Covered Establishments in All States Must Now Submit OSHA Electronic Reports

HIGHLIGHTS

·      The electronic reporting rule now applies to all affected establishments, including establishments in states with OSHA-approved plans.

·      It does not matter whether the state has ratified the electronic reporting requirements.

·      The OSHA ITA is currently available and accepting reports on OSHA 300A forms with 2017 data.

IMPORTANT DATES

December 31, 2017

Due date for first OSHA electronic reports through ITA (submit 2016 data)

July 1, 2018

Due date for second OSHA electronic reports through ITA (submit 2017 data)

OVERVIEW

On April 30, 2018, the Occupational Safety and Health Administration (OSHA) announced it will require all establishments affected by the electronic reporting rule to submit their 2017 data to OSHA by July 1, 2018.

This announcement clarifies the requirement for establishments in states with an OSHA-approved plan. These establishments must submit electronic reports, regardless of whether the state has ratified or incorporated the electronic reporting rule into its OSHA state plan.

ACTION STEPS

Establishments in all states, including those with an OSHA-approved state plan, should prepare to submit electronic reports by July 1, 2018. Affected establishments can accomplish this by:

  • Becoming familiar with the requirements in the electronic reporting rule; and
  • Transitioning their OSHA records to an electronic format approved by the Injury Tracking Application (ITA)

OSHA Electronic Reporting

OSHA’s electronic reporting rule was issued in 2016. The rule requires establishments to report data from their injury and illness records to OSHA electronically if they:

  • Are already required to create and maintain OSHA injury and illness records and have 250 or more employees;
  • Have between 20 and 249 employees and belong to a high-risk industry; or
  • Receive a specific request from OSHA to create, maintain and submit electronic records, even if they would otherwise be exempt from OSHA recordkeeping requirements.

The electronic reporting rule applies to establishments, not employers. An employer may have several worksites or establishments. In these situations, some establishments may be affected while others are not.

To determine whether an establishment is affected, employers must determine each establishment’s peak employment during the calendar year. During this determination, employers must count every individual that worked at that establishment, regardless of whether he or she worked full-time, part-time, or was a temporary or seasonal worker.

OSHA-approved State Plans

The final rule required OSHA-approved state plans to adopt the electronic rule or “substantially identical” requirements within six months of the final rule’s publication date.

This means that OSHA-approved state plans have the authority to adopt reporting requirements that go above and beyond what is required by the federal rule. For this reason, establishments located in OSHA-approved state plan jurisdictions should consult with their local OSHA offices to make sure they are satisfying all electronic reporting requirements.

The OSHA-approved state plans shown on this map have not yet adopted the requirement to submit injury and illness reports electronically.

As a result, establishments in these states were not required to submit their 2016 data through the reporting website in 2017. However, OSHA has now clarified that they must submit their 2017 data in 2018.

All Employers
California

Maryland

Minnesota

South Carolina

Utah

Washington

Wyoming

Public Employers
Illinois

Maine

New Jersey

New York


Risk Insights - Understanding Total Cost of Risk

Risk exists everywhere in business. One of the biggest mistakes that companies make is assuming that the cost of risk only involves their insurance premiums paid, retained losses and administrative costs. However, the total cost of risk encompasses much more than that.

While a risk management program can be an effective method for controlling risk, the resources used by the program may not be addressing all the risks faced by the business. One way to discover all of the risks facing your business—including the ones that might not be seen, considered or addressed in your risk management program—is to examine the total cost of risk (TCOR).

TCOR is the total cost of the items that businesses are responsible for, such as insurance premiums, retained losses in the form of deductibles and uninsured losses, indirect costs of claims and administrative costs, and other factors that can include the following:

  • Transaction costs
  • Loss of reputation
  • Loss of market share
  • Overtime
  • Additional training
  • Product loss
  • Production decrease
  • Claims reporting and investigation
  • Fines

Over time, an idea of an organization’s TCOR can provide a form of measurement for assessing how its risk-related costs are changing, relative to the overall growth rate of the business.

Why is Knowledge of TCOR Important?

If your business is only focusing on insurance premiums as your way of quantifying risk, you may be missing costs that you have more control over. For example, premiums may be the least controllable costs, as insurance rates are determined by outside forces such as weather-related events, the stock market, interest rates and the insurance marketplace.

Furthermore, the benefit of decreasing premiums is negated if an organization sees an increase in indirect costs of claims and administrative costs. True cost reduction is most impacted by lowering indirect costs, which can cost more than the actual claim itself. TCOR helps identify those costs.


Understanding your TCOR and your ranking helps identify areas where your organization can save money.


How Does TCOR Work?

TCOR is measured per $1,000 of revenue. By measuring TCOR against revenue, you can measure the progress that your safety and risk management programs make in reducing internal costs throughout the years.

Benefits of Knowing Your TCOR

When business owners accurately measure TCOR, they tend to possess the motivation to invest into a more effective risk management effort, which can provide a significant rate of return. Many business owners use TCOR to realize the following benefits:

  • Increased productivity, profitability and efficiency
  • Reduced costs across the entire business, not just reduced insurance premiums

A better idea of any inconsistencies in the organization’s risk management approach

Tips for Utilizing TCOR

Consider the following tips when evaluating TCOR for your organization:

  • Use a basic framework to break down costs into component categories such as insurance premiums, service provider costs, risk transfer costs and safety department expenses.
  • Identify existing costs for each risk category, expressed as a percentage of overall company revenues.
  • Establish targets for each category for future years.
  • Remember that it’s not just about premiums. TCOR also includes self-insured losses, internal administrative fees and outside vendor fees.
  • Work on one area of TCOR at a time. This helps expose weaknesses in other areas of your risk management program and helps identify problem areas that need attention.
  • Consider all components of TCOR proportionally, and examine how they’re operating in conjunction with each other. If losses are low and premiums are high, there may be a need to reduce annual premiums and retain more predictable losses.
  • Be patient. Don’t expect immediate cost savings. Be prepared to invest in risk management tools that can deliver financial benefits over time.

Contact Hierl Insurance Inc. for a TCOR evaluation and resources that can help you lower your TCOR and improve your bottom line.


Eliminate Electronic Distractions from the Workplace

It is a generally accepted fact that the use of cellphones and other electronic devices while driving present a distraction that greatly increases the chance for an accident. Unfortunately, what too many people fail to take into consideration is how distracting these devices can be in other situations.

In an industry of moving machinery and equipment, manufacturing workers are especially susceptible to workplace injury. They need to be alert at all times, as even the smallest slip-up can cause an accident. Not only can an inattentive worker injure themselves but their carelessness can also endanger others. In this type of work environment it is easy to see the importance of minimizing the potential distractions faced by your employees.

Cellphones

Whether it’s talking or texting, cellphone use takes the employees focus off their task. While handheld use compounds the problem, even using a hands-free device does not allow for full concentration. Studies indicate that the act of talking on the phone is distracting regardless of whether the user is physically holding the device or not. It is the conversation itself that takes an employee’s focus off their work and surroundings.

While some employees may need to use a work cellphone as part of their job, it is best to place restrictions on when and where those phones can be used. Personal cellphones should not be allowed on the manufacturing floor at all, as even the momentary distraction of a call or message alert can potentially lead to an accident. Employees should not have phones on their person during work hours unless they are on a break from their duties and are in a designated break area.

Attentive, focused employees are essential to creating a safe work environment. To reduce the chance for employee injury, it is important to keep the workplace free of distractions, such as cellphones and mp3 players.

Mp3 and Other Music Players

There are a variety of audio cues that alert workers to what is happening around them. Unfortunately, when an employee’s hearing is impaired by music, a shout from a coworker, an odd sound from a malfunctioning machine or the backup alarm on a truck or forklift can be easily missed. Besides limiting the worker’s ability to hear what is going on around them, there is also the potential distraction of operating the device. When adjusting volume or switching songs, not only is the employee’s hearing impaired, but they are also visually engaged with the device. This greatly decreases the worker’s awareness of his or her surroundings.

Potential Hearing Loss

In a manufacturing setting it is not uncommon for there to be high noise levels that require proper ear protection to prevent hearing loss. The use of cellphones, hands-free devices and headphones can interfere with an employee’s proper use of protective equipment. Even though such devices may cover the ear, most are not meant to provide hearing protection.

In fact, in noisy situations, devices that administer sound directly into the ear increase dangerous levels of noise exposure as employees turn up volume levels to drown out background noise. The combination of these noise exposures greatly increases the rate of hearing loss, which in turn increases the chance for occupational hearing loss claims.

Electronics Usage Policy

Attentive, focused employees are essential to creating a safe work environment, which is why it is important to eliminate possible distractions. Prohibiting employee use of personal electronic devices can aid in reducing workplace accidents. To clearly state your company’s rules on when and where usage is restricted, institute an electronics usage policy. Once instituted, train your employees in the policy requirements and make sure restrictions are diligently enforced.


Construction Risk Advisor: September 2018

Industry Overspending $177 Billion Per Year

The average time construction professionals in the U.S. spend on avoidable issues like conflict resolution, rework and looking for project data costs the industry over $177 billion annually, according to a new report.

The participants surveyed for the report said they spend 65 percent of their time on “optimal” activities like communicating with stakeholders and optimizing resources that keep projects on track. They spend the remaining 35 percent of their time on “nonoptimal” tasks like hunting down project information, resolving conflicts and dealing with mistakes that require rework. That amounts to almost two full working days lost per person each week.

Some of the reasons for the nonoptimal costs include poor communication, constrained access to data, incorrect data and the lack of an easy way to share data with stakeholders. Another possible reason is that more than 80 percent of the survey’s respondents said they don’t use mobile devices to collaborate and access project data, despite the fact that mobile devices could help them work more efficiently.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download the Newsletter

States Say Contractors Must Guarantee Wages

Maryland’s General Contractor Liability for Unpaid Wages Act becomes effective on Oct. 1, making private contractors for prime construction projects in the state financially responsible for unpaid wages of subcontractor employees. And unless the reason for nonpayment is related to a legitimate dispute, general contractors could be held responsible for up to three times the amount owed, plus attorney fees.

California and Oregon also enacted similar laws earlier this year. In California, general contractors are now liable for the unpaid wages of any employee who furnishes labor to or through them, plus unpaid benefits and interest.

Oregon’s wage protection law creates liability for the general contractor only if the worker’s subcontractor employer has not yet been paid in full.

Mitigating The Risk

In order to reduce the risk of general contractors having to pay their subcontractors’ employee wages, some industry experts are recommending that subcontractors provide their own payment bonds.

Opponents of the recent laws argue that it could be difficult for subcontractors on rocky financial ground to meet bond underwriting requirements. And since large projects could require several new bonds per job, overall project costs could increase significantly. Plus, if subcontractors don’t pay up, prime contractors will have to pay twice for the same labor.


Agriculture Risk Advisor: September/October 2018

3 Tips For Hiring Farm Labor

With some farmers struggling to find reliable farm labor, it is important to invest some thought in the hiring process. Here are some tips for finding the right help:

  1. Examine your needs. You might have a general idea in your head of what work needs to be done, but it’s best to be specific. Narrow down broad processes into specific jobs so you can determine how much help you truly need.
  2. Think about desired traits. Do you need someone to fill a temporary need, or are you hoping that person can go on to fill a managerial role? You’ll have to determine whether people skills are more important than manual labor or machinery skills, and list those traits in your job description.
  3. Consider hiring for a trial period. If you’re hesitant about a candidate but need immediate help, consider hiring them for a short-term trial period. This saves you from high employee turnover while buying you time to recognize your needs. It allows both you and the worker to communicate any frustrations and expectations after the trial period before considering whether the working relationship is worth investing in long term.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download the Newsletter

Rise Of Robotics In Farming

Producers are increasingly considering using farming robots to replace human workers who either can’t or aren’t interested in picking crops. Agriculture is a prime market for robotics since it is less regulated than other industries.

Robots Needed To Fill Unwanted Jobs

Farming’s labor crunch is a global problem, and industry experts expect things to get worse in the years to come. Produce growers are struggling to man the fields, and higher wages aren’t persuading people to perform the physically demanding tasks.

According to the Department of Labor, the 2017 median pay for an agricultural worker was $11.41 per hour. In California, farm wages can top $20 per hour. But this is still not enough to attract laborers at a sufficient level.

Advances In Farming Technology

Driscoll’s, one of America’s largest produce distributors, has been testing a robot made by Harvest CROO Robotics, a Florida-based startup. The robot is capable of covering 8 acres in a single day and replacing a team of more than 30 human pickers.

Another emerging farming technology is a “no-touch” vineyard developed by researchers at UC Davis, which waters vines and picks fruit while improving yields, quality and costs. It costs about 7 cents in labor per vine to manage the touchless vineyard, compared to $1 per vine in a conventional vineyard.

Although robotics isn’t expected to steal all of the farming labor jobs, experts believe it could still be a disruptive technology, requiring a change in the way traditional growers operate.


Cyber Risks & Liabilities: September/October 2018

In this Issue

Who’s to Blame if a Security Breach Affects Your Organization?

A recent survey found that 70 percent of consumers expect businesses to take responsibility in the event of a data breach. But who within your organization should take the heat?

Acronyms All Businesses Need to Know

As cyber security evolves, it’s easy to become overwhelmed with all the terms and acronyms used. This article lists some of the most common acronyms in cyber security.

Increase in Attacks Against 911 Call Centers Highlight Need for New System

There have been 184 cyber attacks on public safety agencies and local governments since 2016, and 42 of those attacks targeted 911 call centers

Who’s to Blame if a Security Breach Affects Your Organization?

If a security breach affects your organization, your main focus may be to solve the problem as quickly as you can, not point the finger in blame. But your customers want to know why it happened and who was responsible, even if the breach occurred because of their own lax security measures (e.g., sharing passwords or opening suspicious emails). In fact, a recent survey found that 70 percent of consumers expect businesses to take responsibility in the event of a data breach. But who within your organization should take the heat?

The CEO

If an organization doesn’t budget enough for security solutions, the fault will likely be placed on whoever makes the financial decisions, stemming from the CEO. In fact, 29 percent of IT decision-makers who took part in a recent VMware survey thought that the CEO should be held responsible in the event of a large-scale data breach.

The CISO

If a data breach occurs even after your company adequately budgets for cyber security solutions, 21 percent of IT security professionals surveyed would still hold your CISO accountable in the event of a data breach.

IT Personnel

According to a 2014 report, 95 percent of cyber security incidents are due to human error. That’s why personnel who manage IT security on a regular basis are easy targets for blame.

Other Employees

While accountability may start with the CEO and board of directors, everyone in your organization should take responsibility for cyber security. Even if you have the most modern cyber security technology, its return on investment will be nonexistent without full employee participation

Increase in Attacks Against 911 Call Centers Highlight Need for New System

There have been 184 cyber attacks on public safety agencies and local governments since 2016, and 42 of those attacks targeted 911 call centers, according to cyber security firm SecuLore Solutions.

Over half of the attacks involved ransomware, in which hackers used a virus to control the emergency systems and hold them hostage for payment. Most of the remaining attacks were denial-of-service attacks, which involved a flood of fake calls that prevented call centers from addressing valid emergency calls.

Due to the vulnerabilities in the current 911 system and the fact that it doesn’t address the ways people communicate in the modern world—such as through texts—the emergency response industry is encouraging state and local governments to adopt a system called Next Generation 911.

The Next Generation 911 system will have advanced security and be able to seamlessly move incoming calls to other centers when needed. The new system also gives callers the choice of calling from a phone line or sending data through approved telecommunications carriers and internet service providers.

Next Generation 911 is expensive, however, and governments have been slow to adopt it. Plus, its increased connectivity also opens new potential means of attack, according to industry experts. Sophisticated defense systems run by in-house cyber security teams will be vital as the emergency response industry adopts any new technology.

Acronyms All Businesses Need to Know

Newsletter Provided by: Hierl's Property & Casualty Experts

Download the Newsletter


Safety Focused Newsletter: September 2018

Staying Safe When Traveling for Work

Many jobs require employees to travel for work, sometimes even abroad. While this can be a fun experience, staying safe can be much more difficult if you are in an unfamiliar area. To keep yourself safe when traveling for work, remember the following tips:

  • Familiarize yourself with local customs and laws, as you are subject to them while traveling.
  • Avoid hailing taxis on the street when possible. Instead, have your hotel’s concierge service book a reliable driver or car service for you.

Research is essential when it comes to ensuring a successful business trip and maintaining your safety.

  • Keep hotel doors and windows locked at all times. When you arrive, and any time you leave and return to the room, make sure the locks are working.
  • Ensure that your room has a working peephole and use it to verify the identity of anyone visiting your room. If an unexpected visitor claims to be a hotel employee, call the front desk to confirm.
  • Take photos of important documents and information, like your passport and driver’s license, and leave copies at home.

Research is essential when it comes to ensuring a successful business trip. Planning ahead and remaining vigilant can make all the difference.

Ways to Communicate with Peers You Disagree With

In your professional career, you’re bound to have to work alongside people you don’t agree with. For some, this can be a source of stress, particularly if you have to go out of your way to keep the workplace relationship civil.

In these situations, it’s important to know how to interact professionally. Not only will this display a high level of maturity to your co-workers and managers, but it can also help you avoid making a bad situation worse.

To work with peers you disagree with, do the following:

  • Listen more than you speak. Diversity of opinions is important, and allowing yourself the time to process what another person wants can help you understand where they’re coming from.
  • Think before you respond. Choose your words carefully when responding to something you disagree with. Doing so ensures that you can justify your arguments in a sincere, respectful tone.
  • Try to find common ground and avoid dragging others into an argument.
  • Avoid personal insults. Discussions should be civil and focus on workplace issues.
  • Ask questions. Sometimes disagreements come from a lack of understanding. Asking questions in a friendly tone can be a good way to steer a conversation into a more positive direction.

Working with people you disagree with can be difficult, but it’s an important part of most jobs. If you are concerned that you and a peer will never get along, consider speaking to a supervisor.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download the Newsletter


Construction Risk Advisor - August 2018

SUCCESSFULLY DEPLOYING NEW TECHNOLOGY

Choosing new technology can be difficult for construction companies. It is easy to get caught up in the wow factor of technology and lose sight of what you’re hoping it will improve. Without a plan in place for deployment, you may be wasting your investment.

Before seeking out new technology, consider ways you can improve your processes. After improving your processes, you can identify gaps that new technology can address. No amount of technology will help if your processes are what need to be fixed.

There’s strength in numbers, so involve key employees early in the process. This is also a good time to identify potential leaders within your organization.

In fact, a recent McKinsey & Company study found that companies that invest in developing leaders during an organizational transformation are about two-and-a-half times more likely to be successful with their changes than firms that did not make the investment.

Those leaders can become champions for the technology who, in turn, empower the end user and help the technology do what it was intended to do.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download full newsletter

HOW TO ATTRACT MORE WOMEN TO CONSTRUCTION

Women only make up 9 percent of the construction workforce, according to the National Association of Women in Construction. That statistic highlights the fact that both parties are missing out on opportunities for a lucrative partnership within the industry.

Despite the lack of gender diversity, women have the potential to earn about 95.7 percent of what men make. Although it isn’t ideal, it beats the nationwide average of 81.1 percent across all industries.

Construction companies also benefit from hiring a gender-diverse workforce, as they’re 46 percent more likely to outperform the industry average, according to the Peterson Institute. But getting women interested in the industry can be a challenge. Here are steps you can take to attract and retain more women:

  • Create an inclusive work culture that values men and women equally.
  • Remove gender-biased words from job descriptions and involve female employees in the recruitment process.
  • Adopt benefits and work policies that promote a work-life balance and are family-friendly.
  • Create a diversity council with representatives from a mix of genders, positions and backgrounds.

Addressing the gender gap is an important step toward encouraging diverse talent to enter the construction industry. For more information on attracting and retaining a diverse workforce, contact Hierl Insurance Inc..


Safety Focused Newsletter - August 2018

Lower back injuries caused by improper lifting are some of the most common work-related injuries.

Safety Tips for Proper Lifting

Lifting is a common activity in the workplace—an activity that can be potentially dangerous if the proper techniques are not used. In fact, lower back injuries caused by improper lifting are some of the most common work-related injuries.

In order to protect yourself when lifting heavy items in the workplace, do the following:

  • Look over the load. Decide if you can handle it alone or if you need assistance. When in doubt, ask for help. Moving an object that is too heavy or bulky can cause severe injury.
  • Clear away any potential obstacles before carrying an object.
  • Use good foot positioning. Your feet should be shoulder-width apart.
  • Bend your knees. Bending over at the waist to reach for an object you want to lift puts strain on your back, shoulder and neck muscles.
  • Keep your arms and elbows as close to your body as you can while lifting.
  • Use your feet to change direction. Don’t twist your body.

Responding to a Workplace Accident

Accidents in the workplace can occur without warning, and it’s important to respond quickly to help those in need. In some cases, supervisors may not be around to provide the proper response guidance, and it’s up to employees to take action.

The following are some general tips to keep in mind if a co-worker is involved in a workplace accident:

  • Take control of the scene and try to restore order.
  • Call for emergency services if needed. Provide any immediate first aid, if you are qualified to do so.
  • Protect co-workers from potential secondary accidents. You can accomplish this by dismissing unnecessary personnel and denying access to the area.
  • Identify people at the scene. If they witnessed the incident, be sure to make a note of their names, as they can provide a report on what happened at a later date.
  • Notify upper management of the issue.
  • Do not put yourself in harm’s way.

Following an accident, follow up with your supervisor to ensure the appropriate paperwork is completed. Supervisors may require you to file an accident report or further detail what happened.

If you have any ideas of how the accident could have been avoided, share them with your supervisor or at a safety meeting. If your workplace does not have a first responder program in place, it may a good idea to suggest it to your employer.

Trained first-aid responders can provide immediate care to workers who become ill or injured on the job. The quick response and training of these individuals can make all the difference following an accident.

Common First-Aid Kit Supplies

  • Sterile Saline Solution
  • Antibiotic Ointment
  • Gauze and Wraps
  • Scissors
  • Tweezers
  • Disposable gloves
  • Asprin

Newsletter Provided by: Hierl's Property & Casualty Experts

Download full newsletter


Meeting cybersecurity risks head-on: A guide to breach preparedness

How would you manage a data breach? No company is immune to cyberattacks and data breaches. Read on to learn how you can prepare your business.


Gauging a company’s true data breach risk from the outside is a difficult endeavor for insurers, with challenges both technical and informational. But even less attention has been paid to how companies would manage a breach if it happened, which has an enormous impact on the toll of the final damage.

See also: Analyze Your Risks with Hierl's Cyber Security Advisors

No organization is immune to breach. If the National Security Agency can lose data, anyone can lose data, yet the scope of the current issue is still astounding.

According to another insurance company's 2017 cyber readiness report, 72% of large U.S. businesses — nearly three out of four — and 68% of small- and mid-sized businesses — about seven in ten — reported cyber incidents in the previous year. Among these, close to half (47%) experienced two or more cyber incidents during that same time.

The largest breaches, affecting big-name companies like Equifax, Target, Home Depot and many others, drew substantial headlines because of the huge number of identities involved. But almost every business holds some sensitive information, either regarding its customers or its own intellectual property, finances or employees. In fact, smaller organizations often lack the internal resources to dedicate towards preparedness, making them very attractive targets for hackers.

Assessing the threats to your business

The first challenge with measuring a company’s risk exposure relates to the industrywide problem of tying compliance and policy to actual security. A company may have checked all the right boxes on paper, but doing so guarantees little about their actual cyber risk position.

The second issue is that people often matter much more than technology.

The public conversation focuses on high-profile hacking events, but data breaches are even more likely to be the result of internal issues, including breakdowns in training, procedure or plain old mistakes.

The overwhelming majority of all cyber attacks are successfully executed with information stolen from employees who unwittingly give away their system ID and access credentials to hackers or provide a gateway via a malware link embedded in some form of communication.

One of the most important components of an effective data breach readiness program is mandatory and frequent training to remind employees about the importance of security awareness.

See also: Your Cyber Liability Policy & Handling Data Breaches Like A Pro

Education information security best practices can help arm a team against threats such as phishing, man-in-the-middle attacks, malware, and ransomware, substantially lowering the long-term risk.

An accurate understanding of a company’s sector-specific risks is another important point of departure in corporate cybersecurity. Healthcare employees, for instance, need to be especially on guard for EHR-related attacks and RDP server breaches, like the ones instigated by the SamSam virus (which took down Allscripts last month).

Other industries are more vulnerable to loopholes in common business apps; still, others are more frequently victims of point-of-sale malware or e-mail phishing scams. Once businesses understand where and how they are most likely to be targeted, they can begin providing training that takes into account the need for added vigilance in these specific areas.

The final challenge in correctly identifying breach risk involves understanding the extent to which recovery costs can vary. Discrepancies in cost depend not only on the severity of the breach, but also on how well the organization responds. Globally, the average cost to recover from a security breach is $158 per impacted individual, but that varies from of $60 to $400 per person.

While more companies than ever before are now either considering or have taken out some form of cyber insurance, this should not be considered an unloadable risk. Smart organizations are increasingly focusing on proactively identifying data breaches and preparing to efficiently react to them in advance of a data breach crisis.

Proper preparation means more education

The most devastating impacts of a data breach can only be avoided by coupling breach awareness and prevention efforts with readiness and response planning ahead of a cybersecurity incident.

Comprehensive breach readiness plans break down both pre-emptive and retrospective action steps by department: it’s sensible, for example, to task IT personnel with monitoring cloud connectivity and identifying network loopholes while entrusting financial staff with detecting suspicious activity along company bank and credit accounts.

Customer relations experts and account managers, on the other hand, are likely the best resources for overseeing client communications during and after a data breach, helping to re-establish trust and informing their consumer-facing workforce.

Here, inter-departmental communication is paramount: all workers should understand how and to whom they are to report possible breaches or scams, and when such breaches occur, the entire company should know what to expect employees in every department to do next.

Even for the most cyber-savvy corporations, however, internal resources alone are not enough these days. Outside resources are often critical to mitigating the threat of cyber attacks; Stop them once they start and restore company functions in a breach’s aftermath.

Establishing relationships and negotiating agreements with external subject matter experts is better done far in advance of an actual data breach. Contractual terms can be negotiated without the chaos and urgency of a crisis situation. The same is true for interfacing with law enforcement and regulatory agencies.

Knowing whom to contact and having an established communication chain can pay off when trying to execute an urgent data breach response.

See also: 5 Ways to Spot a Phishing Email

Both internally and externally, the human element of cybersecurity remains a business’s best defense across an ever-widening threat landscape. With the right planning and a rapid response team, companies should be able to withstand a breach with the least damage possible, limiting losses – and claims.

SOURCE: Thompson, J. (2 March 2018) "Meeting cybersecurity risks head-on: A guide to breach preparedness" (Web Blog Post). Retrieved from https://www.propertycasualty360.com/2018/03/02/meeting-cybersecurity-risks-head-on-a-guide-to-bre/