Cyber Liability - 9 Cyber Risk Questions Every Board Should Ask

When a data breach or other cyber event occurs, the damages can be significant, often resulting in lawsuits, fines and serious financial losses. What’s more, cyber exposures impact businesses of all kinds, regardless of their size, area of focus, or status as a private or public entity.

In order for organizations to truly protect themselves from cyber risks, corporate boards must play an active role. Not only does involvement from leadership improve cyber security, it can also reduce liability for board members.

To help oversee their organization’s cyber risk management, boards should ask the following questions:

 

Does the organization utilize technology to prevent data breaches?

Every company must have robust cyber security tools and anti-virus systems in place. These systems act as a first line of defense for detecting and preventing potentially debilitating breaches.

While it may sound obvious, many organizations fail to take cyber threats seriously and implement even the simplest protections. Boards can help highlight the importance of cyber security, ensuring that basic, preventive measures are in place.

These preventive measures must be reviewed on a regular basis, as cyber threats can evolve quickly. Boards should ensure that the management team reviews company technology at least annually, ensuring that cyber security tools are up to date and effective.

 

Has the board or the company’s management team identified a senior member to be responsible for organizational cyber security preparedness?

Organizations that fail to create cyber-specific leadership roles could end up paying more for a data breach than organizations that do. This is because, in the event of a cyber incident, a fast response and clear guidance is needed to contain a breach and limit damages.

When establishing a chief information security officer or similar cyber leadership role, boards need to be involved in the process. Cyber leaders should have a good mix of technical and business experience. This individual should also be able to explain cyber risks and mitigation tactics at a high level so they are easy to understand for those who are not well-versed in technical terminology.

It should be noted that hiring a chief information security officer or creating a new cyber leadership role is not practical for every organization. In these instances, organizations should identify a qualified, in-house team member and roll cyber security responsibilities into their current job requirements. At a minimum, boards need to ensure that their company has a go-to resource for managing cyber security.

 

Does the organization have a comprehensive cyber security program? Does it include specific policies and procedures?

It is essential for companies to create comprehensive data privacy and cyber security programs. These programs help organizations build a framework for detecting threats, remain informed on emerging risks and establish a cyber response plan.

Corporate boards should ensure that cyber security programs align with industry standards. These programs should be audited on a regular basis to ensure effectiveness and internal compliance.

 

Does the organization have a breach response plan in place?

Even the most secure organizations can be impacted by a data breach. What’s more, it can often take days or even months for a company to notice its data has been compromised.

While cyber security programs help secure an organization’s digital assets, breach response plans provide clear steps for companies to follow when a cyber event occurs. Breach response plans allow organizations to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damage.

Board members should ensure that crisis management and breach response plans are documented. Specific actions noted in breach response plans should also be rehearsed through simulations and team interactions to evaluate effectiveness.

In addition, response plans should clearly identify key individuals and their responsibilities. This ensures that there is no confusion in the event of a breach and your organization’s response plan runs as smoothly as possible.

 

Has the organization discussed and formalized a cyber risk budget? How engaged is the board in terms of providing guidance related to cyber exposures?

Both overpaying and underpaying for cyber security services can negatively affect an organization. Creating a budget based on informed decisions and research helps companies invest in the right tools.

Boards can help oversee investments and ensure that they are directed toward baseline security controls that address common threats. Boards, with guidance from the chief security officer or a similar cyber leader, should also prioritize funding. That way, an organization’s most vulnerable and important assets are protected.

 

Has the management team provided adequate employee training to ensure sensitive data is handled correctly?

While employees can be a company’s greatest asset, they also represent one of their biggest cyber liabilities. This is because hackers commonly exploit employees through spear phishing and similar scams. When this happens, employees can unknowingly give criminals access to their employer’s entire system.

In order to ensure data security, organizations must provide thorough employee training. Boards can help oversee this process and instruct management to make training programs meaningful and based on more than just written policies.

In addition, boards should see to it that education programs are properly designed and foster a culture of cyber security awareness.

 

Has management taken the appropriate steps to reduce cyber risks when working with third parties?

Working alongside third-party vendors is common for many businesses. However, whenever an organization entrusts its data to an outside source, there’s a chance that it could be compromised.

Boards can help ensure that vendors and other partners are aware of their organization’s cyber security expectations. Boards should work with the company’s management team to draw up a standard third-party agreement that identifies how the vendor will protect sensitive data, whether or not the vendor will subcontract any services and how it intends to inform the organization if data is compromised.

 

Does the organization have a system in place for staying current on cyber trends, news, and federal, state, industry and international data security regulations?

Cyber-related legislation can change with little warning, often having a sprawling impact on the way organizations do business. If organizations do not keep up with federal, state, industry and international data security regulations, they could face serious fines or other penalties.

Boards should ensure that the chief information security officer or similar leader is aware of his or her role in upholding cyber compliance. In addition, boards should ensure that there is a system in place for identifying, evaluating and implementing compliance-related legislation.

Additionally, boards should constantly seek opportunities to bring expert perspectives into boardroom discussions. Often, authorities from government, law enforcement and cyber security agencies can provide invaluable advice. Building a relationship with these types of entities can help organizations evaluate their cyber strengths, weaknesses and critical needs.

 

Has the organization conducted a thorough risk assessment? Has the organization purchased or considered purchasing cyber liability insurance?

Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover.

The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. As such, boards, alongside the company’s management team, need to conduct a cyber risk assessment and identify potential gaps. From there, organizations can work with their insurance broker to customize a policy that meets their specific needs.

Asking thoughtful questions can help boards better understand the strategies management uses to prevent, detect and respond to data breaches. When it comes to cyber threats, organizations need to be diligent and thorough in their risk prevention tactics, and boards can help move the cyber conversation in the right direction.

Cyber exposures impact organizations from top to bottom, and all team members play a role in maintaining a secure environment. However, managing personnel and technology can be a challenge, particularly for organizations that don’t know where to start.

That’s where Hierl Insurance Inc. can help. Contact us today to learn more about cyber risk mitigation strategies you can implement today to secure your business.


HRL - Employees - Happy

Who’s using what in P&C insurance

With the emergence of 21st century technology, there are bountiful risks for the cyber lives of millions. In this article written by PROPERTYCASUALTY360, learn how different companies grow to combat the threat of employer risk.

You can read the original article here.


Guidewire Software, Inc. has entered into a definitive agreement to acquire Cyence, a software company that applies data science and risk analytics to enable P&C insurers to grow by underwriting “21st century risks” that have gone underinsured or uninsured. These emerging risks include cyber, reputation, and new forms of business interruption risk. “As traditional actuarial approaches struggle to address the unique characteristics of emerging risks like cyber, Cyence’s next-generation approach will enable insurers to broaden the scope and value of the products their policyholders need,” , Guidewire Software CEO and Co-Founder Marcus Ryu said in a press release.

In other news from Guidewire: MetLife Auto & Home has begun deploying Guidewire’s InsurancePlatform™ in a new cloud environment for customers using its MetLife Auto & Home MyDirect portal. MetLife Auto & Home is the first P&C insurer in the United States to offer a 100-percent digital experience from quoting to claim service. Rollout of the platform is expected to continue over the next several quarters.

Hearsay Systems recently announced a strategic alliance with Microsoft to help financial services firms empower advisors to be both high-tech and high-touch at scale in the digital age. The companies will focus on addressing the specific challenges faced by financial institutions, including the need for compliant advisor-client engagement technology that will enable advisors to better manage client relationships and grow business. The alliance will bring together the data-driven relationship insights from Microsoft Dynamics 365 with the financial industry-specific workflows, data and compliance capabilities from Hearsay, allowing advisors to more effectively acquire, convert and deepen client relationships.

Allianz Global Corporate & Specialty® (AGCS) has teamed up with Silicon Valley-based software company Zeguro, whose mission is to simplify and streamline cyber security and risk management  in small to medium-sized businesses (SMBs). Through its easy-to-use platform, Zeguro will serve as a virtual Chief Information Security Officer (CISO) to those who purchase Allianz’s cyber insurance coverage to further manage their cyber exposure and decrease the overall risk of financial loss following a cyberattack.

Accenture and Duck Creek Technologies recently teamed up to create several new digital and emerging technology solutions for P&C insurers that are designed to improve efficiency and value. The companies have integrated Accenture’s IoT and analytics technologies with Duck Creek’s core platform and launched a blockchain proof-of-concept for medical bill auditing. “These new tools are the product of our focus on providing a new generation of digital solutions to our insurance clients working in collaboration with our joint venture partners,” Cindy DeArmond, managing director and P&C Core Platforms Lead for Accenture in North America, said in a press release.

Louisiana-based Aparicio Walker & Seeling, Inc. (AWS Insurance) is live on TechCanary’s insurance platform replacing its outdated legacy agency management system.  TechCanary’s breadth and depth of insurance functionality built in Salesforce and flexibility to easily customize it further were key to the decision.

Speedpay, Inc., a Western Union company, and Nordis Technologies recently announced an alliance to offer cloud-based customer communications management services to Speedpay clients. This strategic agreement provides current and future Speedpay clients with the opportunity to add Expresso®, an easy-to-use, self-service application to organize, automate and execute print and electronic communications. Nordis also delivers print/mail and email production services, thus enabling a seamless end-to-end communications solution.

 

You can read the original article here.

Source:

PropertyCasualty360 (9 October 2017). "Who’s using what in P&C insurance" [Web Blog Post]. Retrieved from address http://www.propertycasualty360.com/2017/10/09/whos-using-what-in-pc-insurance-oct-9-2017?t=agency-technology?ref=channel-news


Workout - Girl - Stretching - Pixabay

Apple, Fitbit to join FDA program to speed health tech

Wondering how technology can speed the process of developing health tech? In this article from BenefitsPro written by Anna Edney, gain a close insight on how Apple and Fitbit are working together with the FDA to make your health of vital importance.

You can read the original article here.


A federal agency that regulates apples wants to make regulations on Apple Inc. a little easier.

The Food and Drug Administration, which oversees new drugs, medical devices and much of the U.S. food supply, said Tuesday that it had selected nine major tech companies for a pilot program that may let them avoid some regulations that have tied up developers working on health software and products.

“We need to modernize our regulatory framework so that it matches the kind of innovation we’re being asked to evaluate,” FDA Commissioner Scott Gottlieb said in a statement.

The program is meant to let the companies get products pre-cleared rather than going through the agency’s standard application and approval process that can take months. Along with Apple, Fitbit Inc., Samsung Electronics Co., Verily Life Sciences, Johnson & Johnson and Roche Holding AG will participate.

 

A new report and video from the Health Enhancement Research Organization (HERO) identifies six promising practices for effectively integrating wearables...
The FDA program is meant to help the companies more rapidly develop new products while maintaining some government oversight of technology that may be used by patients or their doctors to prevent, diagnose and treat conditions.

Apple is studying whether its watch can detect heart abnormalities. The process it will go through to make sure it’s using sound quality metrics and other measures won’t be as costly and time-consuming as when the government clears a new pacemaker, for example. Verily, the life sciences arm of Google parent Alphabet Inc., is working with Novartis AG to develop a contact lens that could continuously monitor the body’s blood sugar.

Faster Pace

“Historically, health care has been slow to implement disruptive technology tools that have transformed other areas of commerce and daily life,” Gottlieb said in July when he announced that digital health manufacturers could apply for the pilot program.

Officially dubbed the Pre-Cert for Software Pilot, Gottlieb at the time called it “a new and pragmatic approach to digital health technology.”

The other companies included in the pilot are Pear Therapeutics Inc., Phosphorus Inc. and Tidepool.

The program is part of a broader move at the FDA, particularly since Gottlieb took over in May, to streamline regulation and get medical products to patients faster. The commissioner said last week the agency will clarify how drugmakers might use data from treatments already approved in some disease to gain approvals for more conditions. In July, he delayed oversight of electronic cigarettes while the agency decides what information it will need from makers of the products.

Rules Uncertainty

As Silicon Valley developers have pushed into health care, the industry has been at times uncertain about when it needed the FDA’s approval. In 2013, the consumer gene-testing company 23andMe Inc. was ordered by the agency to temporarily stop selling its health analysis product until it was cleared by regulators, for example.

Under the pilot, the FDA will scrutinize digital health companies’ software and will inspect their facilities to ensure they meet quality standards and can adequately track their products once they’re on the market. If they pass the agency’s audits, the companies would be pre-certified and may face a less stringent approval process or not have to go through FDA approval at all.

More than 100 companies were interested in the pilot, according to the FDA. The agency plans to hold a public workshop on the program in January to help developers not in the pilot understand the process and four months of initial findings.

You can read the original article here.

Source:

Edeny A. (27 September 2017). "Apple, Fitbit to join FDA program to speed health tech" [Web Blog Post]. Retrieved from address http://www.benefitspro.com/2017/09/27/apple-fitbit-to-join-fda-program-to-speed-health-t

Wondering how technology can speed the process of developing health tech? In this article from BenefitsPro written by Anna Edney, gain a close insight on how Apple and Fitbit are working together with the FDA to make your health of vital importance.

You can read the original article here.


A federal agency that regulates apples wants to make regulations on Apple Inc. a little easier.

The Food and Drug Administration, which oversees new drugs, medical devices and much of the U.S. food supply, said Tuesday that it had selected nine major tech companies for a pilot program that may let them avoid some regulations that have tied up developers working on health software and products.

“We need to modernize our regulatory framework so that it matches the kind of innovation we’re being asked to evaluate,” FDA Commissioner Scott Gottlieb said in a statement.

The program is meant to let the companies get products pre-cleared rather than going through the agency’s standard application and approval process that can take months. Along with Apple, Fitbit Inc., Samsung Electronics Co., Verily Life Sciences, Johnson & Johnson and Roche Holding AG will participate.

 

A new report and video from the Health Enhancement Research Organization (HERO) identifies six promising practices for effectively integrating wearables...
The FDA program is meant to help the companies more rapidly develop new products while maintaining some government oversight of technology that may be used by patients or their doctors to prevent, diagnose and treat conditions.

Apple is studying whether its watch can detect heart abnormalities. The process it will go through to make sure it’s using sound quality metrics and other measures won’t be as costly and time-consuming as when the government clears a new pacemaker, for example. Verily, the life sciences arm of Google parent Alphabet Inc., is working with Novartis AG to develop a contact lens that could continuously monitor the body’s blood sugar.

Faster Pace

“Historically, health care has been slow to implement disruptive technology tools that have transformed other areas of commerce and daily life,” Gottlieb said in July when he announced that digital health manufacturers could apply for the pilot program.

Officially dubbed the Pre-Cert for Software Pilot, Gottlieb at the time called it “a new and pragmatic approach to digital health technology.”

The other companies included in the pilot are Pear Therapeutics Inc., Phosphorus Inc. and Tidepool.

The program is part of a broader move at the FDA, particularly since Gottlieb took over in May, to streamline regulation and get medical products to patients faster. The commissioner said last week the agency will clarify how drugmakers might use data from treatments already approved in some disease to gain approvals for more conditions. In July, he delayed oversight of electronic cigarettes while the agency decides what information it will need from makers of the products.

Rules Uncertainty

As Silicon Valley developers have pushed into health care, the industry has been at times uncertain about when it needed the FDA’s approval. In 2013, the consumer gene-testing company 23andMe Inc. was ordered by the agency to temporarily stop selling its health analysis product until it was cleared by regulators, for example.

Under the pilot, the FDA will scrutinize digital health companies’ software and will inspect their facilities to ensure they meet quality standards and can adequately track their products once they’re on the market. If they pass the agency’s audits, the companies would be pre-certified and may face a less stringent approval process or not have to go through FDA approval at all.

More than 100 companies were interested in the pilot, according to the FDA. The agency plans to hold a public workshop on the program in January to help developers not in the pilot understand the process and four months of initial findings.

You can read the original article here.

Source:

Edeny A. (27 September 2017). "Apple, Fitbit to join FDA program to speed health tech" [Web Blog Post]. Retrieved from address http://www.benefitspro.com/2017/09/27/apple-fitbit-to-join-fda-program-to-speed-health-t


VR headset at DrupalCon LA by pdjohnson from Flickr

VR for HR

Have you always wanted to see the world? May VR technology is a way to incorporate the world into your business. Check out this article from our partner, UBA, written by Geoff Mukhtar, and discover what the world's latest technology can offer your company.

You can read the original article here.


No matter how well traveled you are, or how busy your lifestyle may be, you likely haven’t been everywhere in the world, or done everything there is to do. There is technology out there, however, that can bring the world to you. That technology is called “virtual reality,” or VR for short, and it’s changing the way that people experience life. VR provides a simulated environment that mimics a real one.

Whether you want to climb a mountain, dive deep underwater, or even go on a top-secret military mission, VR can bring all this to you in the comfort of your own home. So, what does all this have to do with human resources? In an article titled, “Virtual Reality Gives Job Candidates a Vivid Big Picture” on the Society for Human Resource Management’s website, there are numerous, maybe even limitless, uses for VR. The U.S. Navy uses VR in its recruiting and so, too, are many companies.

Not only does VR simulate what it’s like to work at a particular company, but it also highlights that a company is on the cutting edge in terms of technology and is using VR to differentiate itself from other companies. Just like Pink Floyd’s song, “Wish you were here,” VR can bring you to any location, whether it’s a city or a corporate headquarters. The latter being especially relevant with recruiting because a company doesn’t have to spend the money to fly job candidates to their office.

Plus, once these job candidates “see” what it would be like to work at a particular company in a particular city, they may even decide that it’s not what they want and retract their application. Thus, not wasting their time, or a company’s time, during the interview process.

Another benefit of VR recruiting is the undivided attention of the wearer. While a job candidate explores the company’s campus, offices, surroundings, etc., messages can be presented that include information about a company’s health plan, employee benefits, and other opportunities.

VR technology is just another tool that recruiters can use, but it’s definitely one of the more powerful ones. No other tool, not even video conferencing, can immerse someone so deeply into an environment so that he or she can seemingly blend into the workplace culture without actually stepping foot through the door.

 

Mukhtar G. (26 September 2017). "VR for HR" [Web Blog Post]. Retrieved from address http://blog.ubabenefits.com/vr-for-hr


Closing the execution continuum on employee benefit cost savings

Are you using big data to reduce your employee benefits costs? As more employers switch their employee benefits to a digital platform, big data can be a great tool for employers looking to reduce the costs associated with their benefits program. Check out this great article by Eric Helman from Employee Benefit Advisor and found out how you can leverage your data to reduce to cost of an employee benefit program.

A revolution in employee benefits is on the horizon, and 21st century analytics is at the core. Big data holds the promise to scan huge amounts of information in a near real-time environment for insights that will impact the current and future trajectory for a given area. The advancement of true cross-vendor analytics, prescription, engagement and measurement brought on by the democratization of big data is enabling employers, brokers and consultants to improve the performance of their employee benefits plans like never before.

Two decades ago, I had the opportunity to hear Chris Sullivan, one of the founders of Outback Steakhouse, speak to a group of executives about customer research. His sentiments: “We don’t do focus groups. People don’t know what they want. Who would say they would like to stand in line for 30 minutes to eat salty food in a very loud restaurant? But that is exactly what they wanted. And that is what made Outback a success. Instead of focus groups, we place very talented and engaged proprietors in our stores and teach them to observe what people want. Then, we replicate that experience.”

In the realm of employee benefits, surveys, focus groups and anecdotes about specific employee encounters with the benefits program typically drive the discussions about how that program should evolve in the future. Unlike the situation at Outback, it is difficult to “observe” how people actually consume benefits and tailor a program that is attractive to them.

Analytics drive strategy 
Fortunately, recent developments in data analytics have unlocked the potential of using consumer behavior insights to drive employee benefits strategy. Leading practitioners are beginning to leverage these developments to change the annual renewal process. The technologies that support data aggregation, normalization and reporting have been aggressively developed to support the provider and payer communities. Only now have these advancements been made available to employers and their advisers.

The most successful practitioners point to the value of standardized claims reporting based upon credible data. By combining current claims data with industry benchmarks and predictive analytics, employers gain insight into the ongoing performance of their benefit plans. They “see” for themselves what industry professionals have been telling them for years. Plan performance is based upon claims, both in terms of the number of units of healthcare consumed and the price of those units. In recent surveys, benefit professionals report the difficulty they have in convincing CFOs and CEOs to make the necessary changes to benefit programs. Standardized reporting from a credible analytics platform can greatly enhance the ability for benefit professionals to communicate their agenda.

But standardized reporting is not the panacea. Benefits are complex. And the relationship between risk and consumption of healthcare add to the complexity. Even in the best reporting environments where executives are well informed about the performance of their plans and how the key metrics compare to industry norms, they are often perplexed about what to do with the information. Advancements in the realm of “actionable analytics” are beginning to address this problem as well.

While artificial intelligence or AI is all the rage, the underlying concept of having a computer suggest a course of action based upon data is not a new idea. The new application to employee benefits is the ability to provide “suggestions” in the context of standardized financial reporting. The number of ideas to bend the cost curve are numerous. The challenge is matching these ideas with the appropriate populations, convincing decision makers to invest and engaging the appropriate cohorts of employees to take specific actions necessary to realize the return on investment for these initiatives.

New systems are now available to close the gaps on this execution continuum. The foundation for these new systems is a robust analytics platform. But actionable analytics build upon this foundation by evaluating the employer’s data to discern whether a specific cost-saving initiative might generate savings worthy of the investment. These new systems present the output of that analysis in an easy to understand graphical format for benefit consultants and HR professionals to effectively communicate the potential of cost savings initiatives to decision makers.

Targeted engagement maximizes compliance and ROI
Getting executives to commit to intentional actions to affect the rising costs of benefits solves one half of the problem. The second half of the problem is one of focus. Rather than attempting to engage all employees with generalized messaging, these new systems use analytics to focus their engagement on a specific cohort of individuals in order to drive the greatest impact. This focus allows for a concentration of resources on the targeted populations, resulting in increased compliance and larger return on investment. The best implementations are integrated with benefits administration platforms and can incorporate multiple initiatives simultaneously. Point solutions, from an engagement perspective, have been proven to result in single-digit compliance. The power of an integrated engagement solution allows for initiatives that, because they are both focused and automated, can be executed simultaneously.

Advancements in technology have created a new era in which the democratization of big data allows for non-technical professionals to access detailed information and convert that information into intelligence. According to a recent survey, more than 65% of employers confess they are not strategic when it comes to benefits cost management. In spite of the many cost savings ideas available, more than 40% say they are not engaging in any new initiatives in the upcoming year. While the future of healthcare reform is in doubt, the potential for actionable analytics to significantly change the trajectory of the employer’s benefits costs is certain.

See the original article Here.

Source:

Helman E. (2017 September 5). Closing the execution continuum on employee benefit cost savings [Web blog post]. Retrieved from address https://www.employeebenefitadviser.com/opinion/closing-the-execution-continuum-on-employee-benefit-cost-savings?brief=00000152-146e-d1cc-a5fa-7cff8fee0000


How data analytics is changing employee benefit strategies

As technology continues to grow and expand, more employers are turning to digital platforms when it comes to managing their employee benefits program. With more access to technology, employers can use data accumulated from their employees to better personalize their employee benefits package to fit each individual's needs. Take a look at this column by Eric Helman from Employee Benefit Advisor and find out some more tips on how you can better leverage the data from an employee benefits program to fit your employees'es needs.

In the realm of employee benefits, surveys, focus groups and anecdotes about specific employee encounters with the benefits program typically drive the discussions about how that program should evolve in the future. Unlike the situation at Outback, it is difficult to “observe” how people actually consume benefits and tailor a program that is attractive to them.

Fortunately, recent developments in data analytics have unlocked the potential of using consumer behavior insights to drive employee benefits strategy.

Leading practitioners are beginning to leverage these developments to change the annual renewal process. The technologies that support data aggregation, normalization and reporting have been aggressively developed to support the provider and payer communities. Only now have these advancements been made available to employers and their advisers.

The most successful practitioners point to the value of standardized claims reporting based upon credible data. By combining current claims data with industry benchmarks and predictive analytics, employers gain insight into the ongoing performance of their benefit plans. They “see” for themselves what industry professionals have been telling them for years. Plan performance is based upon claims, both in terms of the number of units of healthcare consumed and the price of those units. In recent surveys, benefit professionals report the difficulty they have in convincing CFOs and CEOs to make the necessary changes to benefit programs. Standardized reporting from a credible analytics platform can greatly enhance the ability for benefit professionals to communicate their agenda.

But standardized reporting is not the panacea. Benefits are complex. And the relationship between risk and consumption of healthcare add to the complexity. Even in the best reporting environments where executives are well informed about the performance of their plans and how the key metrics compare to industry norms, they are often perplexed about what to do with the information. Advancements in the realm of “actionable analytics” are beginning to address this problem as well.

While artificial intelligence or AI is all the rage, the underlying concept of having a computer suggest a course of action based upon data is not a new idea. The new application to employee benefits is the ability to provide “suggestions” in the context of standardized financial reporting. The number of ideas to bend the cost curve are numerous. The challenge is matching these ideas with the appropriate populations, convincing decision makers to invest and engaging the appropriate cohorts of employees to take specific actions necessary to realize the return on investment for these initiatives.

New systems are now available to close the gaps on this execution continuum. The foundation for these new systems is a robust analytics platform. But actionable analytics build upon this foundation by evaluating the employer’s data to discern whether a specific cost-saving initiative might generate savings worthy of the investment. These new systems present the output of that analysis in an easy to understand graphical format for benefit consultants and HR professionals to effectively communicate the potential of cost savings initiatives to decision makers.

Targeted engagement maximizes compliance and ROI
Getting executives to commit to intentional actions to affect the rising costs of benefits solves one half of the problem. The second half of the problem is one of focus. Rather than attempting to engage all employees with generalized messaging, these new systems use analytics to focus their engagement on a specific cohort of individuals in order to drive the greatest impact. This focus allows for a concentration of resources on the targeted populations, resulting in increased compliance and larger return on investment. The best implementations are integrated with benefits administration platforms and can incorporate multiple initiatives simultaneously. Point solutions, from an engagement perspective, have been proven to result in single-digit compliance. The power of an integrated engagement solution allows for initiatives that, because they are both focused and automated, can be executed simultaneously.

Advancements in technology have created a new era in which the democratization of big data allows for non-technical professionals to access detailed information and convert that information into intelligence. According to a recent survey, more than 65% of employers confess they are not strategic when it comes to benefits cost management. In spite of the many cost savings ideas available, more than 40% say they are not engaging in any new initiatives in the upcoming year. While the future of healthcare reform is in doubt, the potential for actionable analytics to significantly change the trajectory of the employer’s benefits costs is certain.

See the original article Here.

Source:

Helman E.  (2017 September 5). How data analytics is changing employee benefit strategies [Web blog post]. Retrieved from address https://www.employeebenefitadviser.com/opinion/closing-the-execution-continuum-on-employee-benefit-cost-savings


4 Trends Shaping Cybersecurity in 2017

The threat of cyber attacks is increasing every day. Make sure you are stay up-to-date with all the recent news and trends happening in the world of cyber security so you can stay informed on how to protect yourself from cyber threats. Check out this great column by Denny Jacob from Property Casualty 360 and find out about the top 4 trends impacting cybersecurity this year.

No. 4: Growing areas of concern

Organizations with a chief information security officer (CISO) in 2017 increased to 65 percent compared to 50 percent in 2016. Staffing challenges and budgetary distribution, however, reveal where organizations face exposure.

Finding qualified personnel to fill cybersecurity positions is as ongoing challenge. For example, one-third of study respondents note that their enterprises receive more than 10 applicants for an open position. More than half of those applicants, however, are unqualified. Even skilled applicants require time and training before their job performance is up to par with others who are already working on the company's cybersecurity operation.

Half of the study respondents reported security budgets will increase in 2017, which is down from 65 percent of respondents who reported an increase in 2016. This, along with staffing challenges, has many enterprises reliant on both automation and external resources to offset missing skills on the cybersecurity team.

Another challenge: Relying on third-party vendors means there must be funds available to offset any personnel shortage.

If the skills gap continues unabated and the funding for automation and external third-party support is reduced, businesses will struggle to fill their cybersecurity needs.

No. 3: More complicated cyber threats

Faced with declining budgets, businesses will have less funding available on a per-attack basis. Meanwhile, the number of attacks is growing, and they are becoming more sophisticated.

More than half (53 percent) of respondents noted an increase in the overall number of attacks compared previous years. Only half (roughly 50 percent) said their companies executed a cybersecurity incident response plan in 2016.

Here are some additional findings regarding the recent uptick in cyber breaches:

• 10 percent of respondents reported experiencing a hijacking of corporate assets for botnet use;• 18 percent reported experiencing an advanced persistent threat (APT) attack; and

• 14 percent reported stolen credentials.

• Last year’s results for the three types of attacks were:

• 15 percent for botnet use;

• 25 percent for APT attacks; and

•15 percent involving stolen credentials.

Phishing (40 percent), malware (37 percent) and social engineering (29 percent) continue to top the charts in terms of the specific types of attacks, although their overall frequency of occurrence decreased: Although attacks are up overall, the number of attacks in these three categories is down.

No. 2: Mobile takes a backseat to IoT

Businesses are now more sophisticated in the mobile arena. The proof: Cyber breaches resulting from mobile devices are down. Only 13 percent of respondents cite lost mobile devices as an exploitation vector in 2016, compared to 34 percent in 2015. Encryption factors into the decrease; only 9 percent indicated that lost or stolen mobile devices were unencrypted.

IoT continues to rise as an area of concern. Three out of five (59 percent) of the 2016 respondents cite some level of concern relative to IoT, while an additional 30 percent are either "extremely concerned" or "very concerned" about this exposure.

IoT is an increasingly important element in governance, risk and cybersecurity activities. This is a challenging area for many, because traditional security efforts may not already cover the functions and devices feeding this digital trend.

No. 1: Ransomware is the new normal

The number of code attacks, including ransomware attacks, remains high: 62 percent of respondents reported their enterprises experienced a ransomware attackspecifically.

Half of the respondents believe financial gain is the biggest motivator for criminals, followed by disruption of service (45 percent) and theft of personally identifiable information (37 percent). Despite this trend, only 53 percent of respondents' companies have a formal process in place to deal with ransomware attacks.

What does that look like?

Businesses can conduct "tabletop" exercises that stage a ransomware event or discuss in advance decisions about payment vs. non-payment. Payment may seem like the easiest solution, but law enforcement agencies warn it can have an encouraging effect on those criminals as some cases lead to repeated attacks of the same business.

Many cybersecurity specialists argue that the best way to fight a ransomware attack is to avoid one in the first place. Advance planning that might include the implementation of a governing corporate policy or other operating parameters, can help to ensure that the best cybersecurity decisions are made when the time comes to battle a breach.

See the original article Here.

Source:

Jacob D. (2017 August 25). 4 trends shaping cybersecurity in 2017 [Web blog post]. Retrieved from address http://www.benefitspro.com/2017/08/25/4-trends-shaping-cybersecurity-in-2017?ref=hp-in-depth&page_all=1


Benefits Technology: What do Employers Want?

Do you know which technology will be the most beneficial for your employee benefits program? Take a look at this article by Kimberly Landry from Benefits Pro on what employers should be looking for when searching for the right technology for the benefits program.

It’s no secret that we are in the midst of a revolution in how employers manage their insurance benefits. Enrolling and administering benefits was once a manual process involving plenty of paperwork, but much of this work has now shifted to electronic benefits platforms. A recent LIMRA survey, Convenient and Connected: How Are Employers Using Technology Today?, found that 59 percent of employers are now using a technology platform for insurance benefit enrollment, administration, or both. In addition, more than 1 in 3 firms that do not use technology are currently looking for a platform.

Brokers can provide value to their clients by helping them find a technology system that meets their needs. In fact, over one quarter of employers say their broker should have primary responsibility for researching and evaluating possible technology solutions. However, to do this successfully, it is necessary to understand what problems employers are trying to solve with technology.

The advantages of benefits technology tend to fall into two categories: improving the experience for HR/benefits staff and improving the experience for employees. While employers see the value of both aspects, it is clear that the desire for technology is driven more by HR needs such as reducing costs, improving management of benefits data, and reducing the time and resources needed to administer benefits, rather than employee needs (Figure X). In seeking technology, employers are, first and foremost, trying to make their own lives easier.

This provides insight into some of the key features employers are seeking in technology, many of which revolve around greater convenience in managing benefits. For example, 80 percent of employers say it is important for a technology platform to be accessible all year so they can use it for ongoing administration and updates, rather than a “one-and-done” enrollment system. Ongoing access is one of the top features employers look for in a platform, with sizable portions also specifying that they want a system that can enroll new hires and support ongoing life event and coverage changes.

I would love to find a product … that would allow us to reduce the amount of time that we spend during the enrollment process and also during the course of a year, adding employees or terminating employees.

—Employer with 65 employees (Voice of the Employer,LIMRA, 2016)

Similarly, 77 percent of employers want a technology system that can manage all of their benefits on the same platform, regardless of which carriers are providing the products. Consolidating benefits on one platform helps employers save time and allows them to quickly get a complete view of their overall benefits package in one place. In fact, employers that currently manage all of their benefits on one platform are more satisfied with their technology than those that don’t have this capability. Moreover, roughly 1 in 6 employers say the ability to handle all benefits in one place would motivate them to switch technology platforms.

Employers also want the convenience of a platform that integrates smoothly with other technology systems, including carrier, payroll, and HRIS systems. When it comes to carrier systems, employers want to feel confident that no errors are occurring in the data transfer and don’t want to spend a lot of time checking for mistakes.

Our HR benefits administrator has spent an exorbitant amount of time trying to, literally person by person, dependent by dependent, go through each little piece and figure out why somebody's kid is getting dropped…So I think I'd like to see those communications [work] a little bit better.

—Employer with 320 employees

Employers also want technology to integrate with their payroll and other HRIS systems so they do not have to make changes in multiple systems, which is perceived as time-consuming and inefficient.

And those two systems...they don't communicate with each other... Without that communication, it's almost like double work because if there's an address change or anything like that, you have to go to one system, then go to another, and that just seems broken to me.

—Employer with 32 employees

While employers are primarily seeking convenience for their own HR staff, it is important to note that they would like this value to extend to their employees as well. Overall, 85 percent of employers think it’s important that an enrollment platform be easy and intuitive for their employees to use. In fact, user-friendliness is often one of the first priorities that comes to mind when employers describe their ideal platform.

I want to make sure it's easy, as simple as possible, as fast as possible, and I don't want it to be a burden every year.

—Employer with 30,000 employees 

When it comes to selecting benefits technology, it is clear that convenience is key. By guiding employers to technology solutions that will make it quicker and easier to administer benefits, brokers can improve the experience for everyone involved and help the industry move into the future.

See the original article Here.

Source:

Landry K. (2017 July 21). Benefits technology: what do employers want? [Web blog post]. Retrieved from address http://www.benefitspro.com/2017/07/21/benefits-technology-what-do-employers-want?kw=Benefits+technology%3A+What+do+employers+want%3F&et=editorial&bu=BenefitsPRO&cn=20170721&src=EMC-Email_editorial&pt=Daily&page_all=1


6 Promising Wearables Tips for Wellness Programs

Have you been trying to implement wearable technology in your wellness program? Check out this great article by Jessica Grossmeier from Benefits Pro for some great tips to know when integrating wearable technology into your company's wellness program.

Wearable devices can be a powerful element in a workplace wellness program. They add a fun factor to fitness challenges, and allow individuals to more clearly see the progress they’re making toward their goals.

A new report and video from the Health Enhancement Research Organization (HERO) identifies six promising practices for effectively integrating wearables into wellness programs.

Read on to find out how these companies increased participation in wellness programs and even decreased health cost trends for some participants.

1. Remove financial barriers

While many people have discovered the value of wearables, more than half of Americans still believe the devices are too expensive, and that may be enough to keep them from participating in a wellness program. Giving the devices to employees for free or at reduced cost removes a significant barrier and makes it easier for everyone to participate.

2. Choose culturally relevant incentives

Having goals can help drive change, and the data fitness trackers generate make it simple and fun to track progress toward those goals. Offer employees incentives for reaching targets, but make sure the incentives make sense for your workplace. For example, some employees may value prime parking or internal recognition more than a cash prize or a gift card.

3. Cultivate support at home

Convincing employees to walk more is easier if they have someone to walk with. When you involve spouses or domestic partners in the program, employees have someone at home motivated to hit the trail with them rather than settling in for an evening on the couch.

4. Get the details right

There’s a lot to consider when you add wearables to a wellness program, and it’s not always possible to think of everything before you start. Working out the details with a small pilot program creates an opportunity to identify challenges and opportunities, streamline processes, and set meaningful goals for the program once it expands companywide.

5. Shake things up

Wearables can add a fun factor to your wellness program, but even fun activities can wear out their welcome. It’s important to keep things fresh in your wearables strategy, so watch how employees use their devices, and change things up when you see an opportunity to increase engagement.

6. Keep your eye on the prize

Wearable devices show great promise, but a device isn’t a magic solution. Success with wearables requires planning. Before you hand out your first device, make sure you know what you want to accomplish, how the device fits in your broader well-being strategy, and how you’ll measure success.

The employers who participated in the HERO report saw increased participation in wellness programs — employees enjoyed using the devices. And at least one company saw decreased health cost trends for participants. They attribute their successful integration of wearables to these six promising practices.

See the original article Here.

Source:

Grossmeier J. (2017 July 31). 6 promising wearables tips for wellness programs [Web blog post]. Retrieved from address http://www.benefitspro.com/2017/07/31/6-promising-wearables-tips-for-wellness-programs?page_all=1


3 takeaways from the 2017 Cost of Data Breach Study

IBM has just released their findings on their cost of data breaches study. Check out this great by Denny Jacob from Property & Casualty 360 and find out what they key findings from IBM research means for you.

As companies continue to infuse technology into their business models, they must also keep up with an ever-changing digital landscape. In 2017 and beyond, companies need to consider their cybersecurity practices.

As cyber attacks continue to rise in frequency and sophistication, companies should also consider where data breaches are occurring. For those looking to understand data breaches by country, the latest report from IBM Security and Ponemon Institute sheds light on such a topic.

Sponsored by IBM Security and conducted by Ponemon Institute, the study found that the average cost of a data breach is $3.62 million globally, a 10% decline since 2016.

To explore the complete report, visit the IBM Security Data Breach Calculator, an interactive tool that allows you to manipulate report data and visualize the cost of a data breach across locations and industries, and understand how different factors affect breach costs.

Or, keep reading for highlights from the study's key findings.

The costs by region.

In the 2017 global study, the overall cost of a data breach decreased to $3.62 million, which is down 10% from $4 million last year. While global costs decreased, many regions experienced an increase.

In the U.S., the cost of a data breach was $7.35 million, a 5% increase compared to last year. When compared to other regions, U.S. organizations experienced the most expensive data breaches in the 2017 report. In the Middle East, organizations saw the second highest average cost of a data breach at $4.94 million  an uptick of 10% compared with the previous year. Canada ranked third with data breaches costing organizations $4.31 million on average.

European nations experienced the most significant decrease in costs. Germany, France, Italy and the U.K. experienced significant decreases compared to the four-year average costs. Australia, Canada and Brazil also experienced decreased costs compared to the four-year average cost of a data breach.

Time is money when you're containing a data breach.

For the third year in a row, the study found that having an Incident Response (IR) Team in place significantly reduced the cost of a data breach. IR teams, along with a formal incident response plan, can assist organizations to navigate the complicated aspects of containing a data breach to mitigate further losses.

According to the study, the cost of a data breach was nearly $1 million lower on average for organizations that were able to contain a data breach in less than 30 days compared to those that took longer than 30 days. The speed of response will be increasingly critical as General Data Protection Regulation (GDPR) is implemented in May 2018, which will require organizations doing business in Europe to report data breaches within 72 hours or risk facing fines of up to 4% of their global annual turnover.

There's still room for improvement for organizations when it comes to the time to identify and respond to a breach. On average, organizations took more than six months to identify a breach, and more than 66 additional days to contain a breach once discovered.

Additional key findings.

  • For the seventh year in a row, healthcare topped the list as the most expensive industry for data breaches. Healthcare data breaches cost organizations $380 per record, more than 2.5 times the global average overall cost at $141 per record.
  • Close to half of all data breaches (47%) were caused by malicious or criminal attacks, resulting in an average of $156 per record to resolve.
  • Data breaches resulting from third party involvement were the top contributing factor that led to an increase in the cost of a data breach, increasing the cost $17 per record. The takeaway: Organizations need to evaluate the security posture of their third-party providers  including payroll, cloud providers and CRM software  to ensure the security of employee and customer data.
  • Incident response, encryption and education were the factors shown to have the most impact on reducing the cost of a data breach. Having an incident response team in place resulted in $19 reduction in cost per lost or stolen record, followed by extensive use of encryption ($16 reduction per record) and employee training ($12.5 reduction per record).

See the original article Here.

Source:

Jacob D. (2017 August 8). 3 takeways from the 2017 cost of data breach study[Web blog post]. Retrieved from address http://www.propertycasualty360.com/2017/07/05/3-takeaways-from-the-2017-cost-of-data-breach-stud?ref=rss&_lrsc=05d8112f-7bfb-4c4d-916f-0e2085debd9a&slreturn=1502379703&page_all=1