Risk Insider: Jack Hampton

Breaching the Electronic Levees

By: | October 24, 2016 • 3 min read
Jack Hampton is a Professor of Business at St. Peter’s University in New Jersey and a former Executive Director of the Risk and Insurance Management Society (RIMS). He was named a Risk Innovator in 2008 by Risk and Insurance®. He can be reached at [email protected]

October 21, 2016.

In what was described as a stunning breach of global Internet stability, a coordinated cyberattack struck online social networking and other systems including Twitter and PayPal.

In a distributed denial-of-service, hackers flooded servers, causing them to collapse under the overload.

Such attacks are common and we are getting used to them. This is not good.

Mounting evidence shows hackers are becoming more powerful, more sophisticated, and increasingly interested in targeting core infrastructure providers.

Yesterday Twitter, tomorrow the electricity grid and nuclear power plants.

We have been there before. The year was 2005. The event was Hurricane Katrina.

Today’s “Katrina” is not a natural disaster. Neither is it limited to the U.S. Gulf Coast. It’s a national or global cyber attack.

Here’s what we knew. Major portions of New Orleans flooded on average every three years for the prior 200 years before Katrina struck in 2005. Even heavy rain exceeded the capabilities of pumps trying to get rid of the water.

Advertisement




Since the early 1800s, the city enforced a code of burial in tombs above ground. Nobody wants flooding to uproot caskets and have them floating in the streets.

The cemeteries, called “cities of the dead,” were a major attraction. Even today you can pay $25 a person and take the whole family on a “2-Hour Cemetery & Voodoo Walking Tour” in New Orleans.

So planners in that city rationally had their eyes on tourism dollars. But what about risk management?

Rain is one thing. Levee breaches are another.

The entire city was protected either by high ground or levees built to withstand a Category 3 storm. Atlantic hurricanes had been growing in intensity.

Katrina was a Category 5 upon arrival in Louisiana. The levees failed.

Katrina should have been seen in advance. Not the exact date. Not the horror. Just the madness of how we often fail to fix the obvious until it’s too late.

Today’s “Katrina” is not a natural disaster. Neither is it limited to the U.S. Gulf Coast. It’s a national or global cyber attack.

The recent attack on Twitter and others did more than disturb our instant messaging. It gave us a glimpse of an impending electronic catastrophe.

We recall automobiles with faulty ignition switches that can kill or injure us. We replace defective smart phones that catch fire or explode, with the potential to take down commercial airliners.

Why do we ignore the fact that we are connecting our entire daily life — emails, phones, cars, appliances, hospitals, electrical networks, and pacemakers — to a single vulnerable system? We need more than electronic “levees” built to withstand a rainfall when we are facing a cyber tropical cyclone.

Does this risk management failure stem from being penny-wise and pound-foolish?

The annual U.S. spending on national defense is $600 billion. The government budget deficit is also $600 billion. Annual social security and disability benefits amount to $930 billion.

How much is too much to reasonably spend to protect us as we stand here, watching these approaching electronic storm clouds?

Spending for personal virus protection? $30 annually per computer.

Spending for business systems? Thousands to millions of dollars.

Spending to stabilize a global communication network that could allow really bad people to cause devastation and calamity? Priceless.

Share this article:

Risk Insider: Les Williams

Risk Favors the Prepared

By: | October 18, 2016 • 2 min read
Les Williams is partner and chief revenue officer of Risk Cooperative. He holds a B.S. in Mechanical Engineering from the University of Virginia and an MBA from Harvard Business School. Prior to joining Risk Cooperative, Les served in various institutional sales positions at SoHookd, JLL, and IBM.

A recent study published in the “New York Times” highlighted an interesting discovery. Scientists researched how special operations soldiers and race car drivers achieved resilience during the physical and emotional stresses of their jobs.

These individuals were placed in brain-scanning machines and were fitted with face masks through which the researchers were able to control the flow of oxygen at the press of a button.

In another control group, 48 healthy adults were placed in the same machines and were given the same face masks to wear. These adults were divided into three groups: high resilience, average resilience, and low resilience. These categories were determined by questionnaires given to them about their self-perceived emotional and physical resilience.

As the researchers began restricting the flow of oxygen, something interesting happened. The control group of “low resilience” healthy adults had brain signals that were quite inactive right before they realized the button was going to be pushed, resisting the flow of oxygen.

However, after they started having trouble breathing they experienced extremely high levels of activation in the section of their brains leading to bodily awareness; overreacting to the threat once breathing became difficult.

The more we are prepared for impending disasters, the more favorable the outcome will be when the inevitable actually occurs.

The control group of “average and high resilience” adults, as well as the elite soldiers and racers, showed increased levels of brain activity right before they thought their oxygen was about to be restricted. However, the level of activity in their brains sending signals to bodily awareness were muted. This group experienced a stressful condition but did not overreact physically or mentally.

Advertisement




The aforementioned example accurately illustrates the power of resilience; the ability to maintain a level of functionality despite changing conditions in one’s environment.

For a family, attaining a level of high resilience could mean knowing what to do in case of a fire at home. For a nation, ensuring that local, state, and national agencies are operating under the same procedures and nomenclature leads to a higher level of resilience. The establishment of the Department of Homeland Security after 911 is a great example.

For businesses, attaining a high level of resilience includes:

  • Ensuring employees have proper cyber hygiene; having dual levels of authorization for money transfers above a certain threshold, limiting privileged access to sensitive data, continuous training of employees on current cyber threats, and conducting mock cyber-attack drills.
  • Implementing wellness programs to encourage employees to stay healthy, saving the firm money on health insurance claims and potential lost man-hours due to sick employees.
  • Having a detailed active shooter plan in place. Active shootings are becoming more prevalent, and it is important for companies to train for these much like they would for fire drills.
  • Ensuring employees traveling abroad are educated on potential risks in that country. Having the phone number of the U.S. embassy, procuring the services of emergency evacuation firms, and providing adequate health care coverage abroad are all noble efforts.

The more we are prepared for impending disasters, the more favorable the outcome will be when the inevitable actually occurs.

Share this article:

Sponsored: Liberty Mutual Insurance

From Drones to Defects: Planning for Construction’s Top Challenges

Construction buyers must be more vigilant about protecting projects before breaking ground.
By: | November 2, 2016 • 6 min read

The construction industry is firing on all cylinders. New projects spring up every day, but not all go according to plan.

Three out of every four construction projects fail to finish on time. Every party involved – owners, designers, contractors and subcontractors – expects perfection, with the final product delivered on schedule and on budget. Those expectations leave little room for uncertainty, so even a small hiccup can have ripple effects that disrupt a project for everyone.

As outlined in a recent report by McGraw Hill Construction “a lack of thoroughness of preconstruction planning, estimating and scheduling” is a leading cause of uncertainty.1

“There’s often a big disconnect on the front end of project planning,” said Doug Cauti, Senior Vice President, National Insurance, Chief Underwriting Officer, Construction, Liberty Mutual.

Proactive risk mitigation is also important to manage emerging challenges facing the construction industry ‒ drone regulations are evolving, commercial auto losses are rising, and so is uncertainty about which party might be held responsible for a construction defect. Without the proper planning, these issues can easily be overlooked and result in major losses and project disruption.

Liberty Mutual’s Doug Cauti discusses key challenges facing the construction market.

“Key risk management strategies have to be aligned among all parties from the beginning to minimize these uncertainties.”

Before construction begins, there are actions that project owners, designers and contractors can take to address these challenges and better protect their projects and businesses:

Drone Dangers

Drones can be useful tools on construction sites, providing an extra set of “eyes” for large commercial projects or tall buildings. They provide a real time aerial glimpse of works in progress, giving supervisors an added perspective to spot potential flaws, assess safety hazards, and check on workers. But many challenges remain in the safe — and legal — operation of drones.

Liberty Mutual’s interactive infographic highlights risks related to managing drones at construction sites, and also includes a pre-planning drone use guide and a pre-flight checklist that includes making sure to review the latest drone regulations.

How construction buyers can manage the insurance implications of using drones in their operations.

General contractors and project owners need to stay up to speed on FAA regulations, which changed in August, 2016.

“For one thing, operators need to have the drone in sight at all times,” Cauti said.

“And you need to make sure any operators are appropriately licensed and trained, that the drones are regularly maintained, and that the machines don’t impede on others’ safety and privacy.”

Clear flight paths and work zone boundaries can minimize the risk of a drone striking another property, or worse, a person. Operators should also know how to conduct an emergency landing if the drone suddenly loses power. It’s also important to consider how you are going to manage and use drone footage. Advertising liability can be a concern if third party images are captured and released. Know who is in charge of the data collected, who has access to it, and how you are going to protect it.

“If the contractor owns the drone, it takes on more liability. The contractor should review its insurance policies to make sure the coverage will respond to that risk,” Cauti said.

SponsoredContent_LM“As an insurance carrier, we may have a role to play in those proactive discussions. We are uniquely positioned to help project stakeholders see their risks and work to minimize them.”

— Doug Cauti, Senior Vice President, National Insurance, Chief Underwriting Officer, Construction, Liberty Mutual Insurance

Contractors and project owners can protect themselves through enhancements to their commercial general liability policies or through separate aviation policies, he said.

If a general contractor leases a drone through a third party, “they bear the responsibility of making sure the vendor is fully insured,” Cauti said. Vendors should have “non-owned” aviation coverage with limits suitable to handle the size of the risk.

Fleet Safety

Commercial auto losses challenge many business sectors, and construction is no exception.

More vehicles on the road and more miles driven, combined with fewer experienced commercial drivers, are driving up the frequency of accidents. On construction sites in particular, congestion created by closed roads, piles of materials and roving heavy machinery may lead to work zone accidents. Rising medical costs and repair and replacement costs of high-tech vehicles increase claim severity.

“I don’t see this trend reversing any time soon,” Cauti said.

Mitigating commercial auto losses begins with driver hiring practices.

“Pay attention to who you put behind the wheel,” Cauti said.

“Motor vehicle reports (MVRs) and driving history can alert employers to previous accidents or tickets. But there also needs to be regular communication with the drivers you do hire, and clear protocols in place that define expectations of how the job should be performed,” he added.

Ways construction buyers can manage rising commercial auto loss costs and better protect their fleets and employees.

Those protocols include requiring the use of seat belts, prohibiting cell phone use while behind the wheel, mandating scheduled breaks, outlining maintenance procedures, defining if company vehicles can be used for personal use, and establishing crash report procedures that delineate who to contact and what information to collect in the event of an accident.

Contractors can also monitor fleet performance through telematics systems. These on-board systems can track unsafe driving behaviors like hard braking, sharp turns, and speeding. But the data is only as good as the person analyzing it. Contractors and project owners should partner with an insurer who can use fleet telematics data effectively to pinpoint common causes of accidents and recommend specific risk mitigation strategies.

Liberty Mutual’s Managing Vital Driving Performance is one tool that leverages insureds existing telematics data to identify unsafe driving behaviors and accident patterns.

“Our risk control consultants can drill deeper into the data and interview drivers to identify patterns and find out the root causes of bad driving behaviors in the first place,” Cauti said.

For example, a post-accident interview with a driver could reveal that he had been skipping breaks and spending too many hours on the road, leading to fatigue and inattentive driving.

Identifying those connections enables consultants to make specific risk mitigation recommendations, such as adjusting drivers’ schedules and workloads to reduce overtime, or adjusting dispatch protocols so employers can ensure drivers aren’t working too many shifts in a short period of time.

Construction Defects

Another uncertainty project owners, designers and contractors have to face is how insurance coverage will apply should a project end up in a dispute. “The struggle is around the definition of ‘faulty workmanship’ and who is responsible for the defect. Is it in the design or the build?” Cauti said.

“There can be a lot of finger pointing involved. This reinforces the need for contractors to have a systematic quality assurance (QA) program that adheres to best practices, and for every party to have a role in it.”

Elements of a QA program could include testing of construction materials, conducting regular walk-throughs and obtaining approvals from the owner at key phases, and final sign-off by the owner at the project’s completion.

How construction defects and the current legal climate are affecting projects.

Construction defect claims can affect a business’s reputation, profits, and ability to maintain insurance coverage. That’s why it’s so important to be vigilant about avoiding construction defects, whether you’re a designer, developer, owner or general contractor.

Ultimately, though, these risks should be addressed before ground is broken. Discussing these challenges and collaborating on loss prevention strategies up front reduces the likelihood that any “hiccups” will throw off project timelines or increase costs for the various stakeholders.

Pre-planning discussions also offer the opportunity for these parties to take advantage of carrier partners’ risk control services.

“As an insurance carrier, we may have a role to play in those proactive discussions,” Cauti said.

“We are uniquely positioned to help project stakeholders see their risks and work to minimize them.”

To learn more about Liberty Mutual’s solutions for the construction industry, visit https://business.libertymutualgroup.com/business-insurance/industries/construction-insurance-coverage.

[1] Managing Uncertainty and Expectations in Building Design and Construction SmartMarket Report

SponsoredContent

BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty Mutual Insurance. The editorial staff of Risk & Insurance had no role in its preparation.








Liberty Mutual Insurance offers a wide range of insurance products and services, including general liability, property, commercial automobile, excess casualty, workers compensation and group benefits.
Share this article: