James W. Gow, Jr. CPCU, AUSenior Vice President, Property & Casualty Practice

Top 3 Hot Risks of 2017

UNTAMED WORKERS’ COMPENSATION

Lost-time claims represent

only 25% of total claim volume, but generate

95% of total workers’ compensation benefit costs.

corpsyn.com #Exp360

• Covers medical & rehabilitation costs and lost wages for employees injured at work

• Required by law in all states

• Coverage purchased through private insurers in most states

• Exceptions are known as monopolistic states (North Dakota, Ohio, Puerto Rico, the U.S. Virgin Islands, Washington, West Virginia, or Wyoming)

• States set rates; many ways to control your costs

WORKERS’ COMPENSATION PROTECT YOUR EMPLOYEES & BOTTOM LINE

corpsyn.com #Exp360

COST OF AN INJURY

Decreased Productivity• Absent/impaired employee

• Training

• Employee turnover

• Morale

Cost to Society• Effect of injury on employee’s

life away from work

DIRECT COSTS INDIRECT COSTS

Workers’ Comp Premium• Medical costs

• Lost time costs

corpsyn.com #Exp360

EXPERIENCE MODIFICATION FACTOR

• Workers’ Compensation is a data rich line of insurance

• “Mod” contemplates last 3 full years of loss data

• Frequency is also a consideration

EXPERIENCE MODIFICATION FACTOR

SIMPLIFIED

• Expected loss rate X payroll = expected loss

• Actual loss compared against expected loss =Experience Modifier

corpsyn.com #Exp360

INVESTMENT APPROACH

Strategic Hiring

AccidentPrevention

Post-claimActivities

80 to 90% of all of people injured on the job

prefer returning to work rather than collecting disability.

corpsyn.com #Exp360

PROTECTING YOUR BUSINESS

• Employer benefits

• Employee benefits

• Reduce attorney involvement

• Encourage speedy recovery

• Reduce WC cost

Why create a return-to-work program?

• A return-to-work (RTW) program helps injured workers return to gainful employment.

• Provide employees with modified jobs with consideration for:

• Physical restrictions

• Skills

• Capabilities

corpsyn.com #Exp360

KEY TAKEAWAYSWorkers’ Compensation costs make up a significant

percentage of most companies insurance

OUTLAY• You have the ability to help control those costs through

an effective risk management plan.• This plan should consist of a strong pre-hire evaluation

process, effective management of operational exposures, and a defined post-loss strategy designed to mitigate the impact.

corpsyn.com #Exp360

BUDDING MARIJUANA ISSUES

Majority of Americans —

93%— believe that medical marijuana with a physician’s

Rx should be legal.- Quinnipiac University Poll | February 23, 2017

corpsyn.com #Exp360

The Times They Are A-Changin’-Bob Dylan

Current as of January 30, 2017

#Exp360

corpsyn.com #Exp360

PROTECTING YOUR BUSINESS

• Marijuana has a high potential for abuse. Based on the HHS’ evaluation and additional data gathered by DEA

• Marijuana has no currently accepted medical use in treatment in the U.S. Using an established five-part test, it was determined that marijuana has no “currently accepted medical use.”

• Marijuana lacks accepted safety for use under medical supervision. At present, there are no U.S. FDA-approved marijuana products, nor is marijuana under a New Drug Application evaluation at the FDA for any indication.

On 7/19/2016, the DEA denied 2 petitions to reschedule marijuana concluding that it continues to meet the criteria for control under Schedule I because:

corpsyn.com #Exp360

• President Trump has expressed varying views regarding medical and recreational marijuana over the years.

• Attorney General nominee Sen. Jeff Sessions, a former federal prosecutor, has expressed opposition to medical and recreational marijuana.

• Tom Price, a physician and nominee for Health and Human Services Secretary, has also been a vocal opponent of legalization.

The new administration may change the broad leeway that states have been given to regulate marijuana usage & sales.

PROTECTING YOUR BUSINESS

corpsyn.com #Exp360

• First concern is conflict between state and federal laws. 26 states + D.C. + Guam allow for comprehensive public medical marijuana programs.

• Federal position: Marijuana is illegal as a Schedule 1 Drug according to Controlled Substances Act and U.S. Department of Justice.

• A recent state appeals court ruling (Coats v. Dish Network) stated that Coloradans can be fired for using medical marijuana off the clock, even if they aren’t found to be impaired on the job.

PROTECTING YOUR BUSINESS

corpsyn.com #Exp360

• Colorado’s WC statute imposes a penalty of 50% loss of non-medical benefits if an employee is injured as a consequence of being impaired by marijuana or another controlled substance.

• Most WC acts favor evidence based medicine to determine the best course of treatment. Due to it being considered as illegal by the Federal government, there is a significant lack of evidence based research.

• Other issues: How to prove an employee was impaired at time of accident? Was THC in their system for one day or 30?

PROTECTING YOUR BUSINESS

corpsyn.com #Exp360

CONFLICT BETWEEN STATE & FEDERAL REGULATIONS

• California legalized medical marijuana in 1996.

• There was a state domino effect

• Cannabis is a Schedule I Drug under Federal Law

• Previous administration seemed content to let states police themselves. Current administration is sending different signals.

corpsyn.com #Exp360

• NM was the first state to require insurers to pay for medical marijuana.

• Recent rulings in NJ and ME followed suit.

• CO is still figuring out how to work with legal marijuana status.

• CA, NM, and CO are examples of the different laws and policies in place.

• CO’s WC statute imposes a penalty of 50% loss of non-medical benefits.

CONFLICT BETWEEN STATE & FEDERAL REGULATIONS

corpsyn.com #Exp360

WHAT PROBLEMS CAN OCCUR?

Evidence-based Medicine

Other Issues Zero-tolerance WorkplaceDifficulty proving

impairment in a timeframe

corpsyn.com #Exp360

YOUR ROLE AS AN EMPLOYER

Make certain your employee handbook clearly and concisely states your position.

Employers are lobbying to clarify medical

marijuana laws for the workplace.

States have been very sympathetic to

employers enforcing their own policies.

corpsyn.com #Exp360

KEY TAKEAWAYS

These are dynamic and rapidly evolving issues.

• Employers need to be clear and consistent in how they administer their respective guidelines.

• To date, no state laws exist that impinge upon an employers right to maintain a drug-free workplace.

CYBER ATTACKS & SOCIAL ENGINEERING

corpsyn.com #Exp360

As much as 70% of cyberattacks use a combination of phishing and hacking techniques and involve a secondary victim.

Instant Message

AbuseFraud

Breach of

Access

Trojans and

Viruses

Password Sniffing

System Infiltration

Extortion

WebsiteDefacement

IdentityTheft

Phishing

Spam

Spoofing

Spyware

Cyber Attack: An exposure to injury, damage, or loss arising from a cyber attack; attack to a network, computer, program, mobile device or data.

Ransomware

Social Engineering

corpsyn.com #Exp360

WHAT IS SOCIAL ENGINEERING?

The art of manipulating people to give up confidential information.

corpsyn.com #Exp360

WHAT IS SOCIAL ENGINEERING?

Criminals use social engineering tactics as it’s usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.

Businesses of all sizes are affected.

34% 31% 30%large medium small

corpsyn.com #Exp360

1. Email Social Engineering/Spear Phishing

2. Virus/Infection Via Web Download

3. USB Malware

4. Scanning Networks for Vulnerabilities/Exploitation

5. Weak Passwords Source: CNBC | 10 Ways Companies Get Hacked

11 WAYS COMPANIES GET HACKED

6. WiFi Vulnerabilities

7. Credential Stolen from 3rd Party Site

8. Compromised Web-Based Databases

9. Password Reset Exploits

10. Insiders/Unintended Mistakes

11. Cyber Espionage

corpsyn.com #Exp360

WHO GETS HURT?

FIRST PARTY (YOU)

• Breach Notification Expenses

• Forensics

• Business Interruption, Impairment of Computer Services

• Crisis Management

• Stolen Funds/Extorted Funds

THIRD PARTY (SOMEONE ELSE)

• Privacy/Personal Injury Claims

• Contractually-assumed Privacy Remediation Expenses

• Financial Injury Claims

• Intellectual Property Infringement

• Physical Injury or Damage

corpsyn.com #Exp360

• Hacking Blamed For Late Night Emergency Sirens In Dallas(NPR, 4/8/17)

• Three US Hospitals Hit in String of Ransomware Attacks (NBCNews, 3/23/16)

• The Ashley Madison hack story gets worse and worse (Computerworld, 8/25/15)

• T-Mobile, Experian Sued Over Data Hack Affecting 15 million (Bloomberg, 10/7/15)

• Attackers Alter Water Treatment System in Utility Hack (SecurityWeek, 3/22/16)

• One of the Largest Hacks Yet Exposes Data on Hundreds of Thousands of Kids (Vtech) (Motherboard, 11/27/15)

• DNC Hacker Dumps Trove of Clinton Documents (MotherJones, 6/21/16)

CYBER ATTACKS IN THE NEWS

corpsyn.com #Exp360

RISE OF THE INTERNET OF THINGS

(IoT) is the inter-networking of physical devices, vehicles (also referred to as "connected

devices" and "smart devices"), buildings & other items, embedded with electronics, software, sensors, actuators & network connectivity that enable these objects to collect and exchange data.

corpsyn.com #Exp360

THE INTERNET OF THINGS (IOT)

Source: Maxis

corpsyn.com #Exp360

NOT ALL CYBER ATTACKS ARE CREATED EQUALLY

Attackers fall into 3 general categories based on their motives:

1. CYBER SPIESSteal sensitive information in order to give someone a competitive advantage

2. CYBERCRIMINALSSeek financial gain

3. CYBER ACTIVISTSDisrupt and embarrass their targets for personal amusement, political views or religious convictions

corpsyn.com #Exp360

SMALL BUSINESSES —

…Not any less vulnerable to a data breach or cyber event; actually more vulnerable!

…Suffer disproportionate share of loss exposures (such as viruses & malware) because most do not have sophisticated IT departments.

According to Verizon Data Breach Report, about half of the reported data breach incidents occurred at companies with fewer than 1,000 employees.

Of the small businesses that

experience a cyber attack, 60% cease operations within 6 months!

corpsyn.com #Exp360

NETWORK SECURITY BASICS | WHAT CAN I DO?

Most organizations are implementing basic IT risk management solutions & best practices:

Encryption Firewalls Strict Security Policies

Network Locks

Multiple Passwords

Backups

• Update antivirus• Only use secured WiFi• Be careful with links

• Keep financial info limited• Check credit card & bank statements frequently• Be mindful of what you post on social media

corpsyn.com #Exp360

CYBER RISK

COVERAGES

Privacy & Network

Liability

Business Interruption

Network Extortion

Crisis Management

Notification and

Monitoring Costs

Extra Expense

Legal Fines & Penalties

Internet Media

Liability

corpsyn.com #Exp360

KEY TAKEAWAYS

• Hackers are persistent, increasingly sophisticated & very tenacious. They know our vulnerabilities better than we do.

• Cyber Liability insurance is one aspect of a sound risk management process. Make certain to understand what is, and is not, covered.

• YOU are always the best line of defense. A combination of strong process controls, protective software & common sense are your best course.

corpsyn.com #Exp360

THANK YOU

James W. Gow, Jr., CPCU, AUSenior Vice President, P&C Practice Leader

james.gow@corpsyn.com

856.813.1543