Three Dangerous Overlooked Business Risks
“My employees are like family. No one would steal from me.”
“We’re very open with each other, not like some bureaucratic corporation. My workers know they can talk to me if they have a problem.”
“Our systems are secure enough. What hacker would come after a business like us when there are bigger fish to fry?”
Unfortunately, brokers who work with smaller to medium-sized companies (SMEs) are all too familiar with these common myths believed by their clients.
Yet, the data clearly shows that SMEs face significant risks from employee lawsuits, internal theft and cyber breaches.
“A lot of attention is being paid to big companies and big cases, and smaller companies sometimes have a hard time putting their risks in context,” said Bertrand Spunberg, Executive Risks Practice Leader, Hiscox USA.
And with CEOs and CFOs often making the insurance decisions for SMEs, brokers should approach these conversations armed with the tools they need to make a strong business case for Management Liability coverage.
“There is very compelling data demonstrating the extent of exposure for these companies. And insurance protection that comes with risk management services yields an excellent ROI that brokers should be confident bringing to their clients,” added Spunberg.
You never know who will sue you.
According to the 2015 Hiscox Guide to Employee Lawsuits, American businesses have an 11.7 percent chance of having one of their employees file a charge of discrimination. Employees can file charges through the Equal Employment Opportunity Commission — the federal body responsible for enforcing fairness laws in the workplace — or through an equivalent state organization.
Some states have more stringent laws than federal guidelines and therefore place employers at even greater risk.
Source: The 2015 Hiscox Guide to Employee Lawsuits.
“A lot of employment charges have no merit and don’t go anywhere, but the potential for damage is so huge that employers must take them seriously. If they go wrong, they can go very wrong,” said Spunberg.
For small to medium sized businesses, discrimination charges that trigger defense costs and/or settlements have an average price tag of $125,000.
Even a bogus charge can seriously damage a company’s reputation.
“Employment issues are often litigated in the court of public opinion, and smaller businesses may not have the brand power to overcome negative public perception,” Spunberg said.
Wage and hour litigation is also on the upswing. Failing to give workers paid breaks for meals or rest within a certain time period constitutes a violation of the Fair Labor Standards Act. SMEs are not always aware of changing regulations — and also more likely to break them if they are trying to grow business with a smaller staff.
In some smaller SME organizations where employees know each other, and sometimes are literally family, executives simply don’t believe that a member of their workplace “family” would bring formal charges.
Hence, only an estimated one in five SMEs purchase employment practices liability insurance. But all it takes is one slighted employee to incur hundreds of thousands in defense and settlement costs.
“Basic levels of protection are very inexpensive to secure, and EPL insurance has been a buyers’ market for years,” Spunberg said.
Crime and Embezzlement
SMEs tend to view embezzlement as a problem of major corporations with more complex accounting practices and management hierarchies. But just the opposite is true.
The majority of employee thefts occur in organizations with 500 employees or less, according to The 2015 Hiscox Embezzlement Watchlist. Among these companies, the average loss from employee theft was $842,403.
The trust and familiarity that often exist in SMEs can blind executives to potential theft and insider fraud. The belief that happy, long-term, close-knit employees would never steal from an organization is a common myth.
As is the belief that the person responsible for signing the checks needs no monitoring.
In many cases, the CFO or another official with access to the company’s funds and bookkeeping are the perpetrators of insider theft.
“You could have a bookkeeper that’s been around for 20-30 years, and has been stealing little by little the whole time. That can add up to big numbers,” said Doug Karpp, Crime & Fidelity Product Head, Hiscox USA.
The highest median losses from theft were caused by vendor frauds — when an employee steals by making payments to a vendor that has not actually provided services. That “vendor” may be a business registered to the employee, or to a friend or family member.
Source: The 2015 Hiscox Embezzlement Watchlist: A Snapshot of Employee Theft in the US.
“SMEs often do not have a robust vendor approval process; they tend to work with someone they know or has been recommended to them without going through a bid process or background checks,” Karpp said.
They also may not have the resources for loss control measures like data mining, fraud hotlines, fully opinioned CPA audits including a review of internal controls, and dedicated fraud department.
SMEs can enact simple risk mitigation measures like having two people sign every check, or conducting random surprise audits once or twice a year. But the best protection against losses is a strong crime insurance policy. Without one, the majority of stolen funds may never be recovered.
For more information, click below to download the brochure.
Headline-grabbing cyber breaches happen at big-name companies that have both more money and more data than a typical SME. But just because hacks at lesser known companies don’t make the front page doesn’t mean those business leaders should rest on their laurels.
Hackers may not specifically target an individual SME, but they don’t have to in order to gain access to customer data.
“Most network vulnerabilities are discovered through the use of automated scripts that troll the internet indiscriminately. Hackers cast a wide net and see where they might be able to infiltrate a system,” said Matt Donovan, Cyber & Data Risks Product Head, Hiscox USA.
Furthermore, most breaches are due to employee errors and lost devices, not sophisticated hacking attacks.
Sixty percent of SMEs close after a breach because the costs associated with forensics investigations, notification and lost business are so high, according to a Hiscox PRO resource guide entitled “Privacy 101.”
Privacy and data protection issues are becoming increasingly important in boardroom discussions, as executives are being held accountable for breaches or the loss of customers’ personal information.
For more information, download the Hiscox PRO resource guide below.
Small and medium sized businesses may not be able to fund a risk management department and enforce all the protocols that larger organizations do, but they can protect themselves with Management Liability insurance that comes with value-added services
“Even with tighter budgets, ROI is high on coverage for these risks because pricing is low,” Donovan said. SMEs would also gain ancillary risk management services offered by carriers.
Some carriers have partnerships with law firms that can help prevent and mitigate tense situations. They might work with forensics teams and subject matter experts who provide best practices and response advice.
Brokers can argue that by purchasing a policy, SME clients get not only insurance, but a whole suite of risk management tools and experts at their fingertips. With the help of carriers, they can learn how to tighten up EEOC compliance, fraud detection and deterrence, and cyber security protocols.
To learn more about the unique exposures faced by SMEs and Hiscox’s corresponding solutions, visit http://www.hiscoxbroker.com
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Hiscox USA. The editorial staff of Risk & Insurance had no role in its preparation.