Manufacturing Risk Advisor - May/June 2018

Mixed Reaction to New Steel and Aluminum Tariffs

The Trump administration recently announced a 25 percent tariff on steel and 10 percent tariff on aluminum in order to discourage imports of these materials. The administration also stated that the tariffs are part of an effort to increase jobs and protect U.S. businesses from foreign competition.

While the tariffs were established to help U.S. businesses, manufacturing experts believe that they may increase the price of new products and that sales will likely decrease as these costs are passed onto consumers. Although the tariffs only apply to imported materials, many U.S. steel and aluminum producers have raised prices in order to account for increased demand.

The Commerce Department also announced an exclusions process for the tariffs. However, businesses must first prove that they’re unable to obtain the materials from domestic sources.

For more information on the manufacturing industry, call us at 920-921-5921 today.

How Blockchain Technology Can Improve Supply Chains

Manufacturers need to rely on a consistent supply chain in order to operate. However, a lack of transparency between vendors and the use of separate management systems often leads to confusion, delays and lost business.

To solve these problems, many businesses have turned to blockchain technology—a platform that works by recording a separate record, or “block,” every time a supply chain progresses. This record is then encrypted and used to verify all subsequent blocks, which prevents any alterations to records.

Here are some of the potential benefits of a blockchain recordkeeping system:

  • Flexible scalability—Blockchain systems can be used internally to track projects and other workflows. Multiple organizations can share the platform to organize large-scale operations.
  • Security—Records that use blockchain are encrypted, verified and shared between all users. As a result, blockchain is very secure against tampering and cyber attacks.
  • Transparency—Advanced sensors and other tracking technology can update blockchain records to give businesses an ongoing view of a supply chain without fear of human error or biased reporting.
  • Innovation—New services are beginning to automate complex systems like contractual obligations, employee security credentials and personal data protection using blockchain technology.
  • Detailed analytics—Businesses can track individual products to gather important information at any time, such as the origin of a dysfunctional product or a food item’s expiration date.


Trucking Risk Advisor - May 2018

ELD Enforcement Contributes to Rising Freight Rates

Electronic logging device (ELD) enforcement has contributed to rapidly growing freight rates, according to a report from transportation information firm DAT Solutions. The firm found that 3 percent of surveyed truckers planned to retire instead of comply with the ELD rule, which was a large factor in a 7 percent drop in year-over-year trucking capacity.

Although the ELD rule came into effect at the end of 2017, the Department of Transportation only began enforcement of the rule on April 1, 2018. ELDs automatically track a driver’s compliance with federal hours-of-service limits, and drivers who don’t use the devices must stop driving until one is installed.

While freight rates in April are generally lower following the end of the first quarter, DAT Solutions’ report found that rates have increased as motor carriers struggle to account for a shortage of skilled drivers.

Call us at 920-921-5921 for more information on trends in the trucking industry.

New Technology May Replace Mirrors With Camera-based Systems

Although sideview mirrors allow drivers to stay aware of surrounding traffic, the large devices offer limited viewing angles and create drag that lowers fuel economy. As a result, some technology companies are advocating for the use of camera-based systems to improve safety and lower operating costs.

Prototype camera systems feature multiple, internally wired cameras that provide drivers with multiple views of adjacent lanes, the blind spot in front of a truck’s hood and the ground on each side of the vehicle. The cameras themselves also include a number of safety features:

  • Redundant systems to reduce the chances of a malfunction
  • Low-light visibility options
  • Heated glass to prevent the buildup of ice and frost
  • Special coatings that resist rain and moisture

Camera systems can improve a heavy-duty truck’s fuel economy by approximately 2.5 percent and lead to over $1,300 in annual fuel savings. The systems can also lead to savings by reducing crashes, as traditional mirrors are limited by large blind spots, glares, night visibility and adverse weather.

The FMCSA is currently accepting public comments on an exemption for the MirrorEye camera system, which has been used in Europe since 2016. For more information, visit the FMCSA’s notice in the Federal Register.


Covered Establishments in All States Must Now Submit OSHA Electronic Reports

HIGHLIGHTS

·      The electronic reporting rule now applies to all affected establishments, including establishments in states with OSHA-approved plans.

·      It does not matter whether the state has ratified the electronic reporting requirements.

·      The OSHA ITA is currently available and accepting reports on OSHA 300A forms with 2017 data.

IMPORTANT DATES

December 31, 2017

Due date for first OSHA electronic reports through ITA (submit 2016 data)

July 1, 2018

Due date for second OSHA electronic reports through ITA (submit 2017 data)

OVERVIEW

On April 30, 2018, the Occupational Safety and Health Administration (OSHA) announced it will require all establishments affected by the electronic reporting rule to submit their 2017 data to OSHA by July 1, 2018.

This announcement clarifies the requirement for establishments in states with an OSHA-approved plan. These establishments must submit electronic reports, regardless of whether the state has ratified or incorporated the electronic reporting rule into its OSHA state plan.

ACTION STEPS

Establishments in all states, including those with an OSHA-approved state plan, should prepare to submit electronic reports by July 1, 2018. Affected establishments can accomplish this by:

  • Becoming familiar with the requirements in the electronic reporting rule; and
  • Transitioning their OSHA records to an electronic format approved by the Injury Tracking Application (ITA)

OSHA Electronic Reporting

OSHA’s electronic reporting rule was issued in 2016. The rule requires establishments to report data from their injury and illness records to OSHA electronically if they:

  • Are already required to create and maintain OSHA injury and illness records and have 250 or more employees;
  • Have between 20 and 249 employees and belong to a high-risk industry; or
  • Receive a specific request from OSHA to create, maintain and submit electronic records, even if they would otherwise be exempt from OSHA recordkeeping requirements.

The electronic reporting rule applies to establishments, not employers. An employer may have several worksites or establishments. In these situations, some establishments may be affected while others are not.

To determine whether an establishment is affected, employers must determine each establishment’s peak employment during the calendar year. During this determination, employers must count every individual that worked at that establishment, regardless of whether he or she worked full-time, part-time, or was a temporary or seasonal worker.

OSHA-approved State Plans

The final rule required OSHA-approved state plans to adopt the electronic rule or “substantially identical” requirements within six months of the final rule’s publication date.

This means that OSHA-approved state plans have the authority to adopt reporting requirements that go above and beyond what is required by the federal rule. For this reason, establishments located in OSHA-approved state plan jurisdictions should consult with their local OSHA offices to make sure they are satisfying all electronic reporting requirements.

The OSHA-approved state plans shown on this map have not yet adopted the requirement to submit injury and illness reports electronically.

As a result, establishments in these states were not required to submit their 2016 data through the reporting website in 2017. However, OSHA has now clarified that they must submit their 2017 data in 2018.

All Employers
California

Maryland

Minnesota

South Carolina

Utah

Washington

Wyoming

Public Employers
Illinois

Maine

New Jersey

New York


Risk Insights - Understanding Total Cost of Risk

Risk exists everywhere in business. One of the biggest mistakes that companies make is assuming that the cost of risk only involves their insurance premiums paid, retained losses and administrative costs. However, the total cost of risk encompasses much more than that.

While a risk management program can be an effective method for controlling risk, the resources used by the program may not be addressing all the risks faced by the business. One way to discover all of the risks facing your business—including the ones that might not be seen, considered or addressed in your risk management program—is to examine the total cost of risk (TCOR).

TCOR is the total cost of the items that businesses are responsible for, such as insurance premiums, retained losses in the form of deductibles and uninsured losses, indirect costs of claims and administrative costs, and other factors that can include the following:

  • Transaction costs
  • Loss of reputation
  • Loss of market share
  • Overtime
  • Additional training
  • Product loss
  • Production decrease
  • Claims reporting and investigation
  • Fines

Over time, an idea of an organization’s TCOR can provide a form of measurement for assessing how its risk-related costs are changing, relative to the overall growth rate of the business.

Why is Knowledge of TCOR Important?

If your business is only focusing on insurance premiums as your way of quantifying risk, you may be missing costs that you have more control over. For example, premiums may be the least controllable costs, as insurance rates are determined by outside forces such as weather-related events, the stock market, interest rates and the insurance marketplace.

Furthermore, the benefit of decreasing premiums is negated if an organization sees an increase in indirect costs of claims and administrative costs. True cost reduction is most impacted by lowering indirect costs, which can cost more than the actual claim itself. TCOR helps identify those costs.


Understanding your TCOR and your ranking helps identify areas where your organization can save money.


How Does TCOR Work?

TCOR is measured per $1,000 of revenue. By measuring TCOR against revenue, you can measure the progress that your safety and risk management programs make in reducing internal costs throughout the years.

Benefits of Knowing Your TCOR

When business owners accurately measure TCOR, they tend to possess the motivation to invest into a more effective risk management effort, which can provide a significant rate of return. Many business owners use TCOR to realize the following benefits:

  • Increased productivity, profitability and efficiency
  • Reduced costs across the entire business, not just reduced insurance premiums

A better idea of any inconsistencies in the organization’s risk management approach

Tips for Utilizing TCOR

Consider the following tips when evaluating TCOR for your organization:

  • Use a basic framework to break down costs into component categories such as insurance premiums, service provider costs, risk transfer costs and safety department expenses.
  • Identify existing costs for each risk category, expressed as a percentage of overall company revenues.
  • Establish targets for each category for future years.
  • Remember that it’s not just about premiums. TCOR also includes self-insured losses, internal administrative fees and outside vendor fees.
  • Work on one area of TCOR at a time. This helps expose weaknesses in other areas of your risk management program and helps identify problem areas that need attention.
  • Consider all components of TCOR proportionally, and examine how they’re operating in conjunction with each other. If losses are low and premiums are high, there may be a need to reduce annual premiums and retain more predictable losses.
  • Be patient. Don’t expect immediate cost savings. Be prepared to invest in risk management tools that can deliver financial benefits over time.

Contact Hierl Insurance Inc. for a TCOR evaluation and resources that can help you lower your TCOR and improve your bottom line.


The DOL Audit: Understanding the spectrum of risk

Avoiding Department of Labor (DOL) audits are the best way to survive them but audits can happen. Read on to learn more about the spectrum of risks.


Risk is discussed in many contexts in the retirement plan industry. It comes up as a sales tactic; as good counsel from trusted advisors preaching procedural prudence; or, often, in the form of intimidating industry vernacular like fiduciary liability, fidelity bond or the big, bad Department of Labor.

This DOL paranoia is an underlying motivation that drives the risk conversation with distributors and retirement plan sponsors. Naturally, the question of probability comes up: What is the likelihood the DOL will audit my plan? The answer is low, but it can happen.

When evaluating retirement plans in terms of risk, it’s best viewed as a spectrum. Generally, risk falls into three principal areas of concern.

Lawsuit risk: The likelihood of a fiduciary-based lawsuit for most plan sponsors is very low. However, if this does arise, it will be unpleasant and expensive, both financially and in terms of reputation.

Administrative breach: Upon inspection, most plans will have some kind of operational defect. Typically, these are either an administrative, fiduciary or a document-level defect. If left uncorrected, they are potentially disqualifying. The good news is the IRS has corrective methods in place for the most common errors. Generally, these are relatively inexpensive to correct but will cost clients a little time and money, and likely some aggravation.

DOL/IRS audit risk: It’s usually the administrative breach discussed above that leads to the DOL/IRS investigation or audit. These agencies are not interested in disqualifying plans; they are more interested in correcting them and protecting the participants from misdeeds (intentional or not).

When a DOL audit does happen, it tends to occur because someone invited investigation. This could be the result of a disgruntled former employee, a standard IRS audit that somehow spiraled into a full DOL investigation or a variety of other reasons. So, what can employers and their service providers do to avoid an audit?

The IRS and DOL don’t publish an official list of items that could lead to an investigation, but it’s a good idea to look at your plan’s most recent IRS Form 5500 filings to decrease the likelihood of an audit. This is publicly available information that can signal to government agencies that something might be wrong and they should take a closer look. Some of the more common red flags include:

  • Line items that are left blank when the instructions require an answer
  • Inconsistencies in the data disclosed on the Form 5500 schedules
  • A large drop in the number of participants from one year to the next
  • A large dollar amount in the “Other” asset line on the Schedule H
  • Having an insufficient level for the plan’s required Fidelity Bond
  • Consistently late deposits or deferrals and hard-to-value or non-marketable investments (including self-directed brokerage accounts or employer stock) could be counted as red flags as well.

Plan sponsors should make sure that 5500s are completed with the same care and attention to detail used when filling out IRS 1040, and ensure the plan is being governed properly and in compliance with ERISA. This can be a challenge even for the most well-intentioned plan sponsors, given the complexity of the task and the fact that most employers don’t have the expertise in-house.

Calling in a specialist

But you don’t need to navigate these waters on your own. Instead, you might consider the “Prudent Man” rule, which implies that when expertise is required yet absent, a prudent person outsources the needed expertise. There is a wealth of talented retirement plan specialists and advisors available to help guide you through the audit process or, better yet, steer clear of it altogether.

When considering whether to employ one of these specialists, you will need to evaluate their experience, expertise and training, as well as if they provide services to help the plan sponsor keep the DOL (and the IRS) out of their offices. Some commonly available services include:

  • 5500 reviews to help plan sponsors avoid potential audit triggers
  • Coaching services to help plan sponsors identify and eliminate some of those difficult-to-value assets like employer stock or self-directed brokerage accounts
  • Service provider evaluations to help plan sponsors identify those who will work as a plan fiduciary and put the appropriate guardrails in place on an automated basis

In conclusion, the best way to survive a potential DOL investigation or IRS audit is to avoid one altogether. Committing to best practices for running the plan may mean outsourcing a great deal of the work to specialist retirement plan providers and advisors. Plan sponsors would be wise to consider working with service providers who operate as plan fiduciaries themselves. In this way, you’re more likely to avoid problems and achieve better plan results, leading to better outcomes for everyone.

SOURCE: Grantz, J (7 June 2018) "The DOL Audit: Understanding the spectrum of risk" (Web Blog Post). Retrieved from https://www.benefitnews.com/opinion/dol-audit-understanding-the-spectrum-of-risk?feed=00000152-18a5-d58e-ad5a-99fd31fe0000


Construction Risk Advisor - August 2018

SUCCESSFULLY DEPLOYING NEW TECHNOLOGY

Choosing new technology can be difficult for construction companies. It is easy to get caught up in the wow factor of technology and lose sight of what you’re hoping it will improve. Without a plan in place for deployment, you may be wasting your investment.

Before seeking out new technology, consider ways you can improve your processes. After improving your processes, you can identify gaps that new technology can address. No amount of technology will help if your processes are what need to be fixed.

There’s strength in numbers, so involve key employees early in the process. This is also a good time to identify potential leaders within your organization.

In fact, a recent McKinsey & Company study found that companies that invest in developing leaders during an organizational transformation are about two-and-a-half times more likely to be successful with their changes than firms that did not make the investment.

Those leaders can become champions for the technology who, in turn, empower the end user and help the technology do what it was intended to do.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download full newsletter

HOW TO ATTRACT MORE WOMEN TO CONSTRUCTION

Women only make up 9 percent of the construction workforce, according to the National Association of Women in Construction. That statistic highlights the fact that both parties are missing out on opportunities for a lucrative partnership within the industry.

Despite the lack of gender diversity, women have the potential to earn about 95.7 percent of what men make. Although it isn’t ideal, it beats the nationwide average of 81.1 percent across all industries.

Construction companies also benefit from hiring a gender-diverse workforce, as they’re 46 percent more likely to outperform the industry average, according to the Peterson Institute. But getting women interested in the industry can be a challenge. Here are steps you can take to attract and retain more women:

  • Create an inclusive work culture that values men and women equally.
  • Remove gender-biased words from job descriptions and involve female employees in the recruitment process.
  • Adopt benefits and work policies that promote a work-life balance and are family-friendly.
  • Create a diversity council with representatives from a mix of genders, positions and backgrounds.

Addressing the gender gap is an important step toward encouraging diverse talent to enter the construction industry. For more information on attracting and retaining a diverse workforce, contact Hierl Insurance Inc..


Commercial Risk Advisor - April 2018

Insurance carriers, courts and regulatory agencies will begin to examine businesses closely to ensure that they take sexual harassment seriously and take steps to protect their employees and customers.

It’s always been important to protect your business and employees from sexual harassment, but recent high-profile cases show the importance of re-examining this topic at your business. Social movements such as the “Me Too” campaign have drawn attention to sexual harassment in the workplace, resulting in a growing number of misconduct allegations. These allegations can result in a wide variety of claims and lead to serious financial and reputational damage.

Insurance carriers, courts and regulatory agencies will begin to examine businesses closely to ensure that they take sexual harassment seriously and act to protect their employees and customers.

3 Questions to Ask When Addressing Sexual Harassment at Your Business:

How do you encourage employees to report inappropriate conduct?

The best way to address sexual harassment allegations is to respond quickly. Employees should be regularly reminded that there won’t be any retaliation for reporting inappropriate behavior. You should also ensure that there are multiple ways for employees to make anonymous reports to management.

Does your employee harassment training address your workplace’s unique traits?

A standard workplace policy is a good starting point for addressing sexual harassment, but you should also think about how your employees interact with co-workers and customers.

Do your insurance policies include exclusions for sexual harassment?

Many commercial general liability policies exclude claims for sexual harassment. Although employment practices liability insurance can provide you with coverage, you also need to ensure that policy periods offer coverage throughout the statute of limitations in your area.

1 in 8 drivers are uninsured and liable for damage and medical bills, according to a new study.

Even if you don't use commercial vehicles, employees who use their personal vehicles for any kind of business-related task can put you at risk:

25% of all vehicles in the United States are used for business in some way.
The average uninsured motorist claim is almost $20,000
Most personal auto policies don't provide coverage for uninsured or underinsured drivers without an endorsement.

Uninsured drivers cause about 1 out of every 8 accidents.

3 Defensive Driving Tips That Could Save Your Life

Many jobs require employees to drive a company vehicle. While most drivers are cautious and attentive, accidents can occur without warning—even if the operator has years of experience.

When accidents happen, it can be incredibly costly for employers. What’s more, just one accident can cost employees their job or lead to serious, debilitating injuries.

One way to stay safe while you’re on the road for a job is through defensive driving. Being a defensive driver means driving to prevent accidents in spite of the actions of others or the presence of adverse driving conditions.

To avoid accidents through the use of defensive driving, do the following:

  • Remain on the lookout for hazards. Think about what may happen as far ahead of you as possible, and never assume that road hazards will resolve themselves before you reach them.
  • Understand the defense. Review potentially hazardous situations in your mind after you see them. This will allow you to formulate a reaction that will prevent an accident.
  • Act quickly. Once you see a hazard and decide upon a defense, you must act immediately. The sooner you act, the more time you will have to avoid a potentially dangerous situation.

Defensive driving requires the knowledge and strict observance of all traffic rules and regulations applicable to the area you are driving in. It also means that you should be alert for illegal actions and driving errors made by others and be willing to make timely adjustments to your own driving to avoid an accident.

Keeping in mind the above tips will not only keep you safe on the job, but in your personal life as well.

Poor indoor air quality can cause chronic headaches, allergies, fatigue and irritation of the lungs, among other symptoms.

Download the Newsletter

A monthly safety newsletter from


CenterStage: Distracted Driving Awareness Month

Distraction is Deadly: April is Distracted Driving Awareness Month

In 2015 alone, 3,477 people have died and another 391,000 have been injured due to distracted driving.

Not only is distracted driving hazardous to your life, but it can negatively impact the drivers’ lives that surround you. Distracted Driving Awareness Month is an effort by the National Safety Council to help recognize and eliminate preventable deaths from distracted driving. In honor of Distracted Driving Awareness Month, this month’s CenterStage features Cathleen Christensen, Vice President of Property & Casualty at Hierl Insurance, who will provide safe driving practices and how companies can ensure their employees are using them.

What is Distracted Driving?

Distracted driving is a public health issue that affects us all. According to the National Safety Council, distracted driving is any activity that diverts attention from driving, including talking or texting, eating and drinking, talking to people in your vehicle, adjusting stereo, entertainment or navigation systems. You cannot drive safely unless your attention is fully focused on the road ahead of you, any activity that you partake in simultaneously provides a distraction and increases the risk of a crash.

Awareness for Awareness

Bringing awareness to distracted driving is essentially bringing awareness to awareness. There are three main types of distraction:

  1. Visual – taking your eyes off the road
  2. Cognitive – taking your mind off driving
  3. Manual – taking your hands off the wheel

These days, it’s so easy to be a distracted driver – from texting, to talking on the phone, or even using a navigation system. The biggest one, texting, is especially dangerous because it involves committing all three types of distraction. Some studies even say texting and driving is worse than driving under the influence. So, how can you keep your employees aware while driving?

“Several studies believe, as well as myself, that employers should prohibit any work policy or practice that requires or encourages
workers to text and drive.”

– Cathleen Christensen, VP of Property & Casualty at Hierl

But how can you really get your employees to commit to your ‘No Distracted Driving’ policy? It’s as easy as providing education and solutions. Sometimes, it’s especially effective to have your employees sign a contract stating if they need to use any form of a hand-held device, they must pull over to the side of the road. Remind your employees to drive with their devices off or on silent to keep the urge under control. Plus, several cellular devices have come out with ways to set phones to driving mode, leaving a custom voicemail to anyone who calls while an employee/employer is driving, letting the caller know they will call the caller back later.

Companies suffer from great financial loss yearly due to distracted driving. By putting these safe driving practices in place, you will save lives AND money. If you’d like to get more help on implementing a safe driving policy within your workplace, please contact Cathleen at 920.921.5921.


Financial shocks could disrupt tomorrow’s retirees

While today’s retirees, dependent as they are on Social Security and traditional pensions rather than 401(k)s, are better able to withstand financial shocks, tomorrow’s retirees won’t have it so easy.

They will be more in danger of being forced to downsize or spend down their assets to meet unexpected expenses such as a spike in medical bills or a loss of income through being widowed.

So says a brief from the Center for Retirement Research at Boston College, which investigated the financial fragility of the elderly to see how well they might be able to deal with financial shocks.

The reason the elderly are seen as financially fragile, the brief says, stems from the fact that, “once retired, they have little ability to increase their income compared to working households.”

And with future retirees becoming ever more dependent on their own retirement savings, and receiving less of their retirement income from Social Security and defined benefit plans, those financial shocks will get harder and harder to deal with.

To see how that will play out, the study looked at the share of expenditures a typical elderly household devotes to basic needs. Next, it looked at how well today’s elderly can absorb those aforementioned major financial shocks. And finally, it examined the increased dependence of tomorrow’s elderly on financial assets, whether those assets are sufficient, and how well those assets do at absorbing shocks.

Nearly 80 percent of the spending of a typical elderly household, the report finds, is used to secure five “basic” needs: housing, health care, food, clothing, and transportation. In lower-income households or the homes of single individuals and in households that rent or have a mortgage, those basic needs make up even more of a household’s spending.

And while there are areas in which a household can cut back—such as entertainment, gifts or perhaps cable TV—as well as potential cutbacks on basic needs, typical retirees can’t cut by more than 20 percent “without experiencing hardship.” And among those lower-income and single households, as well as those with rent or mortgages to pay, the margin is even slimmer.

The need for medical care is so important to those who need it, says the report, that the question becomes whether medical expenditures crowd out spending on other basic items.

And while a widow is estimated by federal poverty thresholds to need 79 percent of the couple’s income to maintain her standard of living, other studies indicate that widows get substantially less than that from Social Security and a pension—estimates, depending on the study, range from 62 percent to 55 percent. And that likely does not leave a widow enough to meet basic expenses.

Among current retirees, only 10 percent report having to cut back on necessary food or medications because of lack of money over the past 2 years.

However, retirees tomorrow, if they have failed to save enough to see them through retirement, are likely to experience income declines of from 6 to 21 percent for GenXers—and that’s assuming that GenXers “annuitize most of their savings at an actuarially fair rate…” despite the fact that very few actually annuitize, and cannot get actuarially fair rates even if they do.

And since the brief also finds that the greater dependency of tomorrow’s retirees on whatever they’ve managed to save in 401(k)s means that they’re exposed to new sources of risk—“that households accumulate too little and draw out too little to cushion shocks and that their finances are increasingly exposed to market downturns”—that means that future retirees will be subjected to a reduced cushion between income and fixed expenses.

To compensate, they will need to downsize and cut their fixed expenses. Neither one bodes well for a comfortable retirement.

Read the article.

Source:
Satter M. (1 March 2018). "Financial shocks could disrupt tomorrow’s retirees" [Web Blog Post]. Retrieved from address https://www.benefitspro.com/2018/03/01/financial-shocks-could-disrupt-tomorrows-retirees/


Cyber Risks & Liabilities - January/February 2018

Troubling Lack of Cyber Concern by CFOs

Gone are the days when chief financial officers (CFOs) solely had to focus on managing their organization’s financial risks. These days, CFOs need to think about the costs of cyber security as well as the costs associated with not having enough of it. When their security tools are inadequate or threats go unnoticed, there is an increased risk of incidents that can costs thousands or millions of dollars in repairs, lost business and reputation. CFOs need to apply new strategies when it comes to tackling cyber risks.

Work With the Chief Information Security Officer

According to recent data, 39 percent of IT workers don’t believe their senior management understands the impact that a security breach could have on their company’s reputation. CFOs should become active members of their security teams, instead of passive observers, in an effort to protect their revenue with a more focused and effective cyber security plan. The most effective partnerships involve weekly cyber exposure reviews with management and IT.

Invest in IT

A recent report found that firms that invest more in IT security experience an average of 6.8 fewer breaches and save more than $5 million. With the growing number of available devices that employees can use to stay connected and do their jobs, new approaches are needed to deal with increased cyber exposure that may have been more easily contained in the past.

Be Accountable

CFOs need to realize how cyber risk affects financial risk. According to a recent study by Ponemon Institute, data breaches result in an average stock price decline of 5 percent and an average revenue decline of $3.4 million. CFOs cannot manage risks of that magnitude by themselves. It is in the best interest of the entire company if its CFO partners with others in the organization who have a vested interest in managing cyber risk.

The Biggest Cyber Security Disasters of 2017

Like 2016 before it, 2017 was not without its share of cyber security incidents—incidents that impacted companies of all sizes and affected multiple industries. The following are some of the biggest cyber security disasters of 2017:

  • WannaCry—Using a tool that was allegedly stolen from the U.S. National Security Agency, cyber criminals exploited a flaw in Microsoft’s Windows system in order to spread malware dubbed WannaCry. The attack, which took place May 12, 2017, has impacted over 200,000 users in at least 150 countries.
  • Equifax—In September of 2017, Equifax, one of the largest credit reporting agencies in the United States, was the victim of a massive cyber attack. This attack compromised the personal information of over 143 million people.
  • Yahoo—In late 2016, Yahoo reported more than 1 billion user accounts were impacted by a 2013 breach. Later in 2017, it was revealed that over 3 billion Yahoo accounts were compromised.
  • Verizon—In July of 2017, it was reported that 14 million Verizon subscribers may have been affected by a data breach. The majority of those impacted by the breach were individuals who had previously contacted Verizon customer service.
  • Gmail—In May of 2017, it was revealed that Gmail users were targeted in a sophisticated phishing scam. The scam sought to gain access to accounts through a third-party app. Over 1 million users have been impacted.

Trump Administration Releases Rules on Disclosing Cyber Flaws

The Trump administration publicly released its rules on whitehouse.gov for deciding whether to disclose cyber security flaws or keep them secret. In doing so, the administration hopes to bring more transparency to its cyber processes.

The U.S. government initially created the Vulnerabilities Equities Process (VEP) under former President Barack Obama, to determine what to do with discovered flaws. The process was designed to balance law enforcement’s and U.S. intelligence officers’ desires to hack into devices with the intention to warn manufacturers of the need to patch holes in their security. However, the government has attracted criticism for jeopardizing internet security by stockpiling detected cyber vulnerabilities in order to preserve its ability to launch its own attacks on computer systems.

The new Trump administration charter explains how the VEP functions and names the agencies involved in the vulnerability reviews, including intelligence agencies as well as several civilian departments that include the Departments of Commerce, Treasury, Energy and State.

The National Security Agency is the executive secretariat of the interagency group. Its job is to coordinate debates over flaws that the various agencies submit in case there is a disagreement about whether to disclose them. If the disagreements cannot be reconciled, the group will vote on whether to disclose or retain the flaws.

The new rules also require the creation of an annual report to provide metrics on the amount of flaws discovered, retained and disclosed. Portions of the report are to be made public. Decisions to retain vulnerabilities are to be reconsidered every year.

According to White House security coordinator Rob Joyce, the revised rules are intended to shed light on the process for how various federal agencies weigh the costs of keeping a flaw secret. Joyce said the rules are the most sophisticated in the world and that they set the United States apart from most other nations.

More than 90 percent of flaws are ultimately disclosed, according to Joyce, although critics argue that they’re not shared quickly enough.