Sponsored Content: Allied World

The Case for Cyber Coverage in the Construction Industry

Construction companies are not exempt from the dangers of cyber crime.
By: | June 6, 2018 • 5 min read

Construction may be one of the few industries today that is not data production driven. Most construction firms don’t have large IT departments and the majority have little expertise in managing information security. However, access to clients’ confidential information and an increased dependence on technology have exposed construction companies to a host of new threats, making the need for cybersecurity a critical risk management consideration.

It is projected that cyber crime will cost businesses approximately $6 trillion per year on average through 2021. There’s a belief among construction companies that they aren’t a target, which only makes the industry easier prey for attackers. And it’s not just large companies that are susceptible. In 2016, nearly half of cyber hacks targeted small businesses. A recent Forrester survey revealed that more than 75 percent of respondents in the construction, engineering and infrastructure industries had experienced a cyber-incident within the last 12 months.

Jason Glasgow, Vice President, Cyber Lead

A recent Forrester survey revealed that more than 75% of respondents in the construction, engineering & infrastructure industries had experienced a cyber-incident within the last 12 months.

Like all businesses, construction companies must adopt a robust cyber security risk management strategy and take the time to understand the exposures including:

  • Access to client’s confidential information – Although your company may not store the type of personal information hackers find desirable (e.g., credit cards or financial records), you may still have access to your clients’ confidential information. Compromised intellectual property such as building specifications and architectural drawings can provide a roadmap for criminals to gain access to valuable personally identifiable information (PII), including financial accounts and employee data. Just like any other company, if you have access to this type of confidential information, you’re vulnerable to phishing, ransomware, and other common forms of cyber attack.
  • Business interruption exposure – As in any industry, cyber attacks can result in costly business interruptions for construction companies. A delay in construction projects can be quite costly. This potential disruption must be built into a risk management plan. If a breach occurs, construction companies should have a contingency plan in place to make sure projects are not delayed and if so, they are back up and running as soon as possible.
  • Mobile dependency – The construction industry poses a unique cyber security challenge in that it is highly decentralized. There are many stakeholders involved in construction projects that are highly dependent on mobile devices and laptops, offering multiple access points to networks and creating vulnerability if they are not all adequately trained on cyber security. Adding another layer of exposure, valuable technology such as laptops are often stored on jobsites in unsecured trailers, making this information an easy target for thieves.
  • Increased reliance on technology – In addition to a reliance on mobile devices such as smart phones and laptops, the construction industry is increasingly adopting new technologies to improve safety and efficiency. Wearables and drones provide real-time monitoring and data collection, while virtual reality can create simulations of building designs. These technologies open a world of safety, training and efficiency opportunities, but also give malicious actors potential access to valuable information.
  • Third party liability – As third-party vendors to clients, who also use third party suppliers and subcontractors themselves, construction companies are exposed to stakeholder breach liability risk on all sides. Perhaps the most well-known example of this exposure came in the 2013 cyber attack on a large, national retailer, in which a small HVAC contractor providing services suffered a data breach. The hackers gained access to the network credentials that the contractor used to remotely access the retailer’s network, resulting in a breach of credit and debit card information for tens of millions of customers in the U.S. This HVAC contractor could have been held liable for the damages customers sustained.
  • Claims findings – Claims arising out of breaches are as a result of various types of attacks including ransomware, phishing and social engineering where criminals send emails purporting to be employees or trusted business partners in order to get confidential information or steal money. These attacks can be from criminals with a pure profit motive, competitors attempting to steal information, or criminals seeking to create chaos for other reasons.

The bottom line?

Construction companies are not exempt from the dangers of cyber crime. Our increased dependency on technology exposes all stakeholders to increased risk. Companies can mitigate this risk by developing mobile device security and cyber breach plans, and by providing adequate training for all employees on cyber security measures and responsibilities.

Recognizing that construction companies tend to be more focused on completing projects on time and within budget, some cyber policies offer proactive, value-added risk management support. This added level of support can serve as a tremendous resource, especially for companies that lack expertise in information security. Working with an insurance agent who has proven expertise in cyber security and familiarity with the unique risks posed to this industry is the best way for construction companies to ensure that they are adequately covered.

For more information, visit https://www.alliedworldinsurance.com/usa-professional-liability-cyber-liability.

This information is provided as a general overview for agents and brokers. Coverage will be underwritten by an insurance subsidiary of Allied World Assurance Company Holdings, GmbH, a Fairfax company (“Allied World”). Such subsidiaries currently carry an A.M. Best rating of “A” (Excellent), a Moody’s rating of “A3” (Good) and a Standard & Poor’s rating of “A-” (Strong), as applicable. Coverage is offered only through licensed agents and brokers. Actual coverage may vary and is subject to policy language as issued. Coverage may not be available in all jurisdictions. FrameWRXSM services are provided by third-party vendors via a platform maintained in Farmington, CT by Allied World Insurance Company, a member company of Allied World. © 2018 Allied World Assurance Company Holdings, GmbH. All rights reserved.

SponsoredContent

BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Allied World. The editorial staff of Risk & Insurance had no role in its preparation.




Allied World is a global provider of innovative property, casualty and specialty insurance and reinsurance solutions.

4 Companies That Rocked It by Treating Injured Workers as Equals; Not Adversaries

The 2018 Teddy Award winners built their programs around people, not claims, and offer proof that a worker-centric approach is a smarter way to operate.
By: | October 30, 2018 • 3 min read

Across the workers’ compensation industry, the concept of a worker advocacy model has been around for a while, but has only seen notable adoption in recent years.

Even among those not adopting a formal advocacy approach, mindsets are shifting. Formerly claims-centric programs are becoming worker-centric and it’s a win all around: better outcomes; greater productivity; safer, healthier employees and a stronger bottom line.

Advertisement




That’s what you’ll see in this month’s issue of Risk & Insurance® when you read the profiles of the four recipients of the 2018 Theodore Roosevelt Workers’ Compensation and Disability Management Award, sponsored by PMA Companies. These four programs put workers front and center in everything they do.

“We were focused on building up a program with an eye on our partner experience. Cost was at the bottom of the list. Doing a better job by our partners was at the top,” said Steve Legg, director of risk management for Starbucks.

Starbucks put claims reporting in the hands of its partners, an exemplary act of trust. The coffee company also put itself in workers’ shoes to identify and remove points of friction.

That led to a call center run by Starbucks’ TPA and a dedicated telephonic case management team so that partners can speak to a live person without the frustration of ‘phone tag’ and unanswered questions.

“We were focused on building up a program with an eye on our partner experience. Cost was at the bottom of the list. Doing a better job by our partners was at the top.” — Steve Legg, director of risk management, Starbucks

Starbucks also implemented direct deposit for lost-time pay, eliminating stressful wait times for injured partners, and allowing them to focus on healing.

For Starbucks, as for all of the 2018 Teddy Award winners, the approach is netting measurable results. With higher partner satisfaction, it has seen a 50 percent decrease in litigation.

Teddy winner Main Line Health (MLH) adopted worker advocacy in a way that goes far beyond claims.

Employees who identify and report safety hazards can take credit for their actions by sending out a formal “Employee Safety Message” to nearly 11,000 mailboxes across the organization.

“The recognition is pretty cool,” said Steve Besack, system director, claims management and workers’ compensation for the health system.

MLH also takes a non-adversarial approach to workers with repeat injuries, seeing them as a resource for identifying areas of improvement.

“When you look at ‘repeat offenders’ in an unconventional way, they’re a great asset to the program, not a liability,” said Mike Miller, manager, workers’ compensation and employee safety for MLH.

Teddy winner Monmouth County, N.J. utilizes high-tech motion capture technology to reduce the chance of placing new hires in jobs that are likely to hurt them.

Monmouth County also adopted numerous wellness initiatives that help workers manage their weight and improve their wellbeing overall.

“You should see the looks on their faces when their cholesterol is down, they’ve lost weight and their blood sugar is better. We’ve had people lose 30 and 40 pounds,” said William McGuane, the county’s manager of benefits and workers’ compensation.

Advertisement




Do these sound like minor program elements? The math says otherwise: Claims severity has plunged from $5.5 million in 2009 to $1.3 million in 2017.

At the University of Pennsylvania, putting workers first means getting out from behind the desk and finding out what each one of them is tasked with, day in, day out — and looking for ways to make each of those tasks safer.

Regular observations across the sprawling campus have resulted in a phenomenal number of process and equipment changes that seem simple on their own, but in combination have created a substantially safer, healthier campus and improved employee morale.

UPenn’s workers’ comp costs, in the seven-digit figures in 2009, have been virtually cut in half.

Risk & Insurance® is proud to honor the work of these four organizations. We hope their stories inspire other organizations to be true partners with the employees they depend on. &

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]