for their retirement. Employers with five or more workers are required to give their employees access to the CalSavers program, which was launched in 2019.

Deadlines for when employers have to adopt the program depend on their size:

  • Businesses with more than 100 employees: Sept. 30, 2020
  • Businesses with more than 50 employees: June 30, 2021
  • Businesses with five or more employees: June 30, 2022

Employers that miss adoption deadlines or fail to allow employees to participate in the program, can face penalties of $250 per employee if they don’t comply within 90 days of receiving notice from the state. The penalty increases to $500 per employee if the employer fails to comply within 180 days of receiving notice.

If your business has more than 100 employees and missed the Sept. 30 deadline, you still have time to avoid penalties by signing up now.

How it works

The program enables eligible employees to automatically contribute a portion of their paycheck to a Roth individual retirement account (IRA).

Under the law, any California employer with five or more workers must give them access to CalSavers, unless they offer a 401(k) or similar employer-sponsored retirement plan. While it’s mandatory for employers to offer CalSavers to their employees, workers are not obligated to sign up.

Under the program, employers are not required to make contributions on behalf of their employees and will incur no fees. They will be required to submit employee contributions through automatic payroll deductions.

Here’s what your employees need to know about CalSavers:

  • Accounts are portable and can be moved to another job.
  • The funds are owned by the saver, regardless of whether they leave their job.
  • Their IRA offers investment options, so the saver can choose where to park their money.
  • Employees can choose how much they want to set aside of each paycheck, up to 8%.
  • Employees can set aside a maximum of $6,000 a year into the account, or $7,000 if they are age 50 and over.
  • Fees are less than $1 per $100 deposited (they range from 0.825% to 0.95%).
  • Employees can opt out at any time.

Setting up your business’s account

Employers that want to sign up their staff can apply here (www.employer.calsavers.com).

When setting up the account you’ll need to:

  • Create a payroll list to enroll employees.
  • Assign a person in your human resources to manage the account and transfers.
  • If you use a payroll service, you will need to give them access to your account to handle the transfers.

Once you’ve created your company account, you can set up auto-enrollment for all of your new employees. Once you add a new employee to your account, they will receive an e-mail containing plan details and default elections.

Thirty days later, the deductions will be automatically withdrawn from their next paycheck and deposited in their Roth IRA.

Commercial Property Insurance Rates Rise as Risks Grow

commercial insurance rates

Commercial property insurance rates are on the rise across the country as insurers continue wrestling with the toll of increasing natural disasters, rising social unrest around the world (including the U.S.) and the COVID-19 pandemic.

Additionally, insurance companies have become more stringent in their underwriting by restricting some coverages and excluding risks that may have been covered in the past.

The rate increases and stricter underwriting are not a function of the COVID-19 pandemic, as rates have been on the rise over the last two years as other risks and claims payouts have grown, but the outbreak has added more pressure to rates.

According to a report in the trade publication Business Insurance, brokers are reporting average property insurance rate increases of 20% for policies that renewed on July 1, 2020. But rate increases are even higher for commercial enterprises that have certain types of occupancies, large and complex sets of risks, a history of losses or natural catastrophe exposure (hurricanes, tornadoes and wildfires, for example), the report states.

As mentioned, insurers have also taken various steps to restrict coverage, including:

  • More strike, riot and civil commotion exclusions (this coverage was common in most commercial property policies).
  • More stringent communicable disease exclusions for business interruption coverage (while most business interruption coverage on property policies excluded pandemic risks, a small portion of policies did not).
  • Reduced coverage for business interruption claims that don’t include physical damage to the business.
  • Reduced limits.
  • Higher deductibles.

Civil disturbance coverage

The recent riots and protests that erupted across the country also caused widespread insured damage as many stores and businesses were looted, set on fire or vandalized.

Coverage of riots and civil disturbances is a standard part of most property policies, and insurance experts estimate the insured damages could surpass $10 billion as the rioting was not just limited to one city.

There had never previously been a civil disturbance event of this magnitude in the U.S. and insurers had not priced the likelihood of it happening across the nation at one time.

Globally, insurers have started introducing exclusions and raising rates after large-scale protests and civil unrest mushroomed in Hong Kong and Chile last year, causing widespread economic damage and disruption

The scale of damage in the U.S. from our own civil unrest has pushed a handful insurers to start restricting or removing coverage for strikes, riots and civil commotion. The change is not industrywide.

Policy and rate changes for this coverage are also based on geography, as the risks of civil disturbances are greater in cities than in suburbs and smaller municipalities and towns.

Businesses can also take steps to mitigate risks, such as installing video cameras for security, as well as burglar alarms and other measures to reduce their premiums.

COVID-19

Terms and conditions are also being tightened due to the COVID-19 outbreak, after a number of insurers were sued for not paying business interruption claims on the grounds that there must be physical damage to the property.

As a result, many insurers introduced more explicit wording to make their infectious disease exclusion “bulletproof,” as one broker told Business Insurance.

Catastrophe exposure

In addition, insurance companies are looking at how much exposure they have to natural catastrophes, and are hence scaling back coverage or pulling out of some markets. They are looking at markets that have exposure to:

  • Hurricanes,
  • Earthquakes,
  • Wildfires,
  • Floods,
  • Storms

For example, in California a number of commercial and personal property insurers are restricting the number of policies they will write in areas that are at risk from wildfire. Some are also requiring that property owners create buffer areas around their buildings to reduce the chances of them catching fire during an event.

The takeaway

As a business property insured, you will want to do all you can to make your organization as insurable as possible in order to enjoy the best rates. That means taking measures to mitigate risks and following insurers’ recommendations.

That could include installing security cameras and alarms, as well as sprinklers and other fire prevention systems. If your business is exposed to a regular natural catastrophe, you should also take steps to reduce the chances of your property being damage or destroyed.

Attacks on Cloud Services Grow Amid Telecommuting Boom

cloud

As more of America’s workers were asked to work from home due to the COVID-19 pandemic, cyber criminals jumped at the opportunity to take advantage, it seems.

Remote work means work being handled on the cloud as employees share files and need a convenient way to access them.

But cyber criminals are banking on workers letting down their guards when they work from home, so it’s no surprise that while cloud service usage among enterprises jumped 50% between January and April, external attacks on cloud accounts boomed 630% in the same period.

Also, hackers and other cyber scammers orchestrated systematic attacks on collaboration tools like Cisco WebEx, Zoom, Microsoft Teams and Slack, according to the “Cloud Adoption & Risk Report ― Work from Home Edition” report by McAfee.

The risk to enterprises cannot be overstated as criminals try to take advantage of the sudden shift to telecommuting by thousands and thousands of organizations as they try to cope with the COVID-19 pandemic and continue operating during stay-at-home orders.

Employees are your organization’s first line of defense. You can protect your company by encouraging personnel to be skeptical of e-mail from unfamiliar sources.

Training your staff

Before the COVID-19 crisis, PricewaterhouseCoopers simulated a phishing attack on mid- to large-size financial institutions, finding that:

  • 70% of phishing e-mails were delivered to their targets, and
  • 7% of recipients clicked on the malicious link.

The danger with phishing and ransomware attacks is that it only takes on click, one missing endpoint agent, one failed alert, one unsuspecting employee, and the criminals can take control of your network and your cloud files.

Many of these attacks come in the form of what’s now called “social engineering attacks.” PwC recommends coaching all of your employees to take the following precautions, particularly on their mobile devices:

  • Be skeptical of e-mails from unknown senders, or from familiar people (like your company’s CEO or your doctor) who do not usually communicate directly with you.
  • Don’t click on links or open attachments from those senders.
  • Don’t forward suspicious e-mails to co-workers.
  • Examine the sender’s e-mail address to ensure it’s from a true account. Hover over the link to expose the associated web addresses in the “to” and “from” fields; look for slight character changes that make e-mail addresses appear visually accurate — a .com domain where it should be .gov, for example.
  • Grammatical errors in the text of the e-mail are usually a sure sign of fraud.
  • Report suspicious e-mails to the IT or security department.
  • Install the corporate-approved anti-phishing filter on browsers and e-mails.
  • Use the corporate-approved anti-virus software to scan attachments.
  • Never donate to charities via links included in an e-mail; instead, go directly to the charity website to donate.

Cyber insurance

Cyber insurance is designed to protect your company by insuring you for network security issues, privacy, interruption to your business, media liability, and errors and omissions.

For phishing, ransomware and other cyber attacks, the network security and business interruption portion of the policy would mainly come into play.

Network security coverage — This includes first party costs. That is, expenses that you incur directly as a result of a cyber incident, including:

  • Legal expenses
  • IT forensics
  • Negotiation and payment of a ransomware demand
  • Data restoration
  • Breach notification to consumers
  • Setting up a call center
  • Public relations expertise
  • Credit and identity monitoring

Business interruption — When your network, or the network of a provider that you rely on to operate, goes down due to an incident, you can recover lost profits, fixed expenses and extra costs incurred during the time your business was impacted. This includes loss arising from:

  • Security failures, like a third party hack.
  • System failure, such as a failed software patch or human error.

Beware of Parking Lot Hazards at the Holidays

parking hazard

During the busy holiday season, there are many distractions that make parking lots a fairly dangerous place to be.

The combination of early sunset, increased traffic and pedestrians, scam artists, vandals and thieves, and people in a rush, can sometimes be a deadly combination. Just a momentary distraction or lapse in judgment can lead to tragedy.

Parking lot accidents can also turn into a liability for your company or result in an employee being injured and filing a workers’ comp claim.

Fourteen percent of all collisions in the U.S. each year happen in parking lots, and can result in costly insurance claims for vehicle damage. Even worse, it one of your employees strike and injure a visitor, the costs are even higher in terms of both dollars and emotional distress.

Disseminate these basic tips to your employees to help keep everyone safe during the especially busy holiday season:

  • Check your surroundings before you get in your car
  • Backing up is dangerous. Be certain that nothing and no one is behind you before backing out of your parking space
  • Keep your foot off of the gas as you back up, and be ready to break in an instant
  • Look in every direction before pulling into a spot, or backing out of one
  • Don’t text and drive
  • Slow down and pay close attention to speed limits
  • Be careful of pedestrians who may dart in and out between parked cars
  • Park only in areas that are well-lit
  • Keep your car windows closed and your doors locked
  • Watch for cars that may cut diagonally through the parking lot

If you own a building with a parking lot you can also have some liability.

Generally, the owner of the parking lot (whether it is a person, a business, or a property management company) has a reasonable duty to take care that people don’t get hurt on their property. This means that they have to take certain precautions to make that parking lot as safe as possible.

If there are cracks or uneven areas in the pavement, the owner needs to warn people of the danger or repair any hazards that could cause a person to slip and fall. If the parking lot becomes icy, the owner has a responsibility to make it as safe as possible, perhaps by clearing the snow and putting down salt or ice melt.

The takeaway

By training your employees on parking lot and winter driving safety as well as your keeping your parking lot free of hazards you can greatly reduce the chances of an accident and injury happening.

And it goes without saying that you should have commercial general liability (CGL) insurance, which protects you and your business from claims of injury, property damage and negligence related to your business activities.

One of the most essential parts of a CGL policy is premises liability coverage. This portion of your commercial general liability policy offers bodily injury and property damage coverage related to the ownership or maintenance of business premises.

One-third of Workers Are Sleepy, Leading to Safety Issues and More

sleepy worker

More than 35% of workers in the U.S. are not getting enough sleep, a new study has found. That can lead to serious workplace safety issues, especially for occupations that use heavy machinery, people who work in factories or warehouses, construction or as drivers.

Among workers in other occupations it can lead to costly mistakes, friction among staff and poor communications, all of which can have a detrimental effect on your operations.

The study by researchers at Ball State University looked at self-reports of sleep duration among 150,000 adults working in different occupations between 2010 and 2018. Researchers found the prevalence of inadequate sleep, defined as seven hours or less, had increased from 30.9% in 2010 to 35.6% in 2018.

Lead researcher Jagdish Khubchandani, a professor of health science at Ball State University, identified these factors as being behind the increase:

  • Rising stress loads for a variety of reasons, due to pressure at work and at home, and
  • Thanks to the rise of smartphones, people are not unplugging from work and continue checking their phones for work-related messages. Because of this, many people are dealing with work issues up until they go to bed, which can make it more difficult to fall asleep.

Sleep deprivation can have a number of detrimental effects in the workplace, including:

Decreased communication — A worker who is sleepy may not communicate as well as they normally do. This can include mumbling, poor enunciation, slurring, running words together and not speaking in complete thoughts.

Decline in productivity — Workers who don’t get enough sleep are slower at performing their jobs and often make mistakes, which requires them to go back and do things over again.

Increased distraction — Sleep-deprived individuals often have trouble maintaining focus on their tasks, keeping track of events, maintaining interest in outcomes and doing work they consider non-essential.

Impaired driving — Getting behind the wheel after not having enough sleep can be akin to driving under the influence of alcohol. But it’s not only company drivers you have to be concerned about. If you have forklifts, lawnmowers or operators of any type of machinery, there is a greater chance they’ll make a mistake when operating those vehicles or machines if they are sleep-deprived.

More mistakes — A lack of sleep results in a decline in cognitive abilities, which can result in workers making mistakes. These include errors performing tasks or failing to perform tasks. Mistakes especially are likely in subject-paced tasks in which cognitive slowing occurs, and with tasks that are time-sensitive, which cause increases in cognitive errors.

Memory can suffer — Short-term and working memory can decline due to sleep deprivation.

Poor mood — Not enough sleep can make people moody and can result in inappropriate outbursts, impatience, lack of regard for social conventions, inappropriate behavior and irritability — all of which can affect a positive work culture.

Increased risk-taking — Judgment can be affected by not sleeping enough, which can result in risky decision-making, which in turn can result in workplace accidents and injuries.

What you can do

If you suspect you have staff who are not getting enough sleep and that it may be affecting their work performance, you can:

  • Ensure they have a reasonable work schedule. That includes not working them too much and asking them not to take work home with them.
  • Offer more flexibility. You can offer staff the ability to work from home a few times a week or per month.
  • Cut down on e-mails and meetings. Set a company policy for communication and encourage brief, face-to-face meetings and phone calls instead of drawn-out e-mail discussions.
  • Provide employees time to recharge. Offering time to recharge, along with flexibility and a healthier workload, can improve employee restfulness and ease workplace pressures.
  • Don’t require staff to answer work e-mails at home.

As Cyber Threat Mounts, More Companies Take Measures

cyber attack protection

As attacks on businesses’ networks continue increasing at unprecedent levels, cyber risks have become the top concern among organizations of all sizes for the first time, according to a new survey.

The “Travelers Risk Index” found that 55% of executives surveyed said they worry “some” or “a great deal” about cyber risks. That’s more than they worry about medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%) and legal liability (44%).

And the most common types of attacks, and which pose the biggest security threat to businesses, are phishing and fake e-mails. They are the hardest to combat because of the human factor involved, according to another survey, the “2019 Cyber Security Breaches Survey” published by the U.K. government.

In phishing e-mails, the cyber criminals will pose as colleagues or vendors to dupe an unsuspecting employee to hand over a password or click on a malicious link that will give them access to the company’s network.

In addition, ransomware has brought many businesses and government agencies to a standstill as the same technique is used to freeze an entire network and render it unusable until the company pays a ransom for a key to unlock the network.

As concerns about cyber threats have grown, more businesses say they are taking proactive measures to safeguard against cyber risks – even though a large percentage have not implemented preventive best practices.

The steps that companies are taking, according to the Travelers survey, are:

  • Purchasing a cyber insurance policy (51% of survey participants, up from 39% in the 2018 survey the insurer conducted).
  • Creating a business continuity plan in the event of a cyber attack (47%, up from 38%).
  • Taking a cyber-risk assessment for themselves (49%, up from 45%).
  • Taking a cyber-risk assessment for their vendors (41%, up from 37%).
  • Updating computer passwords (74%, up from 71%).

The fact is that a single cyber attack can put a company out of business. Taking the threat seriously and implementing a risk management program that addresses possible exposures can help a business not only avoid an attack, but also recover from one as quickly as possible.

How to lower the chances of an attack

The insurance company Chubb recommends the following steps to reduce the chances of a cyber attack on your organization:

Identify your sensitive data – Credit card and personally identifiable information is often the target of cyber attacks.

Educate your staff – Instruct your employees about cyber attacks and how to protect the network. The most important thing for them to remember is to not to open attachments from people they don’t know or in e-mails they don’t expect.
You should also post procedures for encrypting personal or sensitive information, and require them to change their passwords regularly.

Have security in place – You should have a web application firewall in place to protect your website, in addition to a firewall for your company’s network. If you accept credit card payments, you should have an e-commerce platform that is compliant with payment card industry data security standards Level 1.

Secure your hardware – Data breaches can be caused by physical property being stolen, too. If your servers, laptops, cell phones or other electronics are not secure and easy to steal, you are taking a big risk. Physically locking down computers and servers is a good idea.

Cyber insurance

As the cyber threat becomes more sophisticated and changes, cyber-insurance policies have evolved to meet businesses’ needs. There are many types of policies in the marketplace that are tailored for specific types of businesses. The key is getting a policy that best fits your organization and covers any eventualities that you may encounter.

Some coverages you may want to consider for inclusion in your cyber insurance are:

  • Business interruption – Covers the loss of business income due a cyber attack.
  • Computer fraud – Covers theft of money, securities and other forms of tangible property through computer fraud and social engineering schemes.
  • Data breach – Covers claims of failure to protect personally identifiable information and protected health information of clients.
  • Property damage – Covers replacement cost of computers damaged by a cyber attack.
  • Identity theft expenses – These are related to the business owner or their employees after identity theft.
  • Advertising and personal injury – Covers damage caused by defamation on website or social media.
  • Transmission of virus or malicious content – Covers failure to stop the transmission of a computer virus or malicious content.
  • Errors and omissions – Covers loss caused by failure to provide proper network security.

Some policies are stand-alone products, while others are endorsements to existing polices like a business owner’s policy.

The Importance of Employment Practices Liability Coverage

law lawyer file

Every employer, no matter how small, faces the specter of being sued by a past, present or prospective employee at some time.

In fact, such employment practices claims are widespread – so much so that most businesses are much more likely to have an employment practices liability claim than a general liability or property loss claim.

Nearly three-quarters of all litigation against corporations today involves employment disputes, which can be extremely costly. The cost associated with an employment practices claim can be significant.

In 2018, the Equal Employment Opportunity Commission resolved 90,558 charges of discrimination and recovered about $505 million in remedies for discrimination plaintiffs.

In addition, the EEOC recovered nearly $70 million for victims of sexual harassment through litigation and administrative enforcement that year, up roughly 50% from $47.5 million in 2017.

The massive jump in sexual harassment claims and recoveries is a direct result of a surge in lawsuits since the start of the #MeToo movement, which has emboldened many victims to come forward and file complaints.

Keep in mind, the above are just penalties and do not include defense costs, which can exceed $100,000 per claim for employers.

For these reasons and more, employment practices liability insurance is crucial for any employer. The risks of being sued by an employee for discrimination or harassment have increased substantially, particularly now in the #MeToo era.

Employers need EPLI coverage because comprehensive general liability policies and workers’ comp policies exclude employment-related claims.

EPLI coverage

Policies cover:

  • Defense costs (court fees, attorney fees and related costs).
  • Payment of settlements and/or judgments up to the policy’s limits.
  • Any fines or penalties levied by government agencies.

EPLI policies cover business owners as well as directors, officers and managers. Some policies also cover employees. Additionally, you can buy third-party policies to cover claims brought by non-employees, such as clients.

Types of action covered include:

  • Discrimination based on gender, race, national origin, religion, disability or sexual orientation
  • Sexual harassment or other unlawful harassment in the workplace
  • Wrongful termination
  • Failure to employ or promote
  • Retaliation
  • Employment-related misrepresentation
  • Failure to adopt adequate workplace or employment policies and procedures
  • Employment-related defamation or invasion of privacy
  • Negligent evaluation of an employee
  • Wrongful discipline of an employee
  • Employment-related infliction of emotional distress

NOTE: Wage and hour claims, or disputes regarding overtime pay for non-exempt employees, have become more expensive in recent years, so most EPLI policies exclude this coverage. Business owners may be able to find endorsements to add wage and hour coverage.

Costs

EPLI claims can be extremely expensive. The average cost of a discrimination claim is $125,000, and 25% of judgments exceed $500,000.

Most businesses are wise to have at least $1 million in coverage. However, higher coverage limits increase your premium cost, so you want to balance your coverage needs and your budgetary concerns.

Call us if you want further information or need help in gauging your EPLI coverage needs.