Critical Infrastructure Cyberattacks on the Rise

Critical infrastructure cyberattacks are increasing in frequency according to Advisen’s loss database, and some experts are worried the worst is yet to come.

There are sixteen industry sectors in the United States that make up the country’s critical infrastructure. These sectors are considered so vital their incapacitation or destruction would have a debilitating effect on national security, economic security and/or national public health and safety, according to the United States’ Cybersecurity and Infrastructure Security Agency (CISA). Poisoned water supplies, opened dam floodgates and pipeline spills are a few of the many worst-case scenarios that could result from a cyberattack on critical infrastructure. The sectors that have been designated as critical infrastructure include the following:


  • Chemical
  • Commercial facilities
  • Communications
  • Critical manufacturing
  • Dams
  • Defense industrial base
  • Emergency services
  • Energy
  • Financial services
  • Food and agriculture
  • Government facilities
  • Health care and public health
  • Information technology
  • Nuclear reactors
  • Materials and waste
  • Transportation systems
  • Water and wastewater systems

Further, recent critical infrastructure attacks in Advisen’s loss database include:

  • A ransomware attack in June 2021 on JBS meatpacking temporarily shut down all operations. The meatpacking company—which processes roughly one-fifth of the nation’s meat supply—paid an $11 million ransom to become operational again.
  • A ransomware attack on the Colonial Pipeline, the nation’s largest fuel pipeline, occurred in May and temporarily shut down all operations, causing a temporary increase in gas prices in the United States. The Colonial Pipeline paid nearly $5 million in ransom to restore operations, although some of the ransom was later recovered, according to Advisen loss data.
  • Hackers briefly attempted to increase the levels of sodium hydroxide to a lethal amount as part of a February cyberattack on a water treatment plant in Florida. The plant operator quickly noticed the increase in sodium hydroxide levels and lowered it to the original amount, preventing anyone from being harmed, according to Advisen loss data

Frequency of Critical Infrastructure Cyberattacks

Unfortunately, cyberattacks on critical infrastructure are becoming increasingly common. Since 2008, the frequency of cyberattacks on critical infrastructure has been trending upwards, according to Advisen loss data. The drop-off in 2019 is likely due to a data lag and is not reflective of an actual decrease in frequency.
Looking specifically at the sectors designated as critical infrastructure, the utilities sector was the most frequent target of cyberattacks – accounting for 26% of total losses, according to Advisen loss data. Manufacturing had the second-highest percentage at 23%, followed by government entities (shown AS PUBLIC ADMINISTRATION) at 17%
The vast majority of critical infrastructure cyberattacks come from external sources. Unidentified external hackers account for the greatest percentage of these attacks at 39%, followed by nation-state attacks at 34%, according to Advisen data. These attacks typically involve malware.

*Advisen’s loss data is curated from a wide variety of public sources. Our collection efforts focus on larger and more significant cases. For this reason, the figures in this article may not be fully representative of all cases of this type.

OSHA Will Not Amend its COVID-19 ETS Despite CDC Guidance

OSHA recently determined it will not be making changes to the healthcare emergency temporary standard (ETS) after reviewing the latest guidance, science and data on COVID-19, and the recently updated CDC face mask guidance. However, OSHA will continue to monitor and assess the need for changes monthly.

OSHA determined that neither the CDC’s guidance on health care settings nor the underlying science and data on COVID-19 in health care settings has materially changed in a way to necessitate changes in the June 10, 2021 ETS.

Revised CDC Guidance

The CDC recently announced updates to its face mask guidelines, recommending that fully vaccinated individuals should wear a mask in public, indoor settings in areas where there is high or substantial COVID-19 transmission, including of the new coronavirus delta variant. Prior to this update, the CDC guidance allowed fully vaccinated individuals to stop wearing a mask in most settings.

OSHA’s Healthcare ETS

Since OSHA has not changed its requirements for the healthcare ETS, the face mask exceptions under the standard still apply. The healthcare ETS covers employers in various health care industries, such as hospitals, nursing homes, assisted living facilities, emergency responders, home health workers and employees in ambulatory care settings where suspected or confirmed COVID-19 patients are treated.

Next Steps

Health care employers should continue to monitor the OSHA website for updates on how changes in COVID-19 transmission affect agency policy and guidance. OSHA will continue to assess the need for changes monthly.

ETS Face Mask Exceptions:

Employees are not required under the healthcare ETS to wear face masks when:

  • They are alone in a room;
  • They are eating & drinking;
  • It is important to see a person’s mouth while communicating;
  • Employees are unable to wear face masks due to a medical necessity or condition; or
  • Use of a face mask presents a hazard to an employee of serious death or injury.

Parent Company of PEO Carrier Key Risk Reports Another Strong Quarter!

Kudos to our friends at W.R. Berkley for a stellar Q2! So happy they are a part of our PEO community.

W.R. Berkley Corp. reported net premium growth exceeding 27 percent and a combined ratio under 90 for the 2021 second quarter, positive results the commercial lines insurer and reinsurer attributed to rate adequacy and an improving economy.

Consolidated net premiums written during Q2 surpassed $2.2 billion, up from $1.7 billion in the 2020 second quarter.

The company booked net income of more than $237 million in Q2 versus $71.2 million a year ago.

Additionally, net investment income jumped nearly 97 percent to $169.2 million during the quarter.

The company said that its rate increases continue to outpace loss costs, with new products also helping to achieve or exceed its targeted rate levels. During the quarter, W.R. Berkley focused on exposure growth and business expansion, and it said the strategy should help lead to additional underwriting profits down the line.

W.R. Berkley’s consolidated combined ratio was 89.7 during the quarter, compared to 98.7 a year ago.

W.R. Berkley even produced gains for workers’ compensation, which had average rate increases of just under 10 percent.

Commercial auto and casualty reinsurance also saw large premium increases. Professional liability was among the largest gainers, jumping to $287 million in net premiums written during Q2, versus $174.2 million the year before.

Current accident year insurance losses from catastrophes, including COVID-related losses, landed at $36.8 billion during the quarter, improved from $114 million in the 2020 second quarter. Reinsurance and monoline excess losses were just under $7.2 million, compared to $31.8 million a year ago.

Source: W.R. Berkley

This is Why You Should Double Check Your Cyber Insurance Policy

Image

Whether a business is in healthcare, accounting, legal, real estate, manufacturing, etc., most of a business’ important assets are digital. (Government municipalities are included too.) To make matters complicated, it’s very common for these digital assets to be stored in various systems and locations, intertwined with a third party’s digital information. With so many opportunities for disaster, steps must be taken to insure this critical information.

Cyber insurance is a new frontier that is rapidly evolving as the industry gets its bearings. Many companies are finding that their current cyber policies have very minimal coverage in case of a cyber breach, and the majority of these policies will not come close to providing the necessary breach coverages to the business or municipality.

When looking at your existing or new cyber policy, it’s important to consider these types of coverages:


As we have come to realize, the idea that security starts and ends with the purchase of a pre-packed firewall is simply misguided

Art Wittman

1. Privacy Breach Notification

Some reports estimate the notification and credit monitoring costs alone are over $100 per record, so if you had 1,000 compromised records, this alone could cost $100,000 or more.

2.Data Loss Restoration

Believe it or not, many large insurance carriers have policy exclusions for the replacement and restoration of data, so be very careful in this area when reviewing your policy.

3. Privacy Liability

This covers for the theft or loss of private information related to customers and other third-party information that is in your care.

4. Regulatory and PCI Defense

Many industries are under strict regulatory control, and breaches may result in fines and other penalties from these regulatory agencies.

5. Public Relations

If an enterprise has a breach, the bad press they receive can do significant long term reputational damage and can also be used by competitors to their advantage. This coverage will help hire a public relations firm to mitigate the reputational damage your name brand might incur.

6. Cyber Crime

If your organization is threatened with various cyber threats such as malicious code that will result in financial loss or data loss, this coverage is needed for the reimbursement of the costs associated with these threats.

7. Defense and Settlement costs

A breach affecting a lot of customers may result in lawsuits and financial settlements, so insurance coverage is needed to offset these potentially enormous costs.

8. Consulting and Forensic Fees

If a breach does occur, the upfront investigative process will require a lot of professional expertise and a lot of money, and this specific coverage will offset these significant costs.

9. Business Continuity

If a hack causes your business to lose income, this coverage will reimburse you for these losses.

It takes 20 years to build a brand or company reputation and a few minutes within a cyber incident to ruin it

Stephane Nappo

For a free cyber insurance policy evaluation, contact Libertate Insurance today at 813-367-7574 or email me, James Buscarini at jbuscarini@libertateins.com.

Our professionals are happy to review and discuss your firm’s existing cyber liability insurance policy and the relation to your unique business requirements, needs and cyber coverage. Our goal is to help your PEO and client companies navigate the cyber liability insurance landscape and identify potential vulnerabilities that could be exposed based on your existing technology network and infrastructure. Finally, we want to make sure that in the event of a ransomware attack, business email compromise or phishing expedition your firm has adequate coverage in each of the areas that you might be vulnerable to be targeted in.

AM Best Assigns Credit Rating to Sunz Insurance Company

Congrats to our friends at Sunz for the A- (Excellent) rating!

Sunz Insurance

OLDWICK, N.J., July 16, 2021–(BUSINESS WIRE)–AM Best has assigned a Financial Strength Rating of A- (Excellent) and a Long-Term Issuer Credit Rating of “a-” (Excellent) to SUNZ Insurance Company (SUNZ) (Bradenton, FL). The outlook assigned to these Credit Ratings (ratings) is stable.

The ratings reflect SUNZ’s balance sheet strength, which AM Best assesses as very strong, as well as its adequate operating performance, limited business profile and appropriate enterprise risk management (ERM).

SUNZ was formed in 2005 and primarily writes high deductible worker’s compensation coverage utilizing its proprietary technology-driven platform focused on collateral management for its medium and small business clients.

SUNZ’s balance sheet assessment is supported by its risk-adjusted capitalization as measured by Best’s Capital Adequacy Ratio (BCAR) in current periods, projected future scores, and under stress scenarios. SUNZ balance sheet assessment also considers the capital contributions in support of recent premium growth, improved reserving patterns exhibited during the recent five-year period, its comprehensive reinsurance program diversified among highly rated participants, and a conservative investment portfolio that matches assets with liabilities.

SUNZ’s operating performance is assessed as adequate as evidenced by average pre-tax return on revenue measures that trail AM Best’s workers’ compensation industry composite over the recent five- and 10-year timeframe. SUNZ’s business profile assessment is limited as 49.9% of premiums are written in two states, California and Florida, when considering both direct and assumed premiums. Operating as a single line workers’ compensation insurer, SUNZ’s limited business profile exposes the company to the potential legislative, regulatory or judicial changes occurring within these states. SUNZ’s ERM approach is considered appropriate for the scale, scope and complexity of the organization.

While positive rating actions are unlikely over the near term, positive rating actions could be taken on SUNZ’s ratings should operating performance improve and be sustained at a level that is in line with peers with stronger operating performance assessments.

Key factors that could result in negative rating actions on SUNZ’s ratings and outlooks include a weakening in operating earnings to a level that is not supportive of the adequate operating performance assessment.

Negative rating actions could occur should adverse reserve development or strong premium growth result in a weakening in risk-adjusted capitalization that falls short of supporting the very strong balance sheet assessment.

This press release relates to Credit Ratings that have been published on AM Best’s website. For all rating information relating to the release and pertinent disclosures, including details of the office responsible for issuing each of the individual ratings referenced in this release, please see AM Best’s Recent Rating Activity web page. For additional information regarding the use and limitations of Credit Rating opinions, please view Guide to Best’s Credit Ratings. For information on the proper use of Best’s Credit Ratings, Best’s Preliminary Credit Assessments and AM Best press releases, please view Guide to Proper Use of Best’s Ratings & Assessments.

AM Best is a global credit rating agency, news publisher and data analytics provider specializing in the insurance industry. Headquartered in the United States, the company does business in over 100 countries with regional offices in London, Amsterdam, Dubai, Hong Kong, Singapore and Mexico City. For more information, visit www.ambest.com.

Copyright © 2021 by A.M. Best Rating Services, Inc. and/or its affiliates. ALL RIGHTS RESERVED.

View source version on businesswire.com: https://www.businesswire.com/news/home/20210716005296/en/

Contacts

Gordon McLean
Senior Financial Analyst

+1 908 439 2200, ext. 5304
gordon.mclean@ambest.com

Robert Raber
Director
+1 908 439 2200, ext. 5696
robert.raber@ambest.com

Christopher Sharkey
Manager, Public Relations
+1 908 439 2200, ext. 5159
christopher.sharkey@ambest.com

Jim Peavy
Director, Communications
+1 908 439 2200, ext. 5644
james.peavy@ambest.com

EEO-1 Deadline For 2019 & 2020 Now Extended to August 23, 2021

Employers now have some extra time to submit equal employment opportunity (EEO-1) workforce data from 2019 and 2020, the U.S. Equal Employment Opportunity Commission (EEOC) announced on June 28, 2021. These reports were previously due by July 19, 2021. Employers now have until Aug. 23, 2021, to complete their submissions.

The EEOC’s collection of this data, the portal for which opened on April 26, 2021, had been delayed numerous other times due to the coronavirus pandemic. Under Title VII of the Civil Rights Act, the EEO-1 Report is usually due by March 31 every year.

EEO-1 Reporting Background

The EEO-1 Report is an annual survey that requires certain employers to submit data about their workforces by race or ethnicity, gender and job category. The EEOC uses this data to enforce federal anti-discrimination laws.

Employers Subject to EEO-1

Reporting In general, a private-sector employer is subject to EEO-1 reporting if it:

  • Has 100 or more employees;
  • Has 15-99 employees and is part of a group of employers with 100 or more employees; or
  • Is a federal contractor with 50 or more employees and a contract of $50,000 or more.

Employers that are subject to EEO-1 reporting now have until Aug. 23, 2021, to submit data from 2019 and 2020.

Employer Action Items

Employers subject to EEO-1 reporting requirements should ensure that they complete their EEO-1 submissions by Aug. 23, 2021. These employers should also review the EEOC’s home page and website dedicated to EEO data collections for additional information.

Important Dates

  • July 19, 2021: Prior deadline for submission of 2019 and 2020 workforce data.
  • Aug. 23, 2021: New deadline for employers subject to EEO-1 reporting to submit 2019 and 2020 workforce data.
  • March 31, 2022: Deadline for submission of EEO-1 data from 2021.

Food For Thought Friday: Employee Retention and Attracting New Talent

Our hopes with this Friday post is to tantalize a different aspect of our business brains! We’re pulling together a few interesting pointers on employee retention and attracting new talent.

Small businesses continue struggling to retain and attract team members. Did COVID really unleash a population of, “I don’t really want to work!”? Quite possibly, but here are some thoughts on how to incentivize your assets, your work force.

One size NEVER fits all, tailor benefits offerings in a way that attracts and retains the best employees. Start this process is by surveying existing and potential employees. Ask your team what types of benefits would interest them the most. Use this data to make better benefits decisions. Business owners put substantial energy and time into these plans, why not create Boutique Style and customize a plan that excites your employees!

While each workforce will have unique needs and interests, there are some commonalities seen among small business employees. Here are six of the most popular benefits that small businesses are using to attract and retain employees.

First Up is the dreaded but, “Oh So Necessary” Health Care Coverage. Good health coverage is important but also expensive! This will likely be an important benefit to your employees with families or those further along in their years of experience. Some employees need a plan to cover same sex spouses. Consider doubling down on health coverage rather than picking up expenses for ancillary benefits that may not be of interest to the majority of your team. Going to work every day knowing that your employer cares about your health and the health of those important to you could be a game changer in the candidate pool.

Leave benefits vary by workplace, but typically include paid time off (PTO), vacation days and sick time. These types of leave usually come with specific use requirements. For employers looking to attract and retain employees, expanding these benefits could be a great leverage tool. This may include allowing faster PTO accrual, providing more sick days or allowing for flexible scheduling. Implement a remote work policy for those employees that can handle it. Let them know that they have earned your trust and are valued enough to allow them to work efficiently and effectively at home.

The third incentive on our list is the always exciting, Performance Bonus. Employees want to be recognized for their hard work. Failing to do so can lower morale and affect retention. Introducing performance bonuses as an employee benefit can be a way to combat this. Performance bonuses will vary, but the general idea is to compensate employees in some way for a job well done. How this looks in practice will depend on the employer. For instance, employees might receive incentives such as gift cards, cash, additional PTO or other perks, depending on their achievement. However, before implementing such bonuses, employers should ensure compliance with any applicable workplace laws regarding employee compensation.

Financial security is very important to employees, and that sentiment grows as employees near retirement age. It’s also top of mind for those struggling financially thanks to the COVID-19 pandemic. Employees invest their time and energy into their work. As a tradeoff, many employees want their employers to invest in their retirements in return for years of service. Offering a 401(k) with contribution matching can be a powerful attraction and retention tool, as it demonstrates an employer’s investment in their workers in the long term. 

Surveys suggest employees have been putting off job changes during the COVID-19 pandemic, meaning a wave of turnover may be coming soon. Employers may want to think proactively about ways to keep employees around. In other words, when it comes to top performers, employers should be reluctant to let these employees go. That’s where professional development comes in. YES! Some employees are driven by more than just compensation! Generally, this involves cross-training employees on other positions or otherwise preparing them to take on additional responsibilities. This helps provide the employee with more growth opportunities while still keeping them within the business. Offering such development opportunities also signals to prospective employees that a workplace has upward mobility and is willing to help workers along with their career goals—two factors that can weigh heavily in recruiting conversations. This one will actually work well for your business; cross-training provides security in your foundation and non reliance on any one individual for any one function.

Last up! Wellness is a hot topic these days, and employees are looking more and more for employers who take wellness seriously. This can be especially true in the wake of the COVID-19 pandemic, where health consequences are interwoven with everyday decisions. In fact, through the lens of the pandemic, ignoring wellness initiatives may be interpreted as ignoring overall health—something employers obviously want to avoid.  

Different workplaces will offer different wellness benefits, but the purpose of any of them is generally to increase employees’ overall well-being. For instance, benefits may include mental health counseling, healthy breakroom snacks, gym memberships, fitness trackers, yoga sessions or other perks. When it comes down to it, employees want to feel like their employers care about them as individuals. This means prioritizing well-being.

Remember, you do not need to implement all of these suggestions. Survey your team, understand what is important to them, contact your benefits provider or PEO and start customizing your benefits package.

Thinking about a PEO and how your small business can benefit, Libertate Insurance can help.