The Hidden Construction Industry Threat: Cyber Attack
Construction Firms face a number of risks every day, from worker safety and protecting the worksite to contractual obligations. But, as the back office relies more on technology to keep business going, there is an emerging risk for the industry: cyber criminals. New machinery increasingly is computerized, and most design, engineering and construction firms are using some form of cloud computing. Also, the multi-user platforms that allow contractors, architects and project owners to collaborate can also be vulnerable to hacking. If that data is compromised, it could force a halt in construction while the parties determine the extent of the breach.
If your firm uses any of these client interface or data-sharing technologies, there is plenty of information that risks being exposed, including:
- Sensitive client data
- Confidential project information
- Proprietary data
- Subcontractor data or financials
- Employee data, including personally identifiable information.
If cyber criminals gain access to construction data, they could disrupt a project by destroying data servers and infrastructure, or by threatening the safety of people on-site. Hackers can also cause harm to an owner’s design and security systems.
What you can do
You should ask yourself these questions to identify deficiencies:
- Is your network secure and are you confident you are protecting your data?
- Where are you storing your data?
- Do you encrypt your data when it is on your or employees’ mobile devices and laptops?
- Did you perform due diligence before granting vendors access to sensitive data?
- Are you taking precautions to ensure that third parties are granted access on a need-to-know basis only?
- Do you have policies and safeguards in place to ensure shared information is not disseminated elsewhere?
- Are you training your staff in cyber security and privacy?
Commercial insurance won’t cut it
Your commercial insurance policy will not cover damages caused by data breaches. That’s because such policies don’t cover damages to intangible property – and many have exclusions for data and technology.
And your property policy will not cover you for loss of business if there is no direct physical damage to your property. Property policies don’t cover damage caused by hackers or rogue employees who shut down your or your project owner’s website or computer systems, or the systems of a service provider you rely upon to conduct business.
Professional liability insurance also will typically not cover damages associated with a cyber attack.
The answer: Cyber insurance
Cyber insurance will cover the costs of recovering from a data breach or malicious attack on your data systems.
It can cover losses from various cyber and electronic issues, including:
- Unauthorized access.
- Business interruption.
- Network damage caused by a virus, malware or human error.
- Any state-mandated notification costs if personally identifiable information was exposed.
- Costs of regulatory penalties, and compliance costs.
- Third-party security and privacy liability arising out of the failure to protect confidential corporate information, including personally identifiable information.
- Costs associated with impaired access or denial-of-service attacks.
- IT forensics and expenses.
- Crisis management and public relations expenses.
- Loss of business income due to network interruptions.
- Cost of recovering systems and data.
- Cyber extortion loss.
One final note about insurance: Many project owners have started including in their contracts requirements for cyber liability insurance coverage to be included in certificates of insurance.
Ladder Safety App Helps Workers Avoid Falls
One of the most common injuries that construction workers and others in the industry sustain is falls from ladders. But, using a ladder seems like common sense, so many employers fail to properly train their workers in ladder safety.
Fortunately, the National Institute for Occupational Safety and Health can augment that training with its Ladder Safety smartphone app (available for Android and iPhones).
The app uses audio and visual signals to aid workers who must use extension ladders. One of the most common injuries occurs when the ladder angle is set too steeply, which can cause it to fall back or slide away during use. Alternatively, if it is set too shallow then the bottom can slide out.
Whether a person is on the ladder or standing under it when it is knocked or falls over, injuries are usually severe enough that they require emergency medical attention.
Experts say that the new phone app is a good way to keep workers safe, as long as employers encourage them to download it.
Ladder Safety Tips
- Never stand above the ladder’s highest safe standing level, which is outlined by the manufacturer and is usually above three rungs.
- Always keep three or more points of contact during a project.
- Avoid extending the center of the body beyond the sides of the ladder.
- Do not carry tools while using a ladder. Instead, wear a window cleaner’s belt or similar product designed to meet the purpose.
- Always face the ladder when descending or ascending.
- Do not leave an erected ladder unattended for any length of time.
- Always wear non-slip footwear when climbing a ladder.
- Avoid electrical hazards. Look for overhead power lines before handling a ladder. Avoid using a metal ladder near power lines or exposed energized electrical equipment.
- Always inspect the ladder prior to using it. If the ladder is damaged, it must be removed from service and tagged until repaired or discarded.
- Use a ladder only on a stable and level surface, unless it has been secured (top or bottom) to prevent displacement.
- Do not place a ladder on boxes, barrels or other unstable bases to obtain additional height.
- An extension or straight ladder used to access an elevated surface must extend at least 3 feet above the point of support. Do not stand on the three top rungs of a straight, single or extension ladder.
The app checks the ladder’s angle when it is positioned and also provides several helpful tips for proper ladder use.
It is free to download for Android and iPhone devices.
The app provides feedback for setting up ladders at certain angles. In addition, there are references users will find helpful. There is also a guide for inspecting, using, accessorizing and selecting extension ladders.
In addition to downloading this app, you should conduct ladder safety training for your workers and include basics in regular tailgate meetings.
Commercial Insurance Rates Continue Climbing
Despite the ongoing COVID-19 pandemic, commercial insurance rates are continuing to move higher across the board, with the exception of workers’ compensation.
A new report by online insurance exchange MarketScout found that in the third quarter of the year the highest rate increases were in liability lines, but property insurance rates climbed too.
Average Price Increases*
Directors and officers Insurance:
Excess liability insurance (umbrella):
Commercial auto insurance:
Professional liability insurance:
Commercial property insurance:
Workers’ compensation insurance:
Source: MarketScout Third Quarter Report
Below we’ll look at what’s driving rate increases in individual lines of insurance.
Directors & officers liability
Increased litigation and hefty court judgments against the top brass at businesses around the country have resulted in substantial payouts by insurers, resulting in higher rates.
Insurers are also writing fewer policies, which in turn feeds into higher rates as the supply diminishes.
General liability and umbrella
Rates for these coverages continue climbing due to a number of factors, including large judgments, the cost of litigation and a rising tide of lawsuits against businesses.
Another factor that could affect future rates is the liability effects of the COVID-19 pandemic and if businesses will see a new ground-swell of lawsuits for failing to adequately follow and communicate public health guidelines. As a result, some insurers have started including communicable disease exclusions in their liability policies.
In addition, insurance companies have scaled back on policy limits, according to Arthur J. Gallagher. For example, carriers that have offered $25 million umbrella policies are now limiting them to a maximum of $10 million, or less.
Rates continue rising in commercial auto, despite a drop in claims due to the pandemic. The increases in commercial auto premiums over the past few years have been due to an increase in distracted-driving accidents and deaths, escalating medical costs and climbing repair costs.
Property insurance rate inflation is largely due to the increasing number of natural catastrophes occurring throughout the country. Hurricane activity and intensity continues to grow, as does the frequency and destruction of wildfires, tornados and flooding.
In response, commercial property insurers have been making changes to coverage terms and conditions, increasing deductibles and shrinking policy limits. These moves have been especially pronounced in areas with higher exposure to natural catastrophes.
With markets hardening, now is a good time to double down on your risk management efforts to reduce your exposure however you can. Depending on the insurance those efforts will take different forms, such as better protecting your properties against catastrophes or training your driving employees regularly in road safety.
- A spike in large weather-related loss events and catastrophes,
- Historically low interest rates,
- Industry-wide rapid increases in liability losses, and
- The global pandemic and resulting economic uncertainty.
Source: Arthur J. Gallagher
At What Point Do You Need Workers’ Comp?
Many Small business owners make the mistake of not securing a policy after they hire their first employee. Some mistakenly believe they need at least five employees before they must secure coverage.
But in California there is no minimum and if you go without coverage and an employee is injured on the job, your firm could be held liable for all of the medical costs and any lost pay from missing work.
Also, if you are taking on independent contractors and they are primarily working for you, it could be a sign that maybe you should be classifying them as employees.
We hope in this article to clear up any confusion you may have about workers’ compensation if you are a small employer.
If you are running a business, you are not required to purchase workers’ compensation coverage for yourself. The same holds true if you are a sole proprietor and you work with your spouse in running the business.
You can cover yourself, though. In California, workers’ comp is optional where the partners of a partnership (or sole shareholders of a corporation) are the only ones performing work.
There are benefits to being covered under workers’ comp. If either of you were to get injured while working at the store, you could receive benefits to pay for your medical bills and for time off work.
But what if your nephew comes to work for you over the summer? Are you required to cover him for workplace injuries?
Yes! Even though your nephew is family, he is considered your employee. In California, an employee is anyone that you “engage or permit to work.”
As a result, you should treat him in the same way that you would treat someone that you hired through a formal job application process.
In short, California law requires any business with one or more employees to carry workers’ comp insurance.
There are serious consequences for failing to carry workers’ comp insurance. Here is the list of woes that you could face:
Misdemeanor – Operating without workers’ comp insurance is a misdemeanor in California, punishable by fines of up to $10,000, or by imprisonment in a county jail for up to one year, or both.
Stop orders – If the Division of Labor Standards Enforcement determines your business is operating illegally without workers’ comp insurance, it can issue a stop order against your business and prohibit you from using employee labor until insurance is secured. Failure to act on the stop order is punishable by imprisonment in a county jail up to 60 days, or by a fine up to $10,000, or both.
Additional fines – The Division of Labor Standards Enforcement can impose a penalty of $1,000 per employee on payroll at the time a stop order is issued and served, up to a maximum of $100,000.Litigated claims – If a claim goes before the Workers’ Compensation Appeals Board and your business is found to be illegally uninsured, you may be assessed further fines up to $10,000 per employee on payroll at the time of injury, with a maximum penalty of $100,000.
Employer liability – In addition to all the fines and penalties, your business is fully liable for all medical costs and bills relating to your employee’s illness or injury if you operate without workers’ compensation insurance.
This newsletter is not intended to provide legal advice, but rather perspective on recent regulatory issues, trends and standards affecting insurance, workplace safety, risk management and employee benefits. Please consult your broker or legal counsel for further information on the topics covered herein.