Risk Insider: Zachary Gifford

The Role We Must Own

By: | November 24, 2015 • 2 min read
Zachary Gifford is Director, Systemwide Risk Management with the California State University – Office of the Chancellor. He also is active in risk management organizations such as PARMA, PRIMA and RIMS. He can be reached at [email protected]

Unfortunately, campus shootings are not a new issue and the recent (or seemingly continual) spate of incidents reinforces the need to take a holistic approach to the risk, i.e., it is not a law enforcement issue alone.

I’m not talking about the need to include a variety of campus personnel and stakeholders in the planning, response and recovery processes, this is self-evident and well-established.

Rather, in this case the term “holistic” is best applied to considering the place of mental health professionals, such as Behavior Intervention Teams (BITS) or campus counseling teams (mental first aid) in collaborating on emergency management (prep, response & recovery) and with stakeholders/administration and academics.  Everybody has a stake in trying to mitigate the risk.

Most people wouldn’t argue with the point that the root cause of the vast majority of campus violence incidents is one of acute mental illness and the aforementioned feelings of desperation.

Here are two definitions of “holistic”:

Philosophy – characterized by comprehension of the parts of something as intimately interconnected and explicable only by reference to the whole.

Medicine – characterized by the treatment of the whole person, taking into account mental and social factors, rather than just the physical symptoms of a disease.

Recently when speaking with mental health professionals about emergency preparation and response, I had an epiphany … this being that the mental health component of preparation, response and recovery had not been a focus or even present in the emergency planning conversation.

As such, I made a commitment that one of my big pushes going forward was to make sure I would be an advocate for having campus mental health professionals at the table when discussing campus risk mitigation and crisis response.

In the words of  Patrick Prince of Prince & Phelps Consultants“No one wakes up one morning and decides, ‘I think I’ll go shoot up a campus today’.”

Rather, it is generally a lengthy mental process as one devolves from feeling that they have a gripe to feeling totally disenfranchised, disrespected, desperate, lonely and angry.

There are points along the way wherein there is a chance for intervention to address the risk and perhaps even assist the person of interest.

Most people wouldn’t argue with the point that the root cause of the vast majority of campus violence incidents is one of acute mental illness and the aforementioned feelings of desperation. We must remember that the perpetrator was once someone’s baby, friend, schoolmate, etc. and likely was not born with homicidal ideations.

Herein lies the opportunity for mental health professionals to mitigate the risk by assisting in the identification of people at risk, collaborating on intervention techniques and perhaps even treatment.

Further, it is incumbent upon an organization to stress the values of empathy, respect, dignity and looking through a holistic and not personally prejudiced paradigm.

We all have a chance to mitigate the risk by being decent human beings and not being afraid to reach out to appropriate persons to address a concern when observing disturbing behavior. “It is not my problem,” or “ I do not want to get involved,” are not responsible alternatives.

Ask yourself this.

“Are you a potential solution or a potential victim?”

Share this article:

Cyber Risk

Board Directors Worry about Cyber Security

A recent ruling requiring "reasonable care" in securing data increases liability risk.
By: | November 18, 2015 • 3 min read
Judge in courtroom

Corporate board members view cyber breaches as a growing threat, and the potential for liability has many looking to the growing cyber security insurance market, according to a recent survey.


Nine of 10 surveyed board members believe regulators should hold companies responsible for cyber breaches when “reasonable care” has not been taken to secure customer data, according to the survey by NYSE Governance Services and Veracode.

The survey questioned 276 board members about the way cyber security liability is being discussed in the boardroom.

With cyber attacks on the rise, boards and management are growing increasingly wary of any corporate behavior that can impact their brand or shareholder value. A 2014 study by Deloitte found that security is now the second-leading risk to a company’s brand.

The rise in high profile cyber attacks is expected to spark more lawsuits from both consumers and regulators to determine liability.

“Boards would be wise to start putting pressure on their companies to really focus on understanding their cyber security risk … to prevent brand damage and loss in shareholder value.” — Sam King, chief strategy officer, Veracode

“Boards would be wise to start putting pressure on their companies to really focus on understanding their cyber security risk … to prevent brand damage and loss in shareholder value,” said Veracode Chief Strategy Officer Sam King.

As a result of the increased focus on cyber liability, 50 percent of the NYSE/Veracode respondents said they expect investors to demand more transparency into their cyber security plans.

The report said boards would be wise to disclose more details about oversight and efforts when cyber incidents occur, or they could risk losing investor confidence.

FTC Lawsuit on “Reasonable Care”

Almost half of directors and officers who were familiar with the Wyndham Worldwide lawsuit said the case has influenced their decisions on cyber security liability.

The Federal Trade Commission alleged the hotel chain violated Section 5 of the FTC Act by failing to employ reasonable data security measures. Three breaches in 2008 and 2009 allowed hackers to steal card data from more than 619,000 consumers, leading to more than $10 million in fraudulent charges.

In the August 2015 ruling by a U.S. appeals court, FTC Chairwoman Edith Ramirez said it “reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data” and that it is “critical” that the FTC take action when companies fail to take “reasonable steps” to secure consumer information.


The decision is critically important to companies because it opens the door to further enforcement of such standards by the FTC.

The survey raises questions about how cyber-related liabilities will be framed, and when a company will be considered negligent for ineffectively securing sensitive information. Board members must ask what constitutes “reasonable” efforts to protect data and what security measures should be maintained, according to the NYSE/Veracode report.

It noted that the “Verizon 2015 Data Breach Investigations Report” found that 99.9 percent of the Heartbleed-like software vulnerabilities exploited in 2014 were publicly announced more than a year before.

“Was it ‘reasonable’ not to patch a known vulnerability? And should businesses be held liable for failing to do so?” — Verizon 2015 Data Breach Investigations Report

“Was it ‘reasonable’ not to patch a known vulnerability? And should businesses be held liable for failing to do so?” the report asked.

Third-Party Vendor Vulnerabilities

Surveyed board members also raised questions about third-party software providers and 90 percent said those providers should bear legal responsibility when vulnerabilities are found on their software.

Veracode’s “2015 State of Software Security Report” found that nearly three-fourths of enterprise applications produced by third-party providers had one or more vulnerabilities listed in the OWASP Top 10. The OWSAP Top 10 is a list of 10 critical security vulnerabilities, such as weak authentication management and security misconfiguration.

“As insurance providers tighten requirements for claims payouts, companies will be forced to meet a minimum standard of acceptable practices, thereby improving their overall security posture.” — Sam King, chief strategy officer, Veracode

While nearly almost all respondents said they are increasing or planning to increase security assessments to address liability concerns, two-thirds said they are also putting liability clauses into agreements with their third-party providers.

Some companies are also increasing audit committee oversight and hiring external consultants to reduce their vulnerabilities.

The growing risk has also given birth to a rapidly growing cyber security insurance market, which is expected to triple to $7.5 billion in the next five years, according to a recent report issued by PwC.

Of the NYSE/Veracode survey respondents who had such insurance, 35 percent said they currently insure against software coding and human errors that can lead to a loss of sensitive data.


Veracode’s King said cyber liability insurance may eventually establish a new baseline for cyber security best practices and requirements.

“As insurance providers tighten requirements for claims payouts, companies will be forced to meet a minimum standard of acceptable practices, thereby improving their overall security posture,” he said.

Craig Guillot is a writer and photographer, based in New Orleans. He can be reached at [email protected]
Share this article:

Sponsored: Liberty Mutual Insurance

Managing Construction’s True Risk Exposure

Mitigating construction risks requires a partner who, with deep industry expertise, will be with you from the beginning.
By: | November 2, 2015 • 5 min read

When it comes to the construction industry, the path to success is never easy.

After a long, deep recession of historic proportions, the sector is finally on the mend. But as opportunities to win new projects grow, experience shows that more contractors go out of business during a recovery than during a recession.

Skilled labor shortages, legal rulings in various states that push construction defects onto general liability policies, and New York state’s labor laws that assign full liability to project owners and contractors for falls from elevations that injure workers are just some of the established issues that are making it ever harder for firms to succeed.

And now, there are new emerging risks, such as the potential for more expensive capital, should the Federal Reserve increase its rates. This would tighten already stressed margins, perhaps making it harder for contractors and project owners to invest in safety and quality assurance, and raising the cost of treating injured workers.

Liberty Mutual’s Doug Cauti reviews the top three risks facing contractors and project owners.

“Our customers are very clear about the challenges they are facing in the market,” said Doug Cauti, the Boston-based chief underwriting officer for Liberty Mutual’s construction practice.

“Now more than ever, construction risk buyers – and the brokers who serve them – are leveraging our team’s deep expertise to find solutions for complicated risks. This goes way beyond what many consider the traditional role of an insurance carrier.”

Other leading risks facing contractors and project owners.

Given the current risk environment, firms that simply seek out the cheapest coverage could leave themselves exposed to these emerging risks. And that could result in them becoming just another failed statistic.

So what is the best way to approach your risk management program?

Understanding the Emerging Picture

Construction firms have been dealing with multiple challenges over the last several years. Now, several new emerging risks could further complicate the business.

After an extended period of historically low interest rates, the Federal Reserve is indicating that rates could rise in late 2015 or sometime in 2016. That would surely impact construction firms’ cost of capital.

“At the end of the day, an increased cost of capital is going to impact many construction firm’s margins, which are already thin,” Cauti said.

“The trickle-down effect is that less money may be available for other operational activities, including safety and quality programs. Firms may need to underbid and/or place low bids just to get jobs and keep the cash flow going,” Cauti said.

SponsoredContent_LM“Now more than ever, construction risk buyers – and the brokers who serve them – are leveraging our team’s deep expertise to find solutions for complicated risks.”
— Doug Cauti, Chief Underwriting Officer, Liberty Mutual National Insurance Specialty Construction

“Experience shows us that shortcuts in safety and quality often lead to more construction defect claims, general liability claims and workers’ compensation claims,” Cauti said.

Currently, the frequency of worker injuries is down on a national basis but the severity of injuries is on the rise. If those frequencies start creeping up due to less robust safety programs, the costs could grow fast.

And if this possible trend is not cause enough for concern, the growing costs associated with medical care should have the attention of all risk managers.

“Five years ago medical costs represented 56 percent of a claim,” said Jack Probolus, a Boston-based manager of construction risk financing programs for Liberty Mutual.

“By 2020, that medical cost will likely grow to 76 percent of an injured worker’s claim, according to industry experts,” Probolus said.

Rising interest rates and rising medical costs could form a perfect storm.

Focusing on the Total Cost of Risk

For risk managers, the approach they utilize to mitigate the myriad of existing and emerging risks is more important than ever. The ideal insurance partner will be one that can integrate claims management, quality assurance and loss control solutions to better manage the total cost of construction risk, and do it for the long term.

Liberty Mutual’s Doug Cauti reviews the partnership between buyers, brokers and insureds that helps better manage the total cost of insurance.

In the case of rising medical costs, that means using claims management tools and workflows that help eliminate the runaway expense of things such as duplicate billings, inappropriate prescriptions for powerful painkillers, and over-utilization of costly medical procedures.

“We’re committed to making sure that the client isn’t burdened in unnecessary costs, while working to ensure that injured employees return to productive lives in the best possible health,” Probolus said.

The right partner will also have the construction industry expertise and the willingness to work with a project owner or contractor from the very beginning of a project. That enables them to analyze risk on the front end and devise the best risk management program for the project or contractor, thereby protecting the policyholder’s vulnerable margins.

“We want to be there from the very beginning,” Liberty Mutual’s Cauti said.

“This isn’t merely a transaction with us,” he added. “It’s a partnership that extends for years, from binding coverage, through the life of the project and deeper as claims come in and are resolved over time,” he said.

In other words, it’s a relationship focused on value.

Today’s construction insurance market – with an abundance of capacity – can lead to new carriers entering the market and/or insurers seeking to gain market share by underpricing policies.

“We see it all the time,” Liberty Mutual’s Cauti said.

Where does this leave insureds? Frustrated at pricing instability, or by the need to find a new carrier.  And wiser, having learned the wisdom of focusing on value, that is the ability to better control the total cost of risk.

“Premium is always important,” notes Liberty Mutual’s Cauti. “But smart buyers also understand the importance of value, the ability of an insurer to partner with a buyer and their broker to develop a custom blend of coverages and services that better protect a project’s or contractor’s bottom line and reputation. This is the approach our dedicated construction practice takes.

Why Liberty Mutual?

For more information on how Liberty Mutual Insurance can help assess your construction risk exposure, contact your broker or Doug Cauti at [email protected].



This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty Mutual Insurance. The editorial staff of Risk & Insurance had no role in its preparation.

Liberty Mutual Insurance offers a wide range of insurance products and services, including general liability, property, commercial automobile, excess casualty, workers compensation and group benefits.
Share this article: