All posts by Michael Stoop

Michael Stoop is the president of Metropolitan Risk Advisory. He leads a team of smart & proactive risk advisors whose acumen and protocols yield a substantive outcome for their customers. The goal is to achieve a cost efficiency and cost consistency that better positions them for growth and continuity in their native markets. Michael has been in the industry for over 20 years.
Cyber Liability Insurance, Loss Control, Risk Financing, Risk Management

Buying Cyber Insurance Does Not Protect Your Organization From Hackers

Understand that purchasing Cyber Insurance does not protect your organization from hacking. It simply finances some, not all components of the loss. A recent report by cybersecurity company Barracuda reported that Google-branded Spear Phishing attacks are up significantly since the start of 2020. These attacks only accounted for 4% of the total cyber attacks in 2020 so far. Barracuda reported over 100,000 form based attacks since Jan 1. 2020, 65% of them were branded to look like a Google form. These Google-branded attacks are significantly more prevalent than other branded competitor attacks.  Microsoft was the 2nd most impersonated account at 13% of the total spear-phishing attacks (2)

With 43% of all cyberattacks targeting small businesses (1), and the attacks increasing by 73% since the pandemic we encourage your company to build out “Operation Lockdown”. That’s what we called it at Metropolitan Risk after we read a Wall Street Journal article on how cybercriminals are increasingly attacking small businesses and holding their work files for ransom. Cybercriminals understand that many small and medium-sized businesses haven’t the focus, the budgets, and the staffing to defend against these cyber attacks. They are in effect low hanging fruit and easy prey. 

Further many businesses now are even more vulnerable due to the recent mobilization of the workforce from the physical office. This is because home networks aren’t secure, the data doesn’t sit behind a firewall or is not encrypted like in the office.  While newly remote employees were struggling to create routines, employers focusing on this new shift in workflows, cybercriminals know the back door is unlocked.

 

Here are two really important concepts to understand assuming we have your rapt attention with respect to the soft underbelly of your org. Understand that locking down your company from a cyberattack doesn’t guarantee that you won’t be hacked and won’t suffer damage. What it does do is significantly lower the probability that such an attack will be successful or cause much damage. A friend of mine Nick Lagalante from Tenable Cyber Security explains it this way. “Your goal is not to outrun the bear, your goal should be to outrun the slowest runners”. In essence, by making it more difficult to penetrate your systems and employees, cybercriminals should in effect move on quickly and find a softer target. 

Here’s the second big picture item to understand; Cyber Insurance is NOT cyber risk management. Cyber insurance functions as a way to finance the loss you incurred from the hack. It’s a safety net when plan A (Operation Lockdown) fails. It should NEVER BE PLAN A. Here’s more good news. Once you have been hacked the chances of you being hacked again goes up exponentially. Insurance carriers know this which is why the Cyber Insurance policies increase significantly in cost once you have been hacked as the carriers’ exposure to loss increases if they decide to insure you! 

 

This is why we built this case study on how at Metropolitan Risk took this challenge on for ourselves. It’s not the holy grail of cybersecurity prevention, and we don’t want to lead you to believe it is. What our case study does is make you a bit faster than most of your competitors who will suffer a hack and the corresponding costs that go with it. At Metropolitan Risk our goal is to keep you cost-efficient and cost consistent. When you read our Case Study it gives you an idea of how to organize the challenge, and address each item incrementally. The case study is only available to current Metropolitan Risk clients or potential prospects. 

 

Last point, this is a big one. You don’t have to figure all this out on your own. As a reminder, we actually built a Cyber Assessment built for small to medium-sized businesses that assess your current systems, protocols, and security measures. Upon completion, you get a report that gives you a green light for things you have done well, yellow for items that need to be tweaked, and red for let’s jump on this ASAP.

 

Then we suggest we get you a really solid cyber insurance policy as a Plan B just in case. Our Cyber polices are 25% less expensive IF you execute our assessment and tackle the items in red. 

 

How do you eat an Elephant? Piece by piece. CLICK HERE to sign up for our Cyber Assessment. 

 

Commercial Property, Other

Having The CORRECT Business Interruption Insurance Determines If Your Business Survives

Business Income Insurance or Business Interruption Coverage is not only the most often overlooked insurance coverage, but the error rate in how it’s calculated is over 90%, and I am being generous here. Skeptical, pull your policy. My guess is your current agent or broker just applied your gross sales to arrive at the Business Interruption limit, or worse if it’s actual incurred loss it’s only for 12 months. I love actual incurred loss, what it should state is “Actual Incurred Loss As Calculated By The Insurance Company”. Yes, there is a HUGE difference.

 

Imbedded in most insurance policies are provisions for “business interruption insurance” or “business income” . It’s these provisions that provide coverage for loss of critical business income that provide the financial sustenance for a business to survive. Simply because your business suffers a loss, your bills don’t stop. I know my landlord at Bridge Street in Irvington NY wants his check on the 1st of each month, regardless of any business or personal tragedy. He knows his bills keep coming as well, it’s a vicious cycle. Thus quite often you have insurance to help bridge the financial gap between the revenue that your business would have enjoyed except for a covered event. How the loss is calculated and ultimately reimbursed is an article all by itself, and it differs depending on what type of business you are in, (i.e. manufacturer, restaurant, retail wine merchant, hotel).

 

If NY Business Interruption Insurance is deemed critical to the survival of your business we suggest performing a Business Income Stress Test. Quite simply what we do is offer up two or three likely claim scenarios that would potentially keep most C.F.O.’s up at night. We overlay your companies current financial’s, ( P&L , Balance Sheet), and apply the insurance carriers formula for calculating the business interruption portion of the loss which is contained in your insurance policy. In each claim scenario, we show you what your potential shortfall is BEFORE the loss occurs which is a critical point. To perform this calculation after the event is called a CLAIM, which at that point is simply P&L triage to get you through the month.

 

It’s absolutely essential that this stress test be performed on every business. In our business we can pick up and move to a temp facility provided there is power, and be operational in a matter of hours. A NY Wine Merchant, or Westchester NY Restaurant cannot. Understanding your cost structure, what is and is not reimbursable, and planning for it upfront quite often is the difference between life and death for many small businesses because they don’t have the financial cushion or the credit lines to make up the difference. The insurance proceeds from business interruption, or business income claim is the only financial lifeline.

 

If you are interested in seeing how your business would fare in our proprietary Business Income Stress Test, please speak with one of our Risk Advisors or call 914-357-8444.

Human Services Practice Group Content, Marketplace News

New York’s DOL Introduces New Notice Of Pay Rate form for Home Care Providers Under New York Wage Prevention Act Updates

Effective October 1, 2020, New York State’s Department of Labor requires a new Notice of Pay Rate form for employers.  The form is required to be used by home healthcare aide under the Wage Parity Law. The updated changes to the New York Wage Theft Prevention Act  (WTPA) states the new Notice of Pay Rate Form must now include “the benefits portion of the minimum rate of home care aide total compensation.”

The amendment to New York’s Wage Parity Act requires that home healthcare employers include notice of the benefits their employees are receiving under the Wage Parity Law. The form requires employers to break down each benefit provided to the employee, and the home care agency must provide contact information for the person or entity providing the homecare aid benefits.

Home care agencies are now required to keep these records for at least six years.

What is required under the New York Wage Theft Prevention Act (WTPA)?

The WTPA requires employers to provide wage notices and pay stubs to their New York employees. The law requires written wage notices to be delivered to employees in English and the employee’s primary language, signed and dated by the employee and maintained for a period of 6 years. You must provide the notice at the time of hire and upon changes to the data.   The forms must include the following information on the written wage notice:

  • Rates of pay;
  • How the employee is paid (e.g., hourly, salary, commission, etc.);
  • Any allowances claimed as part of the minimum wage (e.g., tip, meal, or lodging allowances);
  • Regular payday;
  • The official name of the employer and any other “doing business as” names used; and
  • Address and phone number of the employer’s main office.

The employee wage statement or pay stub on each payday must include the following data:

  • Employee’s name;
  • Employer’s name, address, and phone number;
  • Dates covered by the payment;
  • Hours worked (both regular and overtime);
  • Rates of pay;
  • How the employee is paid (e.g., hourly, salary, commission, etc.);
  • Gross and net wages;
  • Itemized deductions; and
  • Itemized allowances and credits claimed by the employer.

Failure to comply with the new requirements of the WTPA in a timely fashion is punishable by penalties of up to $10,000 per affected employee. 

Click here to download the New Form

If you’re an employer in the home healthcare industry, you must revise your new hire notices & pay stubs to ensure they reflect the latest updates to WTPA. Failure to comply can subject your business to substantial penalties. Metropolitan Risk is closely monitoring Home Healthcare legislation in New York, New Jersey, Connecticut, and Florida. If you need additional information, contact a risk advisor at 914-357-8444

 

Source: New York Employers Must Comply with Updated Wage Notice Requirements

 

Construction Practice Group Content, Food & Beverage Practice Group Content, Human Services Practice Group Content, Transportation Practice Group Content, Workers Compensation Insurance, Workers Compensation Premium Audits

Who Is Exempt From Workers Compensation Coverage?

The New York workers’ compensation insurance law requires the majority of employers to have appropriate workers comp insurance coverage in place. However, there are three key exemptions.

Sole Ownership

If you run your business alone and don’t have any employees, you may not need to have workers’ compensation coverage.  You should note, however, that in order

not to inadvertently break the law, you must not use the services of volunteers, such as family or friends.

Partnership

Partnerships set up under New York laws may also be exempt, but only where they comply with the provisions applicable to businesses in sole ownership outlined above.

Small Corporation

Where one or two people have set themselves up as a corporation, hold all the offices and own all the stock, they might also be exempt, as long as they have no employees of any kind, as per the other two exempt categories above.

Sub-Contractors

It is important to note that should your otherwise exempt business use the services of sub-contractors, you should make sure they have their own insurance coverage. Otherwise, the New York Workers Compensation Board may rule that they are employees. Similarly, when a sole owner, partner, or small corporation owner works as a sub-contractor, he or she is required to hold personal New York workers compensation insurance.

*

Cyber Liability Insurance, Risk Management

Buying Cyber Insurance Does Not Protect Your Organization From Cybercriminals

Buying Cyber Insurance Does Not Protect Your Organization From Hackers

 

Understand that purchasing Cyber Insurance does not protect your organization from hacking. It simply finances pieces of the loss. A recent report by cybersecurity company Barracuda reported that Google-branded Spear Phishing attacks are up significantly since the start of 2020. These attacks only accounted for 4% of the total cyber attacks in 2020 so far. Barracuda reported over 100,000 form based attacks since Jan 1. 2020, 65% of them were branded to look like a Google form. These Google-branded attacks are significantly more prevalent than other branded competitor attacks.  Microsoft was the 2nd most impersonated account at 13% of the total spear-phishing attacks (1)

 

With 43% of all cyberattacks targeting small businesses (2), and the attacks increasing by 73% since the pandemic we encourage your company to build out a cybersecurity plan. At Metropolitan Risk we called our initiative “Operation Lockdown”  after we read a Wall Street Journal article on how cybercriminals are increasingly attacking small businesses and holding their work files for ransom. Cybercriminals understand that many small and medium-sized businesses haven’t the focus, the budgets, and the staffing to defend against these cyber attacks. They are in effect low hanging fruit and easy prey. 

How is your Company Vulnerable?

Further many businesses now are even more vulnerable due to the recent mobilization of the workforce from the physical office. This is because home networks aren’t secure, the data doesn’t sit behind a firewall or is not encrypted like in the office.  While newly remote employees were struggling to create routines, employers focusing on this new shift in workflows, cybercriminals know the back door is unlocked.

 

Here are two really important concepts to understand assuming we have your rapt attention with respect to the soft underbelly of your org. Understand that locking down your company from a cyberattack doesn’t guarantee that you won’t be hacked and won’t suffer damage. What it does do is significantly lower the probability that such an attack will be successful or cause much damage. A friend of my Nick Lagalante from Tenable Cyber Security explains it this way. “Your goal is not to outrun the bear, your goal should be to outrun the slowest runners”. In essence, by making it more difficult to penetrate your systems and employees, cybercriminals should in effect move on quickly. 

 

Here’s the second big picture item to understand; Cyber Insurance is NOT cyber risk management. Cyber insurance functions as a way to finance the loss you incurred from the hack. It’s a safety net when plan A (Operation Lockdown) fails. Cyber Insurance should NEVER BE PLAN A. Here’s more good news. If you’ve been hacked, the chances of you being hacked again are exponentially higher. Insurance carriers know this which is why the Cyber Insurance policies increase significantly in cost once you have been hacked as the carriers’ exposure to loss increases if they decide to insure you! 

Learn More: Conducting An Organization-Wide Phishing Test

This is why we built this case study on how at Metropolitan Risk took this challenge on for ourselves. It’s not the holy grail of cybersecurity prevention, and we don’t want to lead you to believe it is. What our case study does do is make you a bit faster than most of your competitors who will suffer a hack and the corresponding costs that go with it. At Metropolitan Risk our goal is to keep you cost-efficient and cost consistent. When you read our Case Study it gives you an idea of how to organize the challenge, and address each item incrementally. 

 

The last point, this is a big one. You don’t have to figure all this out on your own. As a reminder, we built a full-on Cyber Assessment built for small to medium-sized businesses that assess your current systems, protocols, and security measures. Upon completion, you get a report that gives you a green light for things you have done well, yellow for items that need to be tweaked, and red for let’s jump on this ASAP. 

 

Then we suggest we get you a really solid cyber insurance policy as a Plan B just in case. Our cyber polices are 25% less expensive IF you execute our assessment and tackle the items in red. 

 

How do you eat an Elephant? Piece by piece. CLICK HERE to take the Cyber Assessment. 

 

Commercial Property, Construction Practice Group Content, Food & Beverage Practice Group Content, Human Services Practice Group Content, Risk Management, Transportation Practice Group Content

Business Interruption Insurance Coverage For Business Continuity

Most business owners view the whole insurance purchase and claims process as a black art, which this writer completely understands. After 25 years in the business, I too scratch my head at some of the “spells” insurance carriers concoct.

Let me try and be as succinct as possible as I will focus on three main considerations:

  1. Purpose of business income coverage
  2. Coverage triggers
  3. A brief paragraph on valuations

Purpose of Business Income Coverage:

The main purpose of business interruption insurance coverage is for business continuity. It provides funds to pay for continuing expenses that remain even though the business is not operational at the moment. These necessary expenses keep the business viable for its eventual return. One example would be key staff, such as an executive chef. You wouldn’t want to lose their talents which are intrinsic to the success of your business, thus their compensation remains even though the kitchen is inoperable. There are very specific loss formulas and calculation variables that are used by insurance carriers contained in your policy that determines the amounts. See Item 3 for more information on valuations.

There are essentially three levels of business interruption coverage:

Standard Business Interruption Insurance coverage 

Intended to compensate the insured for income lost during the period of restoration. Continue until owner bring the operations and or facilities back online and fully functioning.

Extended Business Interruption

Provides additional coverage augmenting the standard business interruption coverage for a specific period of time once the facility or operation has been brought back online. An example of which might be a restaurant that re-opens after 6 months of restoration. It may take time for the public to return, which means their sales will be off until word gets out. Extended Business Interruption would help bridge that sales gap for 30, 60, or 90 days contingent on how much you purchase at the outset.

Contingent Business Interruption

Provides coverage above and beyond the standard business interruption insurance for damage or loss of income due to a loss for a key supplier, or a key tenant. I’ll give an example. Years ago Corning had a fire at their factory which supplied the majority of the screens for Samsung’s flat panels. Samsung had a significant drop in sales as they could not fill orders. Those customers bought from other manufacturers resulting in a net income loss for Samsung.

These are the three many levels of business interruption coverage. Most businesses have the Standard level. If your business might suffer losses from a time perspective, contingent supplier, or an anchor tenant, consider these enhancements.


What Triggers Business Interruption Insurance?

Great question, glad I asked. Coverage triggers are one of the most important features or mechanisms contained in all insurance policies. When a claim is presented insurance carriers ask two questions: what clause in the insurance contract “triggers” coverage, and what exclusions or limitations contained in the insurance contract “trigger” a claim denial. It’s either one or the other; guess which one they focus on most?

Essentially it comes down to a few critical answers:

  1. Is the event that caused the loss, a “covered peril” as defined in the insurance policy? Hint, fire is a covered peril, flood is typically not.
  2.  Did the business suffer a loss of business income as a result of suspension of operations resulting from that loss?
  3. Did the business suffer property damage from a covered location on the policy?
  4. Is the business being made whole for continuity purposes or is there an economic gain resulting from the coverage?

Examples

These are the main coverage triggers we look at from the outset. There are other more nuanced considerations in certain cases however I didn’t want this to turn into a doctoral thesis.

During Hurricane Sandy, many businesses suffered the loss of business income because their business had shut down for a period of time resulting in a potential net income loss. We fielded hundreds of questions in this vein. Sadly most of the losses were a result of flooding which was not a “covered peril” thus business income was NOT triggered.

In other situations, we made a case that a pre-emptive utility shut down by civil authority or landlord to protect their electrical infrastructure resulted in the loss, and not the flood. This argument only works if you also have the proper utility interruption coverage endorsement on the policy which triggers coverage. In absence of that endorsement, coverage would not apply to business income as losses didn’t result from a covered peril.  Some folks call this confusing, I call it job security. If you are unsure if coverage is triggered or not we suggest you speak to a Risk Advisor for a second opinion on your specific situation.

Business Interruption Valuations:

Here’s where the weeds get really deep. In the vast majority of policies that include business interruption coverage there usually is contained deep in the policy pages a standard formula or calculation that brings certain income and expenses in, and carves certain expenses and income out. An example of such might be utilities or rent that ceases during the period of restoration. Since the expense no longer occurs while the business is dormant the carriers pull this item out of their calculation. Within the methodology, both income and expenses brought in and out contingent on how necessary they are to continue business.

Another example is key staff versus line staff. It’s critical for certain businesses to maintain payroll for key management or staff, but not for everyone. Thus the calculation for payroll reimbursement usually only contemplates critical staff. The rest are furloughed thus the expense does not perpetuate and is not in the calculation.

One of the most valuable services we provide clients is a Pre Loss Analysis whereby we do the business interruption calculation prior to a loss to test the coverage limits and triggers to ascertain how accurate it is if a sizable loss truly occurred. We have found that 98% of businesses are vastly underinsured for business interruption when we actually did the pre-loss calculations.

Why MetRisk

Industries that are susceptible to being underinsured for business interruption are Real Estate (Commercial & Residential), Manufacturing, Hospitality (Restaurants, Hotels), Retail & Wholesale Operations, and Healthcare.

We suggest you contact a Risk Advisor to do a Business Interruption Pre Loss Calculation, or simply order our free worksheet to do the calculation yourself. We believe it’s an enormously important exercise to do preemptively before a loss occurs. The survival of your business may depend on simple math.

 

Other

How to Avoid Overexertion in the Workplace with Statistics

A common cause for New York workers compensation insurance claims can be overexertion. In fact, the Bureau of Labor Statistics recently published 2017-2018 overexertion statistics. They found that 295,000 in 2017 and 282,000 overexertion injuries in 2018 caused days off from work, and naturally, WC claims. These take up 31% of the non-fatal; work injuries that cause work days lost. This could result from a wide range of activities, such as lifting, carrying, throwing, pushing, or pulling. Although it is easy to overexert muscles, there are a few simple tips you could give your employees to help prevent such injuries. These near 600,000 days lost are all preventable by doing simple daily routines differently. Here are a few of these examples.

Start Easy

Many people have a tendency try to do too much when first starting a project. The result is that they end up injuring themselves, which means their work has to be put on hold until they heal.

Pace Yourself

Some make it a point to work as fast as possible. Unfortunately, they do not seem to realize that they could easily injure themselves while working at such a quick pace.

Know Your Limits

Regardless of the activity that a person is doing, it is always a good thing to know when to ask for help. Many people injure themselves by overdoing an activity, such as lifting a box that is clearly too large for one individual.

Set Obtainable Goals

Many times a person sets goals that he or she has no hope of actually reaching. By being reasonable with their workload, employees reduce the risk of injuries while still earning a sense of accomplishment.

Overexertion could happen regardless of how physically fit a worker is. This is why it is important to train your employees in the proper way to perform their job functions. Otherwise, you may be facing a New York workers compensation insurance claim and staff shortages.

 

Construction Practice Group Content, Risk Management

COVID-19 Safety Guidance for the Construction Industry

Are you a construction firm working in NY? We found this great presentation by Domenique Camacho Moran, Partner and Head of the Labor & Employment Practice at Farrell Fritz addressing some of the parameters that various state and city agencies are recommending and goes through safety guidance for the construction industry.
CLICK HERE for the slides from the May 29, COVID-19 Town Hall: NY’s Safety Guidance for the Construction Industry. This PowerPoint touches on everything that deals with safety in the workplace for construction employers.
 
Further, it seems to make decent sense from a work safety standpoint. We suggest you forward this to your P.M.’s and your safety personnel to make sure your construction firm is thinking about these issues these next few months. 
Unfortunately, this problem does not seem to be going away anytime soon. Especially in the workplace, we need to demonstrate safety precautions for our workers in the midst of a global pandemic. Addressing safety measures can be a good review for the post-pandemic workplace. Hopefully, this event will create safer work sites for the construction industry, as well as all the other workplaces around New York.
 
Welcome to the “abnormal”, at least for the next few months.
Still have a few questions? Contact a risk advisor today at 914-357-8444. Or, visit us at our website here.
Construction Practice Group Content, Line of Insurance, Risk Management

Covering Your Out of State Exposure NYSIF Workers Compensation Policy

If you have jobs, locations, work, or employees who are now working from home and you are covered by the NY State Insurance Fund you need to make adjustments to your workers’ compensation insurance policy. Understanding the out of state exposure NYSIF compensation policy can be beneficial to keep your insurance and claims costs down.

 

Two Quick Points :

Point # 1:  If you are covered under an NYSIF workers compensation policy and you now have employees working from home in other states we suggest you add endorsement # 127 extraterritorial to your NYSIF workers’ compensation policy. 

The language on the endorsement is as follows:

The policy covers bodily injury to all your employees while performing work within the State of New York and to your regular New York employees while performing work of a temporary nature outside the State of New York. The policy covers claims for benefits by these regular New York employees only if they are filed under the jurisdiction of the New York State Workers’ Compensation law. The policy does not cover claims for benefits filed under any other state’s laws.

The policy does not cover bodily injury to your employees who work solely outside the State of New York except salespersons controlled and directed from New York regardless of where such salespersons were hired. 

Given the “temporary nature” of the work at home allowances many companies have made during COVID 19 we suggest New York State Fund policyholders should add this endorsement just as a precaution. Please keep in mind a gap still exists if the employee chooses to file a workers’ compensation insurance claim in their home state as the NYSIF will only pay the NY State benefit. If the employee files in New Jersey which has a higher monthly indemnity limit the gap between the higher NJ rate and the lower NY rate would be self-funded by the employer. 

Point # 2: If in fact the work is not “temporary in nature” and more substantive you need to find worker’s compensation coverage for that out of state work elsewhere. The New York State Insurance Fund, NYSIF will not endorse another state under section 3(A) of their New York State Workers Compensation insurance policy. This creates a substantial gap in coverage. Should an employee be injured outside of New York State at another company site, or work location coverage for that injured employee will be denied. Beyond funding the workers’ compensation claim with your own money, the fines levied can be significant adding insult to injury; pardon the pun. 

 

We suggest you speak with a Risk Advisor to bridge this critical coverage gap. Back to your regularly scheduled programming.