White House Issues Ransomware Prevention Guidance to Businesses

In a recent letter addressed to corporate executives and business leaders, the White House emphasized that
bolstering the nation’s resilience against cyberattacks is a main priority for President Joe Biden’s administration.
Specifically, as ransomware attacks continue to rise in both cost and frequency throughout the country, the
federal government is urging businesses to take this evolving cyber threat seriously.

These attacks—which entail a cybercriminal deploying malicious software to compromise a business’s network or
sensitive data and demand a large payment be made before restoring this technology or information—have
quickly become a growing concern across industry lines. In fact, the latest research provides that ransomware
attacks have increased by nearly 150% in the past year alone, with the median ransom payment demand
totaling $178,000 and the average overall loss from such an attack exceeding $1 million.

While the White House has begun working with both domestic and international partners on various strategies to
prevent ransomware attacks, the Biden administration is also encouraging businesses to play their part in
minimizing this rising cyber concern. Rather than viewing ransomware attacks as a minor cyber risk, the federal
government is instructing businesses to view these attacks as a significant exposure—one with the potential to
wreak havoc on their key operations.

As such, the Biden administration is recommending that businesses convene with their senior leadership teams
to review their ransomware exposures and implement these top cybersecurity measures:


  • Utilize the federal government’s best practices. Businesses should be sure to incorporate the best
    practices outlined in the Biden administration’s Executive Order on Improving the Nation’s Cybersecurity. This
    includes the following practices:
    o Implementing multi-factor (MFT) authentication on all workplace technology
    o Leveraging endpoint detection and response tools to identify and deter suspicious network activity
    o Encrypting sensitive data to make it less accessible to cybercriminals
    o Developing a trusted and skilled workplace cybersecurity team
  • Ensure an effective incident response plan. All businesses should have cyber incident response plans in
    place. These plans outline proper response protocols and offer steps for minimizing potential damages during
    cyberattacks. Businesses should make sure to include several ransomware attack scenarios within their
    response plans and routinely test these scenarios with their cybersecurity teams. Based on test results,
    businesses should revise their response plans accordingly.
  • Conduct frequent data backups. In addition to the federal government’s best practices, businesses should
    also prioritize securely backing up all sensitive data, images and other important files on a regular basis.
    Conducting such backups can help businesses remain operational and continue to access crucial data in the
    event that any workplace technology is compromised in a ransomware attack. Data backups should remain
    offline (not connected to key business networks) and be routinely tested.
  • Keep critical networks separated. In order to keep ransomware attacks from fully disrupting their operations, businesses should attempt to segment their various workplace networks (e.g., sales production, and corporate) from one another rather than having a unified network. Access to each network should be restricted to those who use them to conduct their job tasks. Networks should only allow internet access as needed. That way, businesses can avoid becoming completely compromised by single-network ransomware attacks and continue performing critical functions.

  • Maintain updated security software. To help safeguard workplace technology from ransomware threats,
    businesses should equip their systems and devices with adequate security software—such as antivirus
    programs, firmware protections and firewalls. Further, this software must be regularly updated to remain
    effective. That being said, businesses should also consider utilizing centralized patch management systems to
    keep security software on a consistent update schedule.
  • Review workplace cyber security protocols. Apart from testing their response plans, businesses should
    also regularly assess whether their existing workplace cybersecurity policies, procedures and software are
    sufficient in protecting against current risks—such as ransomware threats. In particular, businesses should
    consider using a third-party penetration tester to review their ransomware defense tactics and overall
    cybersecurity capabilities. Businesses should work with their trusted cybersecurity teams and IT experts to
    make workplace adjustments as needed (e.g., updating policies or purchasing new security software).

For additional risk management guidance and insurance solutions email me James Buscarini, PCA at jbuscarini@libertateins.com or call me at 813.367.7574.

Week in Rewind <<

If you haven’t noticed our focus has been heavily weighted in the area of cyber risk! Too many of our friends and clients have been impacted lately by cyber thieves. Yes, we sell insurance, but we are passionate about the benefits of insurance. We are all about Mitigating Risk and Loss Exposure!

So How Does Cyber Insurance Actually Help?

What Does It Cover?

First thing to know here is, in most cases you can design a plan to cover your business’ specific needs. As a generalization Cyber Coverage includes the following:

  • Defense and Settlement – civil proceeding or investigation
  • Regulatory fines and penalties including forensic examination
  • Re-certification services
  • Cyber extortion
  • Ransomware
  • Website media
  • Business interruption
  • Data recovery
  • Crisis management and fraud response
    • notification to breach parties
    • call center operations
    • design and implementation of website for advising breach parties
    • credit monitoring
    • public relations
    • associated legal expenses

What It Does Not Typically Covered

  • Potential future lost profits
  • Loss of value due to theft of intellectual property
  • Improvement costs to internal systems after cyber evet
    • Your other policies may be “activated” in the event of a cyber incident, but there are likely gaps in coverage for what damages are actually covered. The industry term, “Silent Cyber” refers to cyber loss exposure not covered under traditional, non-cyber insurance policies; namely the exposure is silent.

IT Risk Management

In an effort to further educate our audience we are providing links to our previously published articles on creating a better infrastructure to avoid successful attempts.

The Wall Street Journal reported that Colonial Pipeline authorized ransom payment of $4.4 million as a result of the company not being able to quantify the magnitude of the cyberattack breach to their system and the length of time to get things up and running again. Feet held to the fire for resolve and the decryption tool provided for ransom payment did not bring full restore back to Colonial. We can all feel the impact of the Colonial hack.

CNN reports that the Justice Department indicated that 2020 was the worst year for cyber attacks with ransomware demands, on average, exceeding $100,000 but as high as tens of millions of dollars. “….A key lesson here is that while technology and automation is good, we must also have the ability to efficiently operate manually as well. Attacks will happen, but how quick can you recover and restore critical services?”, Brian Harrel, former assistant secretary for infrastructure protection at the Department of Homeland Security, as reported by CNN. Having the support of insurance coverage through a Cyber policy is definitely one way to mitigate recovery exposure, should you fall victim.

NAPEO has pre-recorded webinars and information available on Cybersecurity. For non-members, follow this link to join.

Libertate Insurance Services has access to a variety of programs for Cyber Risk Coverage. Contact us, let us help you identify your Company’s Cyber Risk and find the best placement for your needs.

NAPEO announces in-person conference opening back up for September 27-29, 2021

NAPEO‘s President, Mr. Pat Cleary has exciting news about future in-person meetings and events!

The following post was from an eMail to the members from NAPEO’s President, Mr.Pat Cleary regarding the status of upcoming events and the status on in-person attendance.


Ten months ago to the day, I sent an email stating that due to COVID-19 and the associated risks that the committee voted against having the annual SAGE event and conference. It was a heartbreaking email to write, in that the conference was a speck of hope for us all, something out in the far distance that we all looked forward to, when this damned thing would be over. But it was not to be. I attached the email here because re-reading it today, it’s a bit of a time capsule, and reminds us of a low point that we experienced – and survived – together.

So today I’m writing with some very good news: I just this hour signed our contract with the JW Marriott San Antonio Hill Country to hold our conference there – in person – on September 27 – 29 this year. Just about every conversation I have had with any NAPEO member over the past few months has included a discussion of when we would be able to meet again in person. We are all suffering Zoom fatigue, that’s for sure. Looking at the email below, I said, “We want to gather with our members, and as soon as it’s safe to do so, we will.” Every organization has its own level of risk tolerance. Our litmus throughout has been the health and safety of our members and of our team here at NAPEO. Comforted and fortified by the upward trend in vaccinations and downward trend in cases – and the slow easing of restrictions – we will hold our first in-person meeting, our CFO Seminar, at the end of June (location TBD) and hold our Georgia Leadership Council Forum in-person on June 28. And the conference in September. 

I’ve said so many times that the arc of meetings during COVID was like this: Plan the meeting, book the hotel, promote the meeting, watch the registrations climb, meeting draws near, registrations begin to cancel, then the meeting cancels. We did that dance too many times in 2020. For our November Board of Directors meeting, we asked our 24 Board members if they wanted to meet virtually or in person. Twenty two said they wanted to meet in person, so we planned the meeting. The week before, in the face of too many cancellations, we moved the meeting to virtual. It was a discouraging, defeating, and tiresome cycle.

So if the cancellation of the 2020 in-person conference was a sign of despair, let this now be a sign of hope, of light, and of hopefully reaching the end of this pernicious thing that has dogged us for so long. As I said in the email below, “The sun will shine again.” And indeed it will – in San Antonio, in September.

I want to thank all of you who have stood by us, who have gamely pivoted with us to the virtual world. It wasn’t a world we wanted, but it was the world we were handed. I want to especially thank our associate members. The face to face meeting is their lifeblood, an option they didn’t have for the past year. They, too, stood with us, and we are grateful. And finally, I want to thank my team here at NAPEO. I use the royal “we” all the time, but the truth is they are the ones who are doing the innovating, the pivoting, the work. 

As I always say, this thing isn’t completely over yet, but we appear to be moving in the right direction. I look forward to seeing – and celebrating with – you all in San Antonio. 

All the best,

Pat Cleary
President & CEO
NAPEO
707 N. St. Asaph St.
Alexandria, Va. 22314
703-739-8163

Challenges or opportunities for brokers placing cyber risk

Content used to write this post was originally written by NU Property Casualty 360’s Managing Editor, Ms. Heather A. Turner

According to a Guidewire report the numbers for cybercrime in 2020, have almost doubled! In addition to an increase in attacks and breaches are the related budgetary allocations being made by small to mid-sized businesses for cyber insurance over the next 2 years. Ramping up cyber sturdy tools and in an effort to prevent cyber attacks are a necessary play in prevention for the ever evolving cyber market and being fought across the property and casualty landscape.


According to a report published by CyberCube, a data-driven cyber analytics company for the insurance industry, the growing cyber market is creating unique opportunities for brokers to set themselves apart from their competitors. By marrying their existing areas of expertise with their new found and or improved fundamental comprehension of insurable cyber risk and exposure, brokers can show and or remind buyers and prospects alike why they are indispensable.

The following list was created by CyberCube to further explore examples of challenges and opportunities brokers face in the cyber market today.

Click here to read the detail following Opportunities 1-4 written by Heather A. Turner, of NU Property Casualty 360. You must register for free account.

  • Opportunity No. 1: Brokers are trusted advisors
  • Opportunity No. 2: Brokers can add value by mapping exposure to coverages and policy terms.
  • Opportunity No. 3: Getting a “yes” from insurers.
  • Opportunity No.4: Standalone cyber is just one aspect of a well rounded insurance program.

Interesting Tidbits for Your Week!

Expecting the Unexpected for Your Small Business. Common insurance types for small businesses.

For better or worse is generally a term related to marriage vows, but in business its just as important! Luckily for business owners there are ways to mitigate the risks associated with the “worse.” Pie Insurance recently released an article covering the types of common insurance for small businesses as well as some not so common options like a business owner’s policy (BOP); I thought it was worth sharing.

A Business Owner’s policy can include professional liability insurance (errors and omissions insurance), a commercial umbrella policy, employment practices liability insurance, directors and offices liability insurance and terrorism insurance. You can check out the full article here. The key to insurance is never needing it, but having it in place when you do. It can make the difference in saving your company when the unexpected happens. Contact us at Libertate Insurance, we can help.

1st Qtr 2021 Small Business Data

NAPEO issued small business snapshot data on Q1 of 2021. Check out the full review here.

High points from the data include:

Percentage change of Daily Small Business Revenue from January 2020 to January 2021 showing 50% decrease in revenues at April 1, 2020 with slowing increase about 31% overall increase at January 1, 2021. Small businesses are slowly pulling back.

Job losses in the United States are reported at 9.6 million; with the expected hardest hit industry of Leisure and Hospitality accounting for nearly 40% of all loss reported.

On a state by state analysis the numbers are showing more increase than decrease with the average unemployment rate reporting at 5.6% at the close of February 2021. (US Bureau of Labor Statistics). Overall jobless rates are down in 23 states as of March and higher in only 4.

US Small Business Administration (SBA) Updates

If your business previously received the Economic Injury Disaster Loan (EIDL) Advance from the SBA for less than $10,000, the SBA is allowing applicants to re-apply to receive the full amount of the advance up to $10,000.

If your business was also a recipient of the EIDL these loans were previously limited to six months of economic injury up to a maximum of $150,000; the SBA has announced a change that will allow loan limits up to 24 months of economic injury with a maximum loan amount of $500,000. Be advised and proceed with caution, as the SBA takes security interest in the business assets for loan amounts over $25,000.

The SBA is also sending out emails to the EIDL loan recipients extending the first payment due on the EIDL loans to 2022 for loans issued in 2020. The first payment due date is extended 24 months from the date on the note. They have indicated that 2021 loans will have initial payments due 18 months from the note date. Interest continues to accrue during the deferment period.

Follow these instructions if you wish to request a loan increase:

  • Send email to CovidEIDLIncreaseRequests@sba.gov
  • Use subject line “EIDL Increase Request for [insert your 10-digit application number]”
  • Be sure to include in the body of your email identifying information for your current loan including application number, loan number, business name, business address, business owner name(s), and phone number.

Important: Do not include any financial documents or tax records with your initial request. You will receive a follow up email notification if we need additional documents.

You can check out all of the updates for offerings available from the SBA here.

History of Workers’ Compensation

AND last but not least, for those insurance nerds, another very interesting release from Pie Insurance is a history of workers’ compensation insurance. Covering where the laws stand today, where it started and how it has changed the benefits to workers in the United States. Interesting and educational read, check it out here.

Be sure to check out our continual updates here, on PEO Compass, regarding Florida’s House Bill 1305 and its impact on workers’ compensation and the PEO industry.

COVID-19 Relief Bill

Our friends at NAPEO are always keeping us up to date with pertinent information impacting PEOs and Small Businesses. They released the following yesterday related to the COVID-19 Relief Bill.

COVID-19 Relief Bill: What It Means for PEOs & Small Business

Yesterday, the House passed an omnibus spending bill that included $1.4 trillion to fund the federal government and $900 billion of additional COVID relief by a vote of 399-53. The Senate then passed the legislation by a vote of 92-6. The bill now heads to the White House, where President Trump is expected to sign it.

Tax Provisions

The omnibus spending bill – which is almost 5,600 pages long – contained many tax provisions that impact PEOs. Randy Hardock and Courtney Zinter of Davis & Harman (NAPEO’s outside tax counsel) have prepared a document containing the details of these provisions and how they apply to PEOs.

Specific tax provisions of interest to PEOs include:

  • Paid Sick and Family Leave Credits
    • Extends the paid sick and family leave credits against employment taxes from the Families First Coronavirus Response Act (FFCRA) for three additional months to March 31, 2021.
    • The bill does not extend the FFCRA’s mandate to provide paid sick leave or paid family and medical leave beyond December 31, 2020.
  • Changes to the Employee Retention Tax Credit (ERTC)
    • Repeals the provision denying the ERTC to employers receiving a PPP loan. Instead, mechanisms would be created to prevent the same wages from being used for both PPP loan forgiveness and the ERTC.
    • Extends the ERTC to apply to wages paid before July 1, 2021 (instead of January 1, 2021).
    • Increases the credit percentage from 50 percent to 70 percent of applicable wages.
    • Increases the per-employee limitation on applicable wages from $10,000 total to $10,000 per calendar quarter. In combination with the increased credit percentage, this would increase the maximum credit per employee from $5,000 to $7,000 per quarter (up to $14,000 for the first two quarters in 2021).
    • The following language was added to the ERTC provisions that specifically addresses PEOs: Any forms, instructions, regulations, or guidance described in paragraph (2) shall require the customer to be responsible for the accounting of the credit and for any liability for improperly claimed credits and shall require the certified professional employer organization or other third-party payor to accurately report such tax credits based on the information provided by the customer. [Emphasis added.]
      It is not clear whether this provision applies retroactively or just to new credits taken in 2021.
    • Makes the ERTC available if the business experienced a decline of at least 20 percent in gross receipts (instead of a 50 percent decline) as compared to the same calendar quarter in the prior year.
    • Modifies the small employer definition of qualified wages to apply to employers that have 500 or fewer employees (instead of 100 of fewer employees).
  • Creates a temporary employee retention credit of 40 percent of qualified wages up to $6,000 (maximum credit of $2,400 per eligible employee) for eligible employers affected by certain qualified disasters. This credit is retroactive and does not apply to COVID-related disasters.
  • The bill also extends the Work Opportunity Tax Credit for five years.

Paycheck Protection Program and Other Small Business Assistance

In addition to the tax provisions, the COVID-19 relief portion of this legislation contains additional assistance for small businesses, which NAPEO has been lobbying Congress in support of. Specifically, it contains the following provisions designed to assist small businesses:

  • Creates a second loan from the Paycheck Protection Program, called a “PPP second draw” loan for smaller and harder-hit businesses, with a maximum amount of $2 million.
  • Creates a simplified application process for loans under $150,000.
  • Expands the expenses that can be covered by a PPP loan.
  • Makes 501(c)6 organizations that do not lobby eligible for PPP loans.
  • Makes the expenses covered by PPP loans tax deductible.

Details on these provisions can be found on this document provided by the Community Banker’s Association.

Unemployment Insurance

The COVID-19 relief provisions also make the following changes to unemployment insurance:

  • Unemployed individuals get an additional $300 per week from December 26, 2020 to March 14, 2021.
  • Extends and phases out Pandemic Unemployment Assistance (PUA), a temporary federal program covering self-employed and gig workers, to March 14, 2021 and extends benefits from 39 to 50 weeks with all benefits ending April 5, 2021.
  • Extends and phases out Pandemic Emergency Unemployment Compensation (PEUC) which provides additional weeks when state unemployment runs out, to March 14, 2021 (after which no new applications) through April 5, 2021.
  • Extends provisions to March 14, 2021, including interest-free loans to the states.

No federal money was provided to shore up the short falls in state unemployment funds.

Miscellaneous Provisions

The omnibus spending bill contained so-called “tax extenders,” which are temporary provisions in the tax code that are designed to support specific economic activities. There are two provisions of interest to PEOs that have been extended for five years. They are: 

  • The employer credit under section 45S for paid family and medical leave, originally enacted as part of tax reform in 2017.
  • The expanded exclusion for employer-provided educational assistance, including student loan repayment benefits as enacted as part of the CARES Act. NAPEO has lobbied in support of this provision.

For more information visit NAPEO’s COVID-19 Resource Center or contact Thom Stohler.

NAPEO is offering a webinar on this bill and the impacts for PEOs and their clients on January 8th at 2pm EST. Not a Member of NAPEO? Find out how to join here.

Looking for a PEO or have questions on whether or not a PEO is right for you; visit our site at Libertate Insurance and get the questions you have answered.

2021 Employee Benefit Trends

Our friends at NAPEO released trends to watch out for as reported by Employee Benefit News; highlights from the full article below.

Increasing Health Insurance Premiums Employers will likely start shopping and looking for more cost manageable healthcare plans as health insurance premiums are trending 54% increases over the past 11 years as reported by the Society for Human Resource Management (SHRM). SHRM also reported, “Employers expect a moderate health plan cost increase next year of 4.4 percent, on average, compared to this year, according to early results…”. The concern here is that this trend of continued increase is outpacing the consumer price index and wage growth.

Telehealth We have seen a large uptick in the push and use of telehealth with the COVID-19 pandemic. 2021 will continue to grow this field of medical care. Telehealth benefits have been able to provide medical coverage for acute, chronic, primary and specialty care.

Personalized Benefits Packages Companies may start offering more non-medical offerings for a more customized employee benefit packages. Packages will start with the basic health insurance and paid time off benefits and expand to include optional add-ons like pet insurance, short-term disability, access to legal services, whole or term life, hospital stay, accident insurance to mention a few.

Mental Health Employers are waking up to the mental health wellness of their employees and how it can be a direct impact o their organizations. Employers are educating themselves on reducing workplace stress. Many benefits package now include behavioral health with both onsite and virtual medical plans.

Not partnered with a PEO? Connect with us and let us know how we can help! Find out more on our website here.