There were 619 publicly disclosed data breaches in 2013—a 30 percent increase from 2012—according to the Identity Theft Resource Center.
Recent widely publicized breaches such as those that hit Target, Neiman Marcus and Michaels have business owners seriously considering adding cyber liability coverage to their insurance portfolios.
But if you’re purchasing cyber insurance for the first time or re-evaluating your existing insurance, you should understand what your policy covers—and what it doesn’t. Read on to find out more.
Do You Know What Your Cyber Policy Covers?
Simply having cyber insurance—without knowing the details of your policy—is probably not enough to help you survive this data breach-infested world. As new cyber threats emerge and the risks evolve, it hasn’t been easy for insurers to standardize coverage. Since no two policies are created equal, it’s best to know what your policy covers so you can plan for losses in the event of a breach.
Most cyber policies cover damages suffered from a loss of data. They also provide first-party coverage for loss and remediation costs and coverage for fines. But policies can be widely different in other damages they’ll cover, including loss of business income, intellectual property damage and more.
And remember: Cyber insurance should supplement (not replace!) the cyber security measures you should have in place to lessen the risk of a data breach. In fact, many insurance carriers require that you have certain security configurations and data backup procedures before they insure you.
For more information on cyber insurance or the terms of your existing policy, contact Thams Agency today.
Dig Deeper Into Your Accident Investigations
While attempting to access a control panel in your facility, one of your workers fell from a ladder and injured himself. After investigating the incident, you concluded that the worker needed more training on how to properly use a ladder, so you decided to implement company-wide ladder safety training to prevent future accidents.
Problem solved? Not necessarily. Was the root cause of the accident really a lack of ladder know-how, or was it a flaw in your company’s policies or culture? Should the worker have used another piece of equipment instead of a ladder, and should he have been accessing the panel in the first place?
ANZI Z10, a U.S. consensus standard for Occupational Health and Safety Management Systems, provides a “hierarchy of controls” with six solution categories to feasibly reduce risks in the workplace. They include:
• Substitution of less hazardous materials, processes, operations or equipment
• Engineering controls
• Administrative controls
• Personal protective equipment (PPE)
The typical response after an incident is to immediately focus on lower-order controls that can be easier to correct—like a lack of safety training or proper PPE—rather than addressing higher-order controls (the first three controls in the Z10 standard). Making changes to work systems, company culture and management influence takes time and effort. But the return on investment—less severe accidents and a boost in the in the overall safety of your workforce—is worth it.
For more resources on accident prevention, contact Thams Agency today.
DART Rate Key to Avoiding OSHA Visit
Even if your business is on OSHA’s “hit list” for 2014, you may be able to dodge an inspection based on your DART rates from the previous three years.
DART—Days Away, Restricted or Transferred—includes injuries resulting in days away from work, injuries resulting in restrictions from normal job duties or injuries resulting in both. OSHA uses the DART rate to determine which employers will be targeted for inspection in its yearly Site-Specific Targeting (SST) Inspection Program.
But during this year’s SST program, OSHA plans to skip inspections for those businesses that made it on the hit list but have had low DART rates in two of the three years between 2011 and 2013. There are exceptions to this, some of which include:
• Your business didn’t respond to the survey and send in the required OSHA data.
• Any of the Certified Safety & Health Official (CSHO)-calculated DART rates from 2011-2013 are at or above 3.6.
• Any two of the DART rates are below 3.6, but any two of the CSHO-calculated DAFWII case rates are at or above 2.2. (DAFWII stands for Days Away From Work due to Illness or Injury).
To protect the health and safety of workers nationwide, OSHA created the SST Inspection Program to proactively examine employers with the highest rates of occupational injuries and illnesses. Each year, employers must report their injuries and illnesses on the “OSHA Work-related Injury and Illness Data Collection Form.” Using data collected from the surveys, OSHA creates an annual “hit list” of employers targeted for a programmed inspection. The “hit list”—a primary list and a secondary list—consists of up to15,000 employers with the highest rates of injuries and illnesses.
There’s no guarantee that OSHA will bypass inspections based on prior years’ DART rates beyond this year, but always aim to keep your DART rate low. For more information on OSHA’s SST program, its 2014 hit list and its inspection plan for 2014, contact Thams Agency today.