No One’s Safe from Cyber Threats. Train Your Employees to Defend Your Company Now or Risk Millions

Chubb's 2021 Personal Cyber Risk Survey finds no one is safe from the chance of a cyber attack, from health care providers to businesses to remote work employees.

By: Maura Keller | July 9, 2021

Topics: Cyber

Gone are the days when health care organizations stored valuable patient information on disorganized stacks of floppy disks in dusty back corners of offices.

Today, medical organizations are using data storage systems that deliver universal connectivity in a networked environment that are easily accessed and managed. But with the prolific amount of data being captured, the possibly of security breaches grows exponentially.

The health care industry is one cyber risk area that Chubb evaluated in their 2021 Personal Cyber Risk Survey, which gauged respondents’ attitudes and beliefs toward cyber risks throughout all areas of their lives.

Health Care Privacy Risks

According to Christie Alderman, cyber innovative solutions officer at Chubb, the survey found that people are giving more thought to the risks of sharing medical data — but inconsistently.

The most interesting aspect to this medical data security conundrum? Americans are not nearly as concerned about the security of their medical data and records as you’d think.

While 57% of those surveyed were concerned with having to share their COVID-19 vaccination status, only 24% were concerned with the vulnerability of their medical records in general.

This in spite of the fact that health care related breaches of privacy have increased over three-fold in the past 10 years according to Chubb Cyber Index. Today, more than 1 in 20 U.S. adults have fallen victim to a health care-related privacy breach.

Why are so few Americans concerned? As Alderman explained, media coverage helps to play a key role in increasing awareness about privacy considerations on COVID-19 vaccines, but people are generally unaware of how their medical data can be used and the harm it can cause.

“For example, most people are not aware that individual health data is sold on the black market to identity thieves who use the data for fraudulent purposes, including tax fraud and home equity loan fraud, and obtain medical care under the victim’s name,” Alderman said.

“This crime can ‘pollute’ the victim’s health records and potentially cause physical harm, such as recording an incorrect blood type. Additionally, most people do not take into account the potential for significant legal and financial ramifications of a cyber incident.”

Today’s Business Vulnerabilities

While Chubb’s 2021 Personal Cyber Risk Survey focuses on individual attitudes toward cyber risks, it also gives a view into business vulnerabilities — namely vulnerabilities caused by employees.

According to Alderman, in particular, respondents viewed working from an office as making them more vulnerable to cyber attacks than working from home; however, this is the opposite of reality.

“The same issues making individuals more personally vulnerable to cyber attacks, such as reusing easy-to-guess passwords, are bad habits that employees bring to their employers and are making employers vulnerable to cyber incidents,” Alderman said.

Christie Alderman, Cyber Innovative Solutions Officer, Chubb

From a business perspective, and based on Chubb’s claims experience, The Chubb Cyber IndexSM highlights significant increases in cyber attacks in specific industries, such as education, manufacturing, professional services and public entities.

“While a company’s revenue may make them more prone to a cyber attack, our data shows that businesses under $25M in revenue have seen the most dramatic increase in cyber incidents over the past several years, with a more than 16-fold frequency of cyber incidents,” Alderman said.

“Put simply, all sizes of businesses are susceptible and experiencing an increase in cyber attacks. Even local ‘mom-and-pop’ shops are at risk and should be aware of cyber crimes and the potential impact to their operations.”

The Chubb report also found that younger generations have more faith in the preparedness of small businesses to protect consumer information in the case of a cyber attack: 60% of ages 18-34; 49% of those age 35-54; 12% of those 55 and up.

Cyber Risk in a Remote Work Environment

So how has the recent pandemic impacted individuals’ views of being cyber safe when working remotely?

Chubb’s 2021 Personal Cyber Risk Survey shows that Americans understand their increase in online activity, spurred on by the pandemic, has left them more vulnerable to cyber attacks.

As Alderman pointed out, while one-third of respondents are making some improvements in online safety, for example, more regularly changing passwords, less sharing passwords with others, and using a VPN, that still leaves two-thirds of people who are not, meaning people are still not often taking the right precautions.

“The gap in individual cyber education has and will continue to impact businesses as their employees work from home or have hybrid working arrangements,” Alderman said.

“The spate of cyber attacks showing up daily in the media is in a large part because bad actors are leveraging companies’ vulnerabilities. As a result, employers will need to continue to not only focus on the security of their IT configurations but also on employee education — teaching them about the importance of password hygiene and how to spot phishing emails, for example.”

The Role of Insurance in Cyber Risks

Both businesses and individuals are facing the increased prospect of cyber attacks, and insurance can help fill gaps should a person experience a breach.

Cyber insurance provides a financial solution while helping to navigate the victims through the complexities of resolving a cyber attack with much-needed services. What’s more, Alderman said, from a business perspective, cyber insurance is an essential part of business continuity planning and can mean the difference in business-as-usual or a catastrophic financial loss.

“From an individual perspective, cyber insurance needs to be as much a part of the insurance conversation as home and auto insurance,” Alderman said. “Chubb’s 2021 Personal Cyber Risk Survey shows that individuals rely on trusted sources like an insurance agent to direct them to the policy they need.”

The line between business cyber risk and personal cyber risk has never been blurrier. That’s why companies and individuals cannot afford to ignore it.

“And while it’s true that many companies have already addressed cyber exposures, cyber attacks are continuing to evolve at a rapid pace,” Alderman said.

“Everyone is at risk, making it imperative for more education in the marketplace for both consumers and businesses.” &

Based in Minneapolis, Minnesota, Maura Keller is a writer, editor and published book author with more than 20 years of experience. She has written about business, design, marketing, health care, and a wealth of other topics for dozens of regional and national publications. She can be reached at [email protected].

How a Carrier Partner Can Help Navigate a Challenging Management and Professional Liability Market

A combination of a choppy economy with increased claims frequency and severity could lead to rate increases in the Management & Professional Liability market.

By: Risk & Insurance | April 3, 2024

Rates in the management & professional liability (M&PL) markets were on the rise from 2020 to early 2023 and are now falling rapidly.

M&PL divisions manage a number of different insurance products including management liability (D&O), professional liability (E&O), employment practices liability (EPL), fiduciary liability policies, cyber, etc. In 2023 and into 2024, a big influence on the marketplace has been the extremely aggressive and softening public company D&O market.

Though these rates have been softening for management liability, that may change over the next few years as companies continue to adjust their business models motivated by economic uncertainty. Layoffs were up nearly 200% last year, Forbes reported, even as other recession indicators, like the inflation rate, improved. A recession could lead to an increased claim activity and force carriers to raise rates.

“Whenever there is a meaningful downturn in the economy, we tend to see claim frequency pop up,” said George Schalick, Jr., senior vice president of the Management and Professional Liability Division at Philadelphia Insurance Companies (PHLY).

With continued fiscal uncertainty, businesses potentially already burdened with pandemic-related claims should seek a carrier with a long history in M&PL products. They will provide much-needed risk management guidance and be better positioned to support their insureds during market fluctuations.

Why Insureds Might See an Uptick in M&PL Claims

George Schalick, Jr., Senior Vice President of the Management and Professional Liability Division, Philadelphia Insurance Companies

The current soft market might come as a bit of a surprise as it does not track with previous underwriting cycles and economic conditions. Afterall, many privately held and non-profit organizations struggled during the early days of the pandemic with shutdowns and rapidly declining revenues. But the Government assistance programs, like the Paycheck Protection Program loans, helped keep many afloat during the tough times.

“During COVID many organizations stopped doing business until they were able to sort out all of the health and safety challenges,” Schalick said. “They were forced to lock down, but then all the government assistance programs allowed them to keep people employed. The increased volume of claims we anticipated we would see coming from the lockdowns and restrictions that were imposed upon businesses in the U.S. didn’t manifest at first.”

“Just because there wasn’t an onslaught of reported claims at the beginning of the pandemic, doesn’t mean the circumstances that would give rise to a claim being reported didn’t occur. Courts and the judicial system were closed or slowed and now that they are back open, we’re starting to see the circumstances that occurred during the COVID lockdowns becoming claims today,” Schalick said. “Litigation is progressing.”

Added to the delayed pandemic litigation is a concern over newer claims that might be filed as the country inches toward an economic downturn. Though a recession was avoided in 2023, experts think a soft dip could occur in 2024, with 76% of economists saying there’s a 50% or less chance of an economic downturn this year — that almost always results in more management liability claims.

“During the Great Recession in 2008, we saw an almost immediate spike in claims because of the economic conditions and the pressure it placed on organizations. They were making personnel changes with significant belt tightening almost immediately.” Schalick said.

What’s in Store for M&PL Policy Rates in 2024?

Despite an uptick in claims and increased economic uncertainty, management liability rates haven’t increased, resulting in market-wide pricing levels that may not meet the increased pressure of rising settlements and jury verdicts.

“Rates are going the other direction and settlement values are not falling,” Schalick said.

The mismatch between rates, claim frequency and severity is, in part, because carriers experiencing the dramatic soft market in the public D&O market are seeking premium gain in the private and non-profit market.

“In the public company market, the rates have been decreasing significantly. The rates were increasing in the private, not-for-profit market, and rightfully so, but there’s a desire to supplement overall mid-size D&O for carriers who also write private not-for-profit, and they see that as an opportunity to aggregate premium,” Schalick said. “So the always competitive landscape in the private, not-for-profit market has dramatically increased in the last 18 to 24 months.”

Still, companies of all sizes and types should be concerned about management liability rates in the future. Legal system abuse is resulting in increases in both the amount of litigation and the size of verdicts plaintiffs are receiving.

Certain areas of the country are particularly vulnerable to this type of legal system abuse. As a result, insureds in these localities are likely to be vulnerable to rate increases.

“The environment is so positive for the plaintiff that forces premium increases so carriers are able to stay in that market long term,” Schalick said.

Why a Tenured Carrier Partner Can Help Insureds Navigate An Uncertain Market

It’s clear that insureds are facing an uncertain M&PL market over the next few years. Fortunately, carriers with a long history in the M&PL space will be there to offer stability.

Philadelphia Insurance Companies has been supporting this market for 35 years. PHLY is committed to offering long-term rate stability, even as economic and claims trends start to push premiums upwards. They have an appetite for all sorts of companies, large and small, for-profit and nonprofit alike.

“We’ve been at this game for a long time and are one of the most tenured underwriters in this space,” Schalick said. “We like to stay very consistent.”

PHLY has worked with both for-profit and non-profit on management liability policies. With dedicated M&PL teams throughout the company’s 13 regions, PHLY provides the support agents and brokers are looking for on behalf of their clients. The teams know their regions well and can respond to local trends. They’re also dedicated to making the renewal process as easy as possible for their partners and policyholders.

“We have real confidence in our results, so we focus a lot on making the renewal experience as painless as possible for all agents and insureds,” Schalick said.

The company is also investing in tools to help insureds avoid losses. Earlier this year, they launched a new online risk management platform, PHLYGateway, which offers resources for insureds on how to create an employee handbook and trainings on issues such as recognizing workplace sexual harassment and discrimination.

If insureds have questions, they can consult a Best Practices Help Line, provided via the platform. That way, they can get on the spot risk management guidance to help them prevent claims.

To learn more, visit: https://www.phly.com/mplDivision/managementLiability/default.aspx.

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Philadelphia Insurance Companies. The editorial staff of Risk & Insurance had no role in its preparation.