Entries tagged with “Business Risk”.


A California Labor Commission ruling that an Uber driver is a company employee, not an independent contractor may dampen fears that the on-demand economy spells the end for workers compensation, liability and health insurance. At least for now.

As reported by numerous news outlets, here and here, the decision out of California – though it applies to a single driver – could significantly increase costs for the ride-sharing business if it is copied by other states and in other cases.

It could also have potential implications for other segments of the economy important to property/casualty insurers.

As the New York Times reports:

The classification of freelancers is in dispute across a number of industries, including at other transportation companies. And the debate is set to escalate as the number of online companies and apps like Uber and others rises.”

The ruling, which commentators say could hurt Uber’s $40 billion-plus valuation, orders Uber to pay Barbara Berwick, $4,152 in expenses for the time she worked as an Uber driver last year.

Here are a couple of key excerpts from the California Labor Commission decision:

Plaintiffs’ work was integral to Defendants’ business. Defendants are in business to provide transportation services to passengers. Plaintiff did the actual transporting of those passengers. Without drivers such as Plaintiff, Defendants’ business would not exist.”

And:

Defendants hold themselves as nothing more than a neutral technological platform, designed simply to enable drivers and passengers to transact the business of transportation. The reality, however, is that Defendants are involved in every aspect of the operation.”

In response to the ruling (which it has appealed) Uber stated:

The California Labor Commission’s ruling is non-binding and applies to a single driver. Indeed it is contrary to a previous ruling by the same commission, which concluded in 2012 that the driver ‘performed services as an independent contractor, and not as a bona fide employee.’ Five other states have also come to the same conclusion.”

Potential insurance issues arising out of the on-demand or sharing economy are a recurring topic of conversation these days.

In a recent presentation I.I.I. president Dr. Robert Hartwig noted that traditional insurance will often not cover a worker engaged in offering labor or resources through these on-demand platforms.

For example, private passenger auto insurance generally won’t cover you while driving for Uber and a homeowners insurance policy won’t cover a homeowner for anything other than occasional rents of their property.

Also, Dr. Hartwig said: “Unless self-procured, on-demand workers (independent contractors) will generally have no workers comp recourse if injured on the job.”

Survey more than 800 corporate counsel representing companies across 26 countries on litigation trends and issues and you get some insightful findings.

Such is the case with the recently released Norton Rose Fulbright 2015 Litigation Trends Annual Survey.

For example, class action lawsuits were listed as the top issue by respondents in the United States, Canada and Australia.

U.S.-based respondents also reported a more litigious business environment than their peers, with 55 percent facing more than five lawsuits filed against their companies in the previous 12 months, compared with 23 percent in the United Kingdom and 22 percent in Australia.

There are also significant differences in the types of litigation that U.S. companies face compared with their peers worldwide.

For example, personal injury litigation is much more prevalent in the U.S. than elsewhere, with 21 percent of those polled selecting it as one of the most numerous types of cases faced in the previous 12 months, compared to just 15 percent in the survey overall.

In addition, intellectual property/patents (18 percent) and product liability (17 percent) cases were more common in the U.S. than worldwide (13 percent and 11 percent, respectively).

Going forward, more U.S. respondents say regulatory/investigations are a top concern (48 percent) compared with the broader sample (39 percent).

Intellectual property (IP)/patents disputes are also of greater concern in the U.S. (30 percent) compared with all respondents (21 percent).

In addition, more U.S. respondents list class actions (25 percent) and product liability (18 percent) as top concerns compared with the total sample (18 percent and 14 percent, respectively).

In the words of Richard Krumholz, head of dispute resolution and litigation, United States, Norton Rose Fulbright:

Our survey clearly demonstrates that the litigation and regulatory environment in the United States continues to pose some of the greatest risks which businesses from around the world face. This is reflected in rising litigation budgets and the size of disputes-focused staff compared to peer companies around the globe.”

Just to be clear, the average U.S. company has 20 in-house lawyers to handle disputes and the number of U.S. companies with an annual litigation spend of $1 million or more increased from 52 percent to 69 percent from 2012 to 2014.

Slightly more than half of the survey respondents are from companies with headquarters in the U.S.

The Insurance Information Institute (I.I.I.) has an excellent resource on business liability insurance here.

The decision by Texas-based Blue Bell Creameries to recall all of its products after two samples of its ice cream tested positive for listeria is a timely reminder of the importance of product recall insurance.

Product recalls can be costly and logistically complex. In Blue Bell Creameries’ case the expanded voluntary recall announced Monday night includes ice cream, frozen yogurt, sherbet and frozen snacks distributed in 23 states and international locations.

Blue Bell said it was pulling its products “because they have the potential to be contaminated with listeria.”

The company had issued an earlier more limited recall last month after the U.S. Centers for Disease Control and Prevention (CDC) linked ice cream contaminated with listeria to three deaths in Kansas.

As of April 21, 2015, the CDC says a total of 10 people with listeriosis related to this outbreak have been confirmed from four states.

A 2014 report by Aon notes that the number of product recalls in the United States and Canada for both food products and nonfood products continues to grow year over year.

Each year, hundreds of products are recalled in the U.S. Some historically significant recall events have included such well-known brands as Tylenol, Perrier, Firestone Tires, Pepsi and Coca-Cola.

The Insurance Information Institute (I.I.I.) reminds us that product recalls can be financially devastating and potentially put a company out of business. No organization is immune to the risk of a product recall—even those with the best safety records, operational controls and manufacturing oversight.

In a post in the Wall Street Journal’s Morning Risk Report, crisis management experts note that how well a company succeeds at regaining customer trust following a product recall will likely determine whether it recovers from the negative hit to its reputation and bottom line.

True. Insurance can also help defray the financial hit on a company.

Product recall insurance helps cover a wide range of costs including advertising and promotional expenses to launch a recall, as well as the costs related to product destruction and disposal, business interruption and repairing a damaged reputation, the I.I.I. says.

Another coverage worth considering is product contamination insurance, which protects a company’s bottom line in the event its product is accidentally or maliciously contaminated.

The April 2013 Boston bombing may have marked the first successful terrorist attack on U.S. soil since the September 11, 2001 tragedy, but terrorism on a global scale is increasing.

Yesterday’s attack by the Al-Shabaab terror group at a university in Kenya and a recent attack by gunmen targeting foreign tourists at the Bardo museum in Tunisia point to the persistent nature of the terrorist threat.

Groups connected with Al Qaeda and the Islamic State committed close to 200 attacks per year between 2007 and 2010, a number that grew by more than 200 percent, to about 600 attacks in 2013, according to the Global Terrorism Database at the University of Maryland.

Latest threats to U.S. targets include calls by Al-Shabaab for attacks on shopping malls.

And a recent intelligence assessment circulated by the Department of Homeland Security focused on the domestic terror threat from right-wing sovereign citizen extremists.

On January 12, 2015, President Obama signed into law the Terrorism Risk Insurance Program Reauthorization Act of 2015.

A new I.I.I. white paper, Terrorism Risk Insurance Program: Renewed and Restructured, takes us through each of more than eight distinct layers of taxpayer protection provided under TRIA’s renewed structure.

While TRIA from its inception was designed as a terrorism risk sharing mechanism between the public and private sector, an overwhelming share of the risk is borne by private insurers, a share which has increased steadily over time.

Today, all but the very largest (and least likely) terrorist attacks would be financed entirely within the private sector.

Enactment of the 2015 reauthorization legislation has brought clarity and stability to policyholders and the insurance marketplace once again, the I.I.I. notes.

In the week before Christmas when Congress adjourned without renewing the Terrorism Risk Insurance Act (TRIA), Jeffrey DeBoer, president and CEO of The Real Estate Roundtable, a trade group representing real estate industry leaders, said:

This law does not stop terrorist attacks. But it does disrupt terrorists’ goals of damaging our economy.”

The I.I.I. paper makes a similar point:

Since its creation in 2002, the federal Terrorism Risk Insurance Act, and its successors, have been critical components of America’s national economic security infrastructure. TRIA has cost taxpayers virtually nothing, yet the law continues to provide tangible benefits to the U.S. economy in the form of terrorism insurance market stability, affordability and availability.”

For a federally backed program, that is quite a success story.

A protracted labor dispute that continues to disrupt operations at U.S. West coast ports underscores the supply chain risk facing global businesses.

Disruptions have steadily worsened since October, culminating in a partial shutdown of all 29 West coast ports over the holiday weekend.

The Wall Street Journal reports that operations to load and unload cargo vessels resumed Tuesday as Labor Secretary Tom Perez met with both sides in the labor dispute in an attempt to broker a settlement amid growing concerns over the impact on the economy.

More than 40 percent of all cargo shipped into the U.S. comes through these ports, so the dispute has potential knock on effects for many businesses.

A number of companies have already taken steps to mitigate the supply chain threat, according to reports. For example, Japanese car manufacturer Honda Motor Co, among others, has been using air freighters to transport some key parts from Asia to their U.S. factories – at significant extra expense.

On Sunday Honda also said it would have to slow production for a week at U.S.-based plants in Ohio, Indiana, and Ontario, Canada, as parts it ships from Asia have been held up by the dispute.

Toyota Motor Corp. has also reduced overtime at some U.S. manufacturing plants as a result of the dispute.

A brief published by Marsh last year noted that a West Coast port strike or shutdown could have broad consequences for global trade, business and economic conditions.

Organizations with effective risk management and insurance strategies in place will be best prepared to manage and respond to situations that hamper their flow of goods and finances, Marsh noted.

In 2002, a similar labor dispute ultimately led to the shutdown of ports along the West coast costing the U.S. economy around $1 billion each day, and creating a backlog that took six months to clear.

Many businesses purchase marine cargo insurance to protect against physical loss or damage to cargo during transit. This type of insurance generally will not respond in the event that a strike or other disruption at a port delays the arrival of insured cargo, unless there is actual physical damage to the cargo, according to Marsh.

However, some policyholders may have obtained endorsements to their insurance policies, or purchased additional coverage to protect themselves from the effects of port disruption.

Trade disruption insurance (TDI), supply chain insurance, and specialty business interruption insurance may also provide coverage for the financial consequences of a port disruption, Marsh wrote.

A study by FM Global of more than 600 financial executives found that supply chain risk, more than any other, was regarded as having the greatest potential to disrupt their top revenue driver. FM Global’s Resilience Index can help executives evaluate and manage supply chain risk.

As the blizzard of 2015 starts to hit hard across the Northeast, with several feet of snow, intense cold and high winds expected, utility companies are warning of widespread and potentially lengthy power outages across the region.

In New Jersey, utility companies say it’s the high winds, with gusts of up to 65 mph, rather than the accumulation of snow, that are likely to bring down trees or tree limbs and cause outages.

Consolidated Edison inc. which supplies electricity to over 3 million customers in New York City and Westchester county, told the WSJ that the light and fluffy snow expected in this blizzard should limit the number of power outages, but elevated power lines could come down if hit by trees.

In Connecticut, Governor Dannel P. Malloy said the state’s two major electric utilities are preparing for 120,000 outages statewide, the Hartford Courant reports. The governor has issued a travel ban for the entire state beginning 9pm Monday.

And in Massachusetts, where thousands of utility company workers have been mobilized, there are also concerns that high winds could delay repairs, with one utility spokesman telling the Boston Globe that this will likely be a multi-day restoration event.

In the event you lose power, you may be wondering about insurance coverage. Here are some points to keep in mind:

–If the power outage lasts for more than a day and you have perishable foods in your refrigerator or freezer, the good news is that food spoilage from the event may be covered under your standard homeowners insurance policy, up to a specified limit, usually anywhere from $500 to several thousand dollars. Typically, the policy deductible does apply to this coverage, however.

–A home would need to be severely damaged by an insured disaster for additional living expenses (ALE) coverage to apply under a standard homeowners policy. In other words, if there is no physical damage to your property but you can’t live at home because of the power outage, in general policies would not pay for you to live elsewhere.

–For businesses, basic property insurance does not cover loss due to power interruption or failure of power to the insured premises if the failure occurs away from the premises. So, if heavy snow topples a power line that is not on an insured’s premises, such as a grocery store, spoilage of food due to the outage would not be covered. If the power outage resulted in a disaster such as a fire at the insured premises, that would be covered.

The Insurance Information Institute (I.I.I.) reviews what winter storm damages are covered by your home and car insurance here. Check out more information on business insurance from the I.I.I. here.

While the Sony cyber attack has put the spotlight on sophisticated external attacks, a new report suggests that insiders with too much access to sensitive data are a growing risk as well.

According to the survey conducted by the Ponemon Institute, some 71 percent of employees report that they have access to data they should not see, and more than half say this access is frequent or very frequent.

In the words of Dr. Larry Ponemon, chairman and founder of The Ponemon Institute:

This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences.”

While the focus in recent weeks has been on the risk of external attacks, the Ponemon study finds that data breaches are most likely to be caused by insiders with too much access who are frequently unaware of the risks they present.

Some 50 percent of end users and 74 percent of IT practitioners believe that insider mistakes, negligence or malice are frequently or very frequently the cause of leakage of company data.

And only 47 percent of IT practitioners say employees in their organizations take appropriate steps to protect the company data they access.

In a workplace environment where employees are under pressure to deliver more, faster, cheaper, it’s easy to overlook security risks in the name of efficiency.

Only 22 percent of employees surveyed believe their organizations as a whole place a very high priority on the protection of company data, and less than half believe their companies strictly enforce security policies related to use of and access to company data.

The flip side is that businesses need to be reticent of going to the other extreme, limiting data that their employees or customers need.

Some 43 percent of end users say it takes weeks, months or longer to be granted access to data they request access to in order to do their jobs. And 68 percent say it is difficult or very difficult to share appropriate data or files with business partners such as customers or vendors.

Ponemon interviewed 1,166 IT practitioners and 1,110 end users in organizations ranging in size from dozens to tens of thousands of employees in a range of industries including financial services, public sector, health and pharma, retail, industrial and technology and software.

More on insider threats in this I.I.I. paper on cyber risks.

There’s an interesting moment in a report on the current state of cyber security leadership from International Business Machines Corp (IBM).

For those who haven’t seen it yet, the report identifies growing concerns over cyber security with almost 60 percent of Chief Information Security Officers (CISOs) saying the sophistication of attackers is outstripping the sophistication of their organization’s defenses.

But as security leaders and their organizations attempt to fight what many feel is a losing battle against hackers and other cyber criminals, there is growing awareness that greater collaboration is necessary.

As IBM puts it: “Protection through isolation is less and less realistic in today’s world.”

Consider this: some 62 percent of security leaders strongly agreed that the risk level to their organization was increasing due to the number of interactions and connections with customers, suppliers and partners.

Despite this widespread interconnectivity that drives modern business, security leaders themselves aren’t sufficiently collaborative, IBM says.

Just 42 percent of organizations that IBM interviewed are members of a formal industry-related security group. However, 86 percent think those groups will become more necessary in the next three to five years.

Instead of focusing on just their own organizations, security leaders need to take a “secure the ecosystem” approach, IBM concludes.

A sidebar highlights one company’s experience and approach to collaboration and how the key to being more secure is being more open.

For some practical strategies to address cyber risk in your business check out this I.I.I. presentation.

More news keeps tumbling in the wake of the recent cyber attack at Sony Pictures Entertainment—Sony’s second major hacker attack in three years—and it’s not good.

The fact that the breach has exposed employee information ranging from salaries to medical records to social security numbers to home addresses, not to mention five yet-to-be-released Sony movies, causing a major shutdown of the company’s computer systems, appears to break new ground.

First up, the Wall Street Journal says the attack revealed far more personal information than previously believed, including the social security numbers of more than 47,000 former employees along with Hollywood celebrities like Sylvester Stallone.

According to the WSJ:

An analysis of 33,000 Sony documents by data security firm Identity Finder LLC found personal data, including salaries and home addresses, posted online for people who stopped working at Sony Pictures as far back as 2000 and one who started in 1955.”

And:

Much of the data analyzed by Identity Finder was stored in Microsoft Excel files without password protection.”

Aren’t most businesses run in Excel?

A well-timed piece over at the New York Times Bits Blog makes the point that companies that continue to rely on prevention and detection technologies, such as firewalls and antivirus products, are considered sitting ducks for cyber attacks.

Bits Blog cites Richard A. Clarke, the first cybersecurity czar at the White House, who says:

It’s almost impossible to think of a company that hasn’t been hacked—the Pentagon’s secret network, the White House, JPMorgan—it is pretty obvious that prevention and detection technologies are broken.”

So what approaches are working?

According to the Bits Blog post, experts say the companies best prepared for online attacks are those that have identified their most valuable assets, like Boeing’s blueprints to the next generation of stealth bomber or Target’s customer data.

Those companies take additional steps to protect that data by isolating it from the rest of their networks and encrypting it.”

Breach detection plans and more secure authentication schemes, in addition to existing technologies, are the key to being better prepared.

Insurance too, is seen as a vital preparedness step.

Earlier this week, a top U.S. regulator said banks should consider cyber insurance to protect themselves from the growing financial impact in the wake of cyber attacks.

Let’s hope companies take heed.

As of December 2, the Identity Theft Resource Center (ITRC) reports that 2014 has seen 708 data breaches, exposing 85.1 million records (this list includes the Sony attack, listing the number of records exposed at 7,500).

Those figures are even higher than 2013, when the total number of data breaches and records exposed, soared.

More on the potential fallout and growing identity theft threat facing consumers here.

As holiday shopping gets underway, several major retailers are opening even earlier this year offering the prospect of deep discounts and large crowds to an ever growing number of shoppers.

The National Retail Federation (NRF) notes that 140 million holiday shoppers are likely to take advantage of Thanksgiving weekend deals in stores and online.

Millennials are most eager to shop, with the NRF survey showing 8 in 10 (79.6 percent) of 18-24 year olds will or may shop over the weekend, the highest of any age group.

Much has been written about the risks of online shopping, but for those who still head to the stores, there are dangers there too.

The Occupational Safety and Health Administration (OSHA) reminds us that crowd related injuries can occur during special sales and promotional events. In 2008, a worker at Wal-Mart died after being trampled in a Black Friday stampede.

According to the aptly named blackfridaydeathcount.com, since 2006 there have been seven Black Friday-related fatalities and 90 injuries. As well as stampeding crowds, injuries have occurred as a result of altercations over TVs, road rage over parking spaces, shootings and distracted driving.

For employers and store owners OSHA offers comprehensive tips on how to create a safe shopping experience.

Crowd management planning should begin in advance of events likely to draw large crowds, and crowd management, pre-event setup, and emergency situation management should be part of event planning, OSHA says.

Tips include: hiring additional staff; having trained security or crowd management personnel on site; determining the number of workers needed in different locations to ensure the safety of an event; and preparing an emergency plan that addresses potential dangers facing workers including overcrowding, crowd crushing, being struck by the crowd, violent acts and fire.

For shoppers too, a personal safety and security plan is a good idea. The National Crime Prevention Council (NCPC) advises not to buy more than you can carry and to plan ahead by taking a friend with you or asking a store employee to help you carry packages to the car. Travelers offers some important tips here.

To all our readers, have a happy and safe Thanksgiving!