Changing Face Of Cyber Liability Risks

Due to the changing nature of cyber risk, IT risk managers must upgrade risk management strategies to focus on new areas of concern. In the past, primary attention was given to protecting computer infrastructure from losses caused by lapses of physical security, internet servers, networks, and rogue insiders. Now, attention must be expanded to applications and software used by the organization.

Due to stepped up risk management controls in the areas of improved network security, cyber criminals have turned their attention to less protected vulnerabilities in applications and software. In addition, the purpose of the attacks have morphed from causing embarrassment and denial of service to profiting from the theft of confidential financial and client information.

Cyber Attacks focus on the following areas:

* disrupting infrastructure operations

* posting confidential enterprise information online

* theft of intellectual property

* identity theft

* theft of confidential information

* confiscating or compromising online bank accounts

* spreading viruses on other computers

* malicious insiders seeking revenge

* use of internet launched viruses, malware, trojans, phishing, botnets, other malicious code

A company’s risk analysis should include identification from among the following risks where primary attention should be given to those risks which present the largest loss potential by either their frequency or severity:

* identification of viruses on servers, workstations, and laptops.

* open ports on firewall

* which assets are currently being attacked

* which assets are most likely future targets

* Payment Card Industry (PCI) audit if credit cards are used

* HIPAA and HITECH audit for medical information if applicable

* various state confidentiality and data protection laws

Source: Resources, Winter 2010, Paul W. Burkett, The National Alliance For Insurance Education And Research


Safety at Work is No Accident

Continuous Improvement through Measurement & Benchmarking

The Safety Excellence Model shown below is a framework for applying a safety management system on a continuous basis. It is a process-oriented approach that emphasizes people’s contributions to long-range, permanent solutions for problems. The core requirements for safety excellence are leadership and engagement, safety systems, risk reduction and performance measurement. The benefits of applying this model include alignment of actions with business objectives, more focused effort, and reduced injuries and illness.  Together these steps provide the tools for the Journey to Safety Excellence.


via National Safety Council

Never Ride Unbuckled – Even in the Back Seat

Five High School students were seriously injured when the car they were in went across the median and rolled over. They were headed to girls basketball semifinal but never made it.

Five ambulances were sent to the scene, and all five students were rushed to area hospitals.

The three teens in the back seat were unbuckled and were ejected. The two teens in the front were buckled.

Remember to wear a seatbelt even if you in the back seat. It may not be the law but it can be a life saver.

via 5 Gr. Haven students hurt in I-96 crash | WOOD TV8.

The Problem With Wellness

The term “wellness” can have a different meaning to different people. I like the following definitions:

1) The quality or state of being healthy in body and mind, as the result of deliberate effort.

2) An approach to healthcare that emphasizes preventing illness and prolonging life, as opposed to emphasizing treating diseases.

Business leaders are interested in how “wellness” will impact their bottom line. Unfortunately many have tried ineffective or poorly executed strategies and are now turned off by the term. I have found that an integrated well executed strategy following the 5 steps of risk management is most effective in delivering results.


Ways To Cut Workers’ Comp Costs

A study of 5,568 employers in 29 different industries conducted by Michigan State University and the W.E. Upjohn Institute for Employment Research gives some insight regarding injury prevention and loss control.  The study findings, issued in 1993, show that employers with the “best” records (fewest workers’ compensation claims) had these common qualities.

  • Placed great emphasis on safety and prevention practices;
  • Were more inclined to have “open” managerial styles that encourage shared decision making; and
  • Had consciously developed disability prevention and management strategies.

Employers are encouraged to look at their individual operations with a critical eye toward identifying ways to further reduce injuries and illness, thus improving working environments while cutting workers’ compensation claims cost.  Michigan companies that have successfully reduced workers’ compensation costs have offered the following cost-saving suggestions.

  • Set safety goals.
  • Create an employee incentive program.
  • Improve accident reporting and investigating.
  • Make review of injury reports part of the job of top managers (even the very top).
  • Review injury reports promptly.
  • Have front-line supervisors and employees design injury prevention programs.
  • Establish training programs in safe lifting techniques, hand safety and hazard recognition.
  • Purchase appropriate equipment along with making other ergonomic changes.
  • Develop return-to-work programs in which injured employees are allowed to return gradually, from simulated work settings to meaningful transitional or part-time assignments to full-time duty.
  • Write job descriptions that include “physical capability” requirements.

By making an effort to improve the safety of the workplace, companies can reduce their workers’ compensation insurance costs in two ways:

  • They can reduce the dollar value of business losses by limiting the severity of accidents or by eliminating them altogether.
  • They may make the business eligible for schedule rating credits, premium credits and other incentive programs offered by carriers.

Insurance is Not Risk Management

Risk mitigation measures are usually formulated according to one or more of the following major risk options, which are:

1) Design a new business process with adequate built-in risk control and containment measures from the start.

2) Periodically re-assess risks that are accepted in ongoing processes as a normal feature of business operations and modify mitigation measures.

3) Transfer risks to an external agency (e.g. an insurance company)

4) Avoid risks altogether (e.g. by closing down a particular high-risk business area)

Remember: Insurance is risk transfer and  is usually the most expensive way to deal with risk.

Retaliation Claims Are Greatest Legal Risk

Retaliation claims have increased dramatically in the last two years, creating the most significant legal risk to employers today, employment law expert Joseph Beachboard told those attending the Society for Human Resource Management’s Employment Law & Legislative Conference in Washington, D.C., on March 5, 2012.

In 2010, retaliation claims for the first time surpassed race discrimination as the most common type of charge filed with the U.S. Equal Employment Opportunity Commission (EEOC). Last year, the trend continued with 37,334 retaliation complaints filed, constituting 37 percent of the 99,947 federal workplace discrimination charges filed.

“Why are we seeing this sudden explosion in retaliation-related discrimination? First of all, retaliation is relatively easy to establish,” especially when compared to the burden of proof in race and sex discrimination cases, said Beachboard, who is a shareholder with Ogletree Deakins in Torrance, Calif.

In addition, jurors tend to look more closely at the evidence in sex and race discrimination cases, but can relate easier to the allegation of retaliation, Beachboard said. They reflect a societal rage often summarized on bumper stickers: “Don’t get mad. Get even!”

Finally, retaliation claims have skyrocketed since the 2006 Supreme Court ruling in Burlington Northern v. White, which lowered the standard of proof and made it easier for employees to prove their claims.

In 2009, the Supreme Court unanimously ruled that employees don’t have to file a formal complaint to win a retaliation claim, expanding the number of plaintiffs who can file. In Crawford v. Metropolitan Government of Nashville and Davidson County, Tenn., the justices found in favor of a woman who corroborated charges filed by someone else in a sexual harassment case and was subsequently fired.

In Thompson v. North American Stainless, the nation’s high court in January 2011 ruled unanimously that a worker who claimed he was fired because his fiancée had filed a sex discrimination claim against their mutual employer had a cause for filing a retaliation claim. The worker was fired three weeks after the EEOC notified the employer the fianceé had filed a charge of discrimination.

“Things have changed with respect to how we look at these types of claims,” Beachboard said. “Previously, our focus was on the individual and their own protected activity. … Now, it’s different. The focus is not only on the individual’s own protected activity, but also any protected activity of anybody he or she is associated with—whatever that means.”

In March 2011, the court ruled that employees who make verbal complaints also may sue for retaliation. In Kasten v. Saint-Gobain Performance Plastics Corp., the justices decided in favor of an employee who contended he was fired after complaining to his supervisor about the distance between time clocks and the spot where he had to don protective gear, claiming he wasn’t being paid for time worked in violation of the Fair Labor Standards Act.

As a result, HR professionals should make sure they treat verbal complaints as seriously as written complaints and should keep a close eye on employees who have complaints to ensure they aren’t retaliated against, Beachboard said.

Dori Meinert is a senior writer for HR Magazine.

via Retaliation Claims Are Greatest Legal Risk.

The Accident Pyramid – Feeling Lucky?

To often the interest in safety comes after a serious accident which is unfortunate. The key is to treat near misses as if they could have been serious.

Frank Bird, a US safety researcher, discovered that for every serious workplace accident there were 600 near misses. Bird’s findings are shown in the pyramid diagram below.

Accident Pyramid

It’s important to make near miss reporting part the safety culture. What is the ROI on accidents avoided?

Risk Managements 3 Simple Rules

When University of Louisiana at Monroe risk management and insurance majors asked small business owners how they make decisions about managing their business risk, most of them told us they rely heavily, if not completely, on their insurance agent.

But sometimes insurance isn’t the best way to manage risk.

The decision about when or whether to use insurance to manage risk can be complicated, as can the decision about what types of insurance to buy for what risks. While insurance agents can help you decide the types of insurance to buy, they might not help you decide when not to buy insurance.

Fortunately, there are three simple rules that will get you headed in the right direction when deciding “to insure or not to insure.”

They are: don’t risk a lot for a little; don’t risk more than you can afford to lose; and consider the odds.

Source – Christine Berry director of the Small Business Risk Management Institute at the University of Louisiana.

Five Steps to a Healthier Workforce and Lower Health Care Costs

We have found that the key to a successful wellness strategy is to implement a process that follows the 5 steps of risk management.

* Identify risk with Health Risk Assessment at over 90% participation without paying employees to complete one. (high participation is key and where most wellness plans fail)

* Analyze the HRA summary to identify your populations 4 key risk factors along with health plan and work comp claim data. (without high participation in the health Risk Assessments this information may not be credible)

* Control risk by implementing a customized health and wellness strategy which includes face to face or telephonic coaching to encourage behavior change. (without behavior change there will be no savings)

 * Finance risk by matching the right benefit plan design to assure that any savings go to the employer instead of the insurance company.(we have been successful in getting work comp carriers to give savings upfront by demonstrating successful implementation of the first 3 steps)

* Measure results by benchmarking how many risk factors each employee has in 3 groups low, medium and high. Most groups start at around 50% low risk and will move up to 70% low risk in 3 to 4 years.

Fewer risk factors leads to less disease and lower cost.