Juul’s half-billion dollar loss

in

Is Juul’s claim covered?

Kyle Langan

True or False? Juul Labs is protected by its Commercial General Liability for numerous states suing the company over its marketing practices.

 

Juul

Juul devices were originally 18+, then a 21+ age requirement was set, like alcohol. Any e-cigarette like Juul is obviously a health concern for minors, based on the practical understanding society has of nicotine addiction’s effects. Still, Juuls were making their way into minors’ hands in 2017, and perhaps even more. Consider the scenario of an 18 year old high school Senior purchasing a very inexpensive Juul device and offering it, or even profiting from the sale, to a 17-year old Junior. The Juul was and remains a great option for a baby boomer trying to quit a lifelong cigarette addiction. Sadly, Juuls had a vastly negative effect on boomers’ kids; it hooked teenagers on nicotine out of curiosity for the vape technology. Later, these young adults may have pivoted to cigarettes because they offer a better nicotine buzz! This is not a prediction or a guess. Anyone who was in high school or college in 2017 saw this with their own eyes. Killing tobacco use completely is chimeric. And that’s fine. But this pivot and broad re-engineering of nicotine addiction was an intentional tactic from nicotine corporations like Altria, which invested in Juul early on.

Leitmotif

Juul’s creators set a reasonable leitmotif for the company. Two former cigarette smokers, two scientists worked to improve the nicotine industry. Founder Adam Bowen “understands the physics and thermodynamics that govern vapor production, is an excellent experimentalist, and also has a deep understanding of user centered design. He is a fearless questioner of every assumption and seeks deep understanding. He already has invented some platform technologies which represented steps forward in innovation for the industry, and will continue to make significant scientific contributions to the field,” according to Gal Cohen, who worked with Adam at Juul Labs for 14 years. However, Juul allegedly misled consumers about the addictive nature of its liquid nicotine pods and marketed them to minors. MA, PA, and many other states agreed with this analysis of the marketing effort.

Demise

Juul’s problem and gradual demise was not the devices, but its target market. Juul marketed to underage users with launch parties, ads using young models, social media posts and free samples. Juul was also accused of using age verification techniques that it knew were ineffective. A settlement for nearly a half billion USD was the punishment dished as smoke and retribution for targeting minors on social media.

General Liability

The answer to the true/false question is FALSE.  Juul receiving this suit would only be protected by a uniquely tailored insurance policy / Alternative Risk Transfer arrangement.

Advertising injury coverage, as a part of the Commercial General Liability policy is intended to cover claims arising from defamation, copyright infringement, or using another business’s advertising idea. Therefore, it’s important to consider what insurance coverages or other risk financing strategies will be triggered by certain events before a loss happens. Juul needed coverage for claims made directly against a corporation (the entity) for wrongful acts (and wrongful acts language in the policy needs to match the allegations at the time of the claim.  D&O entity coverage addresses a variety of loss exposures related to communication and interaction with the public that businesses encounter. Additionally, stakeholders of Juul could sue the executives of company for the actions, inactions, or a breach of good faith – acting outside of the best interests of the company (fiduciary responsibility). The protection that is triggered from this part of the loss is provided through Coverage A of D&O, again making D&O a recommendation strategically. This would cover the directors and officers of Juul for their personal liability.

Conclusion

In response, Juul argued that its vaping products can provide a solution to the harmful health impacts from conventional combustible cigarettes. Juul Labs settled 5,000+ more lawsuits filed against it in Northern California. Roughly 10,000 plaintiffs’ settlement amounts were not disclosed, but Juul officials said they have secured an equity investment to fund the resolution. How would your company fund the response to a loss of this nature? The nearly $500MM severity might be impractical to consider a response strategy for, but the nature of it – a loss that does fit within the borderline of Commercial General Liability.

 

Another example of naive intervention

in

Introduction

This essay’s purpose is for an example of interventionism and the ultimate iatrogenic/cost. I first learned about the S.S. Eastland from Mark Spitznagel and I give full credit to the rest of my education on the incident to eastlandmemorial.org. This is not a summary of the incident, but specifically highlighting the naive intervention and the resulting cost. The lesson from this is to prioritize risks in a “what to avoid” way, which can be conducted through “what-if analysis.” It is harder to sell “what I avoided for you” rather than “what I did for you,” however, the former can be strikingly more valuable.

1914 Prediction:

After the Titanic catastrophe, Arnold Augustus Schantz petitioned against increasing lifeboat requirements for Great Lakes vessels. He stated that the additional weight requirements would cause many Great Lakes vessels to become top heavy and prone to capsizing.

Iatrogenic modifications

St. Joseph-Chicago Steamship Company outfitted the S.S. Eastland with 6 additional life rafts and 3 additional lifeboats in June 1915 while the ship was in for other repairs. The rules-based regulation following the Titanic required retrofitting of a complete set of lifeboats on Eastland. This additional weight may have made her even more top-heavy than she already was (tall and thin to begin with, for speed).

Other than the lifesaving equipment, the modifications performed on the Eastland for the 1915 season also included the rearrangement of certain compartments for usability, and the replacement of decking with tons of concrete in the ‘tween deck dining room and the main deck near the aft gangways. This modification, in particular, reduced the metacentric height of the ship.

S.S. Eastland’s pre-existing “top-heavy condition was now amplified and precarious at best when fully loaded.”

Disaster strikes

Saturday, July 24, 1915: Docked in downtown Chicago on the Chicago River for a Lake Michigan cruise to Michigan City, Indiana for a Western Electric employee picnic. Soon after 2,500 passengers boarded, the ship it began to list (sway at an angle).

At 7:28 AM, the list had reached 45 degrees. The furnishings, piano, dishes, iceboxes, lemonade stand and appliances fell over with loud crashes and slid across the decks. The passengers began to panic. Many began to crawl out of gangways or other openings on the starboard side as the Eastland gently continued to list to port until it finally settled on its port side at 7:30.

The Eastland rolled onto its side, spilling passengers into the river and trapping others underwater in the interior cabins, mostly women and children. The disaster claimed 844 lives.

The majority of those preparing to board the ships were actual employees of Western Electric. Because the company picnic was an important social event, a great many of the employees in attendance were young, single adults in their late teens or early 20’s.

An eyewitness described the scene:

“I shall never be able to forget what I saw. People were struggling in the water, clustered so thickly that they literally covered the surface of the river. A few were swimming; the rest were floundering about, some clinging to a life raft that had floated free, others clutching at anything that they could reach–at bits of wood, at each other, grabbing each other, pulling each other down, and screaming! The screaming was the most horrible of all.”

841 passengers, 2 from the Eastland’s crew, and 1 died in the rescue effort. Although the Titanic, which sank over three years prior in 1912, had a higher total death toll of 1,523, the Titanic had a lower death toll of passengers than the Eastland, as crew deaths of the Titanic totaled 694.

Anecdotes

Rumors of past instability had followed the Eastland. As a result, The Eastland Navigation Company placed a half-page newspaper advertisement in the Cleveland Plain Dealer and the Cleveland Leader on August 9, 1910. The ad offered a $5,000 dollar reward to anyone who could “bring forth a naval engineer, a marine architect, a shipbuilder, or any one qualified to pass on the merits of a ship who will say that the Steamer Eastland is not a seaworthy ship, or that she would not ride out any storm or weather any condition that can arise on either lake or ocean.” There is no record showing that anyone ever came forward to claim the reward.

At 6:53, the ship began to list again, port list resumed at 7:20, at which time water began coming into the ship through the gangway openings on the port side. Even so, no great panic occurred among the passengers. In fact, some began to make fun of the way the ship was swaying and leaning.

There were also early indications

1904

Near catastrophe occurred with 3,000 passengers aboard. The incident occurred in full view of South Haven and the public was alarmed.

1912

Another severe listing in Cleveland.

References

The Eastland. Eastland Memorial Society. https://web.archive.org/web/20090122125939/https://www.eastlandmemorial.org/eastland2.shtml

Eastland disaster. Eastland Disaster – Eastland Disaster. (n.d.). https://eastlanddisaster.org/history/eastland-disaster

Included or Excluded? Trustee Services, Insured vs. Insured Provisions in a Professional Liability Policy

in

Professional Services Coverage for a Trustee

Are Trustee Services covered within a Miscellaneous Professional Liability or Errors and Omissions (E&O) Policy for the following roles?

  • Trustee, Protective Committee, Investment Trustee, Distribution Committee, Successor Trustee Receiver, Agent of Record, Paralegal, Personal Representative/Executer, Power Of Attorney

The answer is yes, but not by default. For the nature of the services provided by the above roles, these entities should carry Professional Liability specifically for “Trustees E&O.”

Example: Distribution Committee

An endorsement can modify insurance provided under Miscellaneous Professional Liability Coverage, which specifically names the applicable “Trust;” “Named Trustee(s);” and “Trust Agreement.” The Trust Agreement is shown in the Schedule of Professional Services in this Endorsement for Trustee Services.

Definitions

  • Professional Services means Trustee Services provided by the Named Trustee(s) to others as designated under the terms of the Trustee Agreement.
  • Trustee Services means managing the assets and business affairs of the Named Trust by the Named Trustee, pursuant to the terms and conditions of the Trust Agreement. Beneficiary means any individual or entity designated under the Named Trust or that otherwise has a specified right to receive Trustee Services provided by the Named Trustee.

Insured vs. Insured

  • An insured versus insured exclusion is found in directors and officers (D&O) liability policies (and to a lesser extent in other types of professional liability coverage). [1] The exclusion precludes coverage for claims by one director or officer against another. [2]
  • The purpose of this exclusion is to eliminate coverage for four types of situations: (1) employment practice claims, (2) internal disputes/infighting, (3) claims involving collusion, and (4) claims by organizations against their directors and officers for imprudent business practices. [3]
  • However, in the context of Trustee Services, this exclusion shall not apply to any Claim brought by a Beneficiary arising out of his or her right to receive benefits from the Insured Trust, if such Claim neither relates to nor arises out of any actual or alleged Wrongful Act committed by such Beneficiary.

Likely excluded from coverage:

1) Banking or Investment Advice, Promises or Guarantees based upon, arising out of or attributable to any:

  • advice by an Insured in its capacity as, or the selection of, an investment manager, investment advisor or custodial firm;
  • advice, promise or guarantee by an Insured as to the future value of investments or property or specified rate of return or interest; or
  • advice by an Insured relating to investments, mergers, acquisitions, restructurings, divestitures or other investment banking services by an Insured;

2) Client Funds

  • based upon, arising out of or attributable to the Insured’s exercise of any authority or discretionary control with respect to any client’s funds or accounts;

3) Comingling of Funds

  • based upon, arising out of or attributable to any actual or alleged commingling or improper use of funds, accounts, premiums, fees, taxes, claims commissions or brokerage monies for which any Insured collected or should have collected on behalf of another person or organization; sums received by any Insured or credited to any Insured’s account which any Insured returned or should have returned to another person or organization; or any claim amount that any Insured paid or should have paid to another person or organization.

4) Investment Performance

  • based upon, arising out of or attributable to the failure of investments to perform as expected or desired.

5) Based upon, arising out of or attributable to the rendering or failure to render any:

  • legal, financial, auditing, accounting, tax, architectural, actuarial or engineering services; or
  • services as a securities broker/dealer or commodities broker/dealer.

6) Transfer of Funds, Monies or Securities

  • based upon, arising out of or attributable to the transfer or failure to transfer funds, monies, or securities.

7) Violation of Securities Rules, Regulation or Other Law based upon, arising out of or attributable to:

  • any actual or alleged violation of the rules and regulations of the National Association of Securities Dealers
    (“NASD”) or the Securities Exchange Commission (“SEC”) or any state securities regulatory agency; or
  • any actual or alleged use or disclosure of non-public information in violation of any securities or other law;
    All other terms, conditions, provisions and exclusions of this policy remain the same.

References

[1] – [3]

Insured versus insured exclusion. IRMI. (n.d.). https://www.irmi.com/term/insurance-definitions/insured-versus-insured-exclusion

Steadfast Insurance Company / Zurich. (n.d.). Professional Indemnity. Zurich: Commercial Insurance Products. <https://www.zurich.com/commercial-insurance/products/professional-indemnity>

Former teenage Wendy’s employee awarded $5 million

in

July 19, 2024, by Kyle Langan

$5 million award for victim of perpetrator who abused teen girl co-workers at Wendys 

QUESTION

Which commercial insurance contract responds to this type of loss?

Failure #1: Thorough pre-hire background check

The lawsuit alleges that the company hired the perpetrator in October 2016, despite his previous convictions in Missouri of rape and first-degree sexual abuse cases. [1] These did not appear on Case.net, which provides access to the Missouri state courts’ automated case management system. Perhaps Missouri could make changes to make data like this more easily accessible for the public.

Wendy’s corporate media team said “the franchise owner is an independent business owner and thus is responsible for all employment functions.” While it may seem like a deflection, this response is inherently true. Wendy’s transferred this risk to the franchise owner. However, separately, and difficult to quantify, this loss could cause reputational damage for Wendy’s. As part of its response, it said “The Wendy’s Company takes the safety and well-being of our employees very seriously and we have a zero-tolerance policy for this type of behavior.” [2]

Failure #2: Response, investigation into the issue once presented with the facts

According to the lawsuit, the anonymous teen and her mother reported the inappropriate behavior to upper management, but they failed to investigate the issue. [3] The franchise owner should have terminated the perpetrator and banned him from the premises. Instead, the franchise failed again to mitigate and respond to severe employment-related claims. This part was likely the key contributing factor to the $5 million award.

ANSWER

The commercial insurance contract that responds to this type of loss is Employment Practices Liability Insurance (EPL or EPLI), which deals with wrongful termination and other employment-related wrongful acts, like discrimination and sexual harassment. It can address the increasing tendency of aggrieved parties to turn to courts for the settlement of disputes. Insurers exclude these types of losses from General Liability policies.

References

[1]–[3]

Rieck, D. (2024, July 12). Wendy’s, store manager to pay $5 million in sexual assault lawsuit filed by former Teen Worker. STLtoday.com.

<https://www.stltoday.com/news/local/crime-courts/wendys-store-manager-to-pay-5-million-in-sexual-assault-lawsuit-filed-by-former-teen/article_80750590-4057-11ef-8f09 07e18738e771.html#:~:text=ST.,her%20while%20she%20was%20working.>

Heat Injury and Illness Prevention Update: Compliance with OSHA

in

July 2, 2024: OSHA is proposing to issue a new standard, Heat Injury and Illness Prevention in Outdoor and Indoor Work Settings. The standard would apply to all employers conducting outdoor and indoor work in all general industry, construction, maritime, and agriculture sectors. It may soon require employers to create a plan to evaluate and control heat hazards in their workplace. This aims to more clearly set forth employer obligations and the measures necessary to effectively protect employees from hazardous heat. This proposed rule will undergo a 120-day comment period, and then go to review. If finalized, the proposed standard would require employers to comply with all requirements of the standard 90 days after the effective date (150 days after the date of publication of the final standard in the Federal Register). The proposed compliance date is intended to allow adequate time for employers to undertake the necessary planning and preparation steps to comply with the standard. OSHA has preliminarily concluded that 90 days is sufficient time for employers to develop a Heat Injury and Illness Prevention Plan (HIIPP), identify heat hazards in their workplace(s), implement the protective measures required under the standard, and provide required training to employees.

Steps for compliance

  • Develop Heat Injury and Illness Prevention Plan
  • Identifying heat hazards
  • Mind the “initial heat trigger”
  • Mind the “high heat trigger”
  • Heat illness and emergency response and planning
  • Training
  • Recordkeeping
  • Implemented at no cost to employees

Recommendation: Employers should implement these safeguards which will include things like rest breaks, access to shade and water, and heat acclimatization for new employees.

Reference

Heat Injury and Illness Prevention in Outdoor and Indoor Work Settings (n.d.). Dept. of Labor, Occupational Safety and Health Administration. https://www.osha.gov/sites/default/files/Heat-NPRM-Final-Background-to-Sum-Ex.pdf

A detailed look at sample language from an Assailant Insurance Contract

in

Commercial decision makers may have seen ‘coverage highlights’ or vague, abstract views of assailant coverage. To dive deeper, what sort of actual policy language should a buyer of an Active Assailant Insurance Contract Expect?

Protection for Losses Arising From An Attack at Insured Location.

Perils covered, directly resulting from an Attack that occurs during the policy term at an Insured Location:

  • Business Interruption, Extra Expense costs, resulting from the interruption of Your business at Your Property or an Insured Location(s) at which the Attack occurred.
  • Legal Liability. Damages and Claim Expenses which the Insured shall become legally obligated to pay, as a result of and solely and directly arising from an Attack;
    • provided that, Claims Made and Reported conditions are met: such Attack takes place on or after the Policy inception date and before the expiration, such Claim is first made against the Insured during the Period of Insurance, and notice of such Claim is given to the Insured in accordance with the conditions laid out in the Policy’s claim requirements
  • Direct physical loss of or physical damage to Contents and Property at the Insured Location at which the Attack occurred, including any physical damage caused by law enforcement or security forces responding to the Attack;
  • Reasonable costs incurred to repair or rebuild Your Property, including costs to remove debris, demolition and/or professional services which include architects, surveyors and engineers, that have been damaged as a direct result of an Attack occurring during the period of the policy;
  • Crisis Expenses (The following reasonable and necessary expenses incurred as a result of an Attack):
    1. Additional security measures: costs to arrange appropriate security guarding at the affected Insured Location or any other Insured Location, if necessary, but only for such costs incurred up to sixty days after the Attack.
    2. Counselling: costs to provide affected persons, physically present during the Attack, with psychiatric and counselling services and access to social workers, but only for such costs incurred up to twelve months after the Attack.
    3. Public relations and crisis communications: costs for public relations or crisis management consultants contracted by Us to assist You in responding to and managing the situation, including media management, remediation and recovery and the formation of applicable crisis communication strategies, but only for such costs incurred up to sixty days after the Attack

An Attack at any location within a five-mile radius of an Insured Location.

Indemnity for the following loss directly resulting from an Attack that occurs within a five mile radius of an Insured Location:

  • Business Interruption and Extra Expense;
  • Loss of attraction to an Insured Location as a direct consequence of an Attack;
  • Prevention of access by civil or military authority;
    • Business Interruption sustained by the Insured due to a Prevention of Access to Your Property or an Insured Location by order of a civil or military authority, providing such order is a direct result of an Attack that occurs during the Period of Insurance and takes place within a five-mile radius of an Insured Location.
    • Crisis Expenses, as a direct consequence of a Prevention of access to Your Property or an Insured Location.
  • Additional security measures being costs to arrange appropriate security guarding at the affected Insured Location or any other Insured Location, if necessary and subject to validation by the Response Consultant, but only for such costs incurred up to sixty days after the Attack;
  • Loss of Rent being the anticipated gross rental income from tenant occupancy of Your Property; the amount of all charges which are the legal obligation of the tenants, which would otherwise be Your obligation; and the fair rental value of any portion of Your Property which is occupied by You or the amount you are obligated to pay under a tenancy agreement as the Leaseholder.

Personal Accident Benefit

The Insurer should provide a Personal Accident Benefit for Bodily Injury and/or death sustained by an Insured Person solely and directly from an Attack at least up to 180 consecutive days from the date of the Attack.

Response Consultant Expenses

Indemnity for costs incurred for Response Consultant Services directly in response to an Attack, Threat or Stalking Threat;

  • Assessing the nature of the Attack or Threat or Stalking Threat and its potential impact on the safety of an Insured
    Person, Your products, business operations, Property, Electronic Property, and/or reputation;
  • Mitigating the impact of an Attack, Threat or Stalking Threat on the safety of an Insured Person, Your products,
    business operations, Property, and/or reputation;
  • Maintaining and/or resuming normal business operations during and/or immediately following a Threat or Stalking
    Threat.

Cyber Threat Scenarios – What might an attack look like?

in

Edited June 6th, by Kyle Langan

What is a business email compromise or email account compromise?

These cyber risks are financially damaging digital crimes. It exploits the fact that so many professionals rely on email to conduct business. “In a business email compromise (BEC) scam, criminals send an email message that appears to come from a known source making a legitimate request.” [1] According to a new report from Arctic Wolf, 70% of organizations faced business email compromise threats, with nearly 30% falling victim to at least one attack. [2]

Scenario: Email Compromise

Threat: Funds Transfer Fraud

An accountant at XYZ Inc. received an email from a familiar customer. The client’s Chief Financial Officer (CFO) frequently provides contracted services for XYZ in business-to-business transactions. In this email, the CFO instructed XYZ to conduct an ACH transaction for $160,000 owed on a recent invoice. The accountant tells the CFO, that to send and receive ACH transactions, XYZ must follow its procedure of approval, and reconciliation. Believing the request to be legitimate, the accountant proceeds with the transaction and initiated the transfer of company funds.

CFO: “I will notify you once payment is received and credits are applied to your account.”

Accountant: Payment for the 160k is in process at the bank, as soon as it is confirmed I will send a proof of payment.

Following up, the payment is confirmed by the bank so it is approved… will send the proof of payment as soon as it is available. In the meantime, I have attached a screenshot from the bank system stating the payment is confirmed.

CFO: Thanks so much!

Accountant: I have just sent another PDF showing it went through.

CFO: OK thank you, very good.

CFO: Our team has confirmed payment is in and approved from our side.

What went wrong:

The deceptive email came from a cybercriminal inside XYZ’s system, only posing as the client’s CFO through a manipulated email domain (this example also includes Spoofing). The $160,000 wire transfer landed in the criminal’s private bank account.

The accountant realized the request was fraudulent through a phone call with the client’s true CFO on a phone call the next morning. Realizing XYZ got deceived, he scrambled to call the bank, but the transfer had already gone through, making recovery increasingly difficult; 48 hours later, the cybercriminal moved the funds and dispersed them across multiple crypto accounts, making them even harder to track. At this point, the accountant had reported the incident to their manager. Facing financial losses, the organization plans “to react swiftly to prevent possible business disruptions and limit further damage.” [3]

Mitigation Strategy:

  • Detection and research
  • Submission of claim to XYZ’s Funds Transfer Fraud insurer
  • Containment
  • Recovery
  • Communication
  • Post-incident analysis [4]
  • Improvements like Mutual Authentication

What is Spoofing, Phishing?

Spoofing: disguising an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince victims they are interacting with a trusted source. [5] Criminals count on being able to manipulate victims into believing that these spoofed communications are real. Their goal is to lead victims “to download malicious software, send money, or disclose personal, financial, or other sensitive information.” [6]

Phishing schemes often use spoofing techniques to lure and get victims to take the bait. In a phishing scam, a victim may receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. The web address might look like one you have used before. The email may be convincing enough to get you to take the action requested. [7]

But once you click on that link, you are sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information. [8]

Scenario: Phishing

Threat: Data Exfiltration, Ransom

A long-time employee and recently promoted director, William, at an international wholesaler received a text from a friend and trusted co-worker, Nikita, on chat through WhatsApp messenger. Nikita is one of the owners at their company.

The text encouraged the employee to download and review an attachment linked in a text, to prepare for an upcoming assignment. The following chat messages explained the assignment:

Nikita: Hey! Are you available?

William: Hey, morning, yeah, I have some time now!

Nikita: I am just finishing a call with my lawyer. I need your help, currently engaged in an acquisition and working on securing an offer for the group. I am part of an NDA and so for compliance purposes all exchanges regarding this offer must be monitored here over WhatsApp until the official announcement. Can you please review? I want you to manage the deal.

William: Of course, I will do everything I can.

Nikita: Your support is much appreciated. Thanks

What went wrong:

Upon downloading the attachment, William instantly launched malware on his device. [9] He was messaging with a criminal, not Nikita. Within minutes, the malware program infiltrated several systems and “encrypted a wide range of sensitive data, including confidential customer information and financial records. From there, the cybercriminal responsible for sending the phishing email and deploying the malware program displayed a message on the employee’s device, explaining that they had compromised the organization’s data and would only restore this information via digital encryption key in exchange for a wire transfer of $1 million to a private bank account, with a payment deadline set for Friday.” [10] At this point, William reported the attack to his manager. “Facing the potential loss of critical data, the organization needed to react swiftly to minimize widespread operational disruptions and reduce the risk of severe reputational damage.” [11]

Mitigation Strategy

  • Containment
  • Eradication
  • Submission of claim to Cyber Insurer
  • Recovery
  • Communication
  • Post-incident analysis. [12]

References

[1]

Business Email Compromise. (n.d.). https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-scams-and-crimes/business-email-compromise

[2]

Arctic Wolf. (2024, May 21). The State of Cybersecurity: 2024 Trends Report. Arctic Wolf Networks. https://arcticwolf.com/resource/aw/the-state-of-cybersecurity-2024-trends-report

[3-4]

Cyber Incident Response Scenario – BEC SCAM. Zywave. (2024, May). https://content.zywave.com/

[5] – [8]

Spoofing and Phishing. (n.d.-b). https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-scams-and-crimes/spoofing-and-phishing

[9][12]

Cyber Incident Response Scenario – Ransomware Attack. Zywave. (2024, May). https://content.zywave.com/

What could the financial impact of a cyber loss event cost?

in

Published April 24, 2024 by Kyle Langan

Are smaller companies targeted with attacks?

Have you seen attempts at Funds Transfer Fraud, through phishing? Sinister sources send these attempts out frequently, and may be experienced the most by small businesses [1]. Weaker security measures are targeted, which is why lower sized operations could find themselves susceptible. [2] However, large entities, like Change Healthcare, are also targeted: “Large Scale Cyberattacks Disrupt Essential Substance Use and Mental Health Services.

How should an operation mitigate its cyber risk?

How can we help? The team at Conrey Insurance Brokers and Risk Managers specializes in risk transfer. This transfer offers protection for the recovery from tangible or intangible losses related to a security breach or similar event arising from digital risks. [3] Cyber insurance allows companies to resume normal business operations faster, minimizing the cost of recovery. [4] Although we are not technology experts, we can also assist with the mitigation of cyber risk and tech errors and omissions, as we are paid by the insurer to help you.

Ranked by expected severity

Cyber events could be categorized into the following sub-domains. [5] These all should follow a mitigation strategy:

Ransomware

Composite

Funds Transfer Fraud

Data Breach

Loss estimates (less than $25 MM Total Revenue):

 

“Data is from multiple sources, including Coalition’s own global data. Actual numbers may vary significantly from calculator estimates based on additional factors for a given business. The data provided is for informational and educational purposes only.”

References

[1, 2]

Rahmonbek, K. (2024, February 1). 35 alarming small business cybersecurity statistics for 2024. StrongDM. https://www.strongdm.com/blog/small-business-cyber-security-statistics

[3, 4, 5]

Cyber Insurance: Active Insurance & Cybersecurity. Coalition. (n.d.). https://www.coalitioninc.com/

 

Where does commercial auto exposure start and stop?

in

Kyle Langan, May 24, 2024

Navigating the Commercial Auto Risk Domain

Vehicles represent a nexus of risk for a business. Hazards include deliveries, client meetings, or simply the daily operation. The “ownership, maintenance, or use of vehicles creates liability loss exposures.” [1] To mitigate them, a business should optimize its strategies for titling and insuring vehicles. The goal is to transfer or finance risk arising from bodily injury or property damage perils.

Does your risk manager help your team identify and mitigate these liability loss exposures? Not understanding the technical side of Commercial Auto coverage can leave you exposed!

Components of Liability Coverage

How is coverage determined? Symbol 1 has the broadest type of liability coverage available; it applies to ‘Any Auto’ that is used for commercial purposes.

Hired autos (Symbol 8) refer to autos leased, hired, rented, or borrowed. However, “the term does not include any auto the named insured leases, hires, rents, or borrows from any of its employees, partners, limited liability members, or members of their households.” [2]

Non-owned autos (Symbol 9) “apply to vehicles owned by employees and used for company business.”  [3]

Symbols 8 and 9 usefully expand upon Symbol 7, which is for specifically described autos. This protection follows vehicles specifically named in the policy and for which a premium is charged. Operations may not need Symbol 1, and it may not be available in every situation. Symbols 7, 8, and 9 may adequately protect an entity for all relevant auto exposures.

Why would a business need coverage for more than specifically scheduled autos?  Non-ownership liability. Companies should seek protection for their liability stemming from employees’ operation of personal autos within the purpose of the employer’s business. For example, if an employee drives a personal vehicle for the purpose of company business, and hits another car, employers’ non-ownership liability coverage can help pay for the loss of the 3rd party’s property damage and potential bodily injury. If the 3rd party files suit for further damages later, this coverage can also help your company pay for those defense expenses. However, this protection is liability insurance for the entity; it will not pay for damages from an accident while employee drive for personal reasons that are not related to business. It is intended to cover liability damages, including settlements or judgments, attorney fees and other court costs that arise because of an auto accident for which you or an employee is responsible. The normal, daily commute to work in their personal auto is employees’ responsibility.

Lastly, executive officers may not carry personal auto insurance if he or she is furnished a company auto. In this situation, the commercial auto should include a “Drive Other Car” endorsement, so the individual named in the endorsement (including resident spouse) is driving a non-owned auto for personal use. [4]

Protecting Assets, increasing Cash Flow

How do you know if your current commercial auto insurance program is proper?  Why not utilize a seasoned risk manager to help you design an optimal, tailored strategy? Our team can help you achieve proper protection, while reducing costs and increasing your profits. Contact us today.

References

[1]

Survey of Commercial Insurance. The Institutes (April, 2018).

[2]

Hired automobile. IRMI. (n.d.). https://www.irmi.com/term/insurance-definitions/hired-automobile

[3]

Nonowned automobile. IRMI. (n.d.). https://www.irmi.com/term/insurance-definitions/nonowned-automobile

[4]

Drive other car endorsement (DOC). IRMI. (n.d.). https://www.irmi.com/term/insurance-definitions/drive-other-car-endorsement

What trends has the National Council of Nonprofits seen?

in

Challenges From Rising Yields

Higher yields could impact the cash flows of nonprofits that depend on loans or credit lines; because the cost of financing in the U.S. remains the highest since 2008, expense reduction becomes even more vital for nonprofits. [1]

Talent Competition, Shortage

“74.6% of respondents report job vacancies,” so the frequency of nonprofit job vacancy remains.” [2] By comparison, only 33% of private businesses had job vacancies at any time between August 2021 and September 2022, according to U.S. Department of Labor data.” [3]

The severity of the vacancy has pulled back since the 2021 survey reading of 76%, yet 33.8% of the responding nonprofits with vacancies reported 20% or more of their jobs were going unfilled. [4] Nearly another third 32.7% identified vacancy rates of between 10% and 19%. [5]

The root cause lies in the challenge to provide “competitive salaries and benefits, then “they may lose employees and candidates to higher-paying jobs in the for-profit sector.” [6]

Goal: Minimize Costs, Survival and Success

An intelligent insurance broker may have the capability to reduce operational expenses through data analytics, risk management, and insurance.

References

[1]–[6]

2023 Nonprofit Workforce Survey Results. Communities Suffer as the Nonprofit Workforce Shortage Crisis Continues (April, 2023). https://www.councilofnonprofits.org/files/media/documents/2023/2023-nonprofit-workforce-survey-results.pdf