Protecting Your
Business Against Data
Breaches - Page 1
Why Workers’
Compensation Rating
Matters - Page 2
Safety Training May
Prevent Costly OSHA
Citations - Page 3
New Commercial
Driver’s License
Medical Certification
Rules - Page 4
Risk Monitor
MARCH 2014
A NEWSLETTER FOR CLIENTS AND FRIENDS OF BANCORPSOUTH INSURANCE SERVICES, INC.
Protecting Your Business Against
Data Breaches
In December 2013, the prominent
retail chain Target announced that
hackers had breached their credit
card processing systems. The
breach comprised credit and debit
card information for as many as 40
million customers who had shopped
November 27 through December 15.
Hackers comprised customer’s names,
card numbers, expiration dates and
card verification values (CVVs).
Law enforcement authorities and
Target’s own investigators confirmed
that stolen card numbers were
coming up for sale on Internet
sites catering to identity
thieves at anywhere from $20 to
$100 per card. This hack was one
of the largest data breaches in U.S.
history.
All businesses are at risk
If your business fails
to protect information
from criminals both
internal and external
to your organization,
you could be liable for
damages.
To locate an office near you,
please visit us online
at www.bxsi.com
or contact us at
info@bxsi.com.
If Target’s modern internet security
and encryption can be hacked, so can
yours. If your business fails to protect
information from criminals both internal
and external to your organization, you
could be liable for damages.
the attorney’s fees alone involved in
mounting a defense would be a very
significant hardship, even in much
smaller cases.
The fact is that credit card thieves,
hackers and extortionists do not
attack just large businesses, but all
size businesses. In fact, it happens
every day. For example, servers in
restaurants can swipe a credit card
using a smart phone and a small
reader they can carry around in their
pockets. Advances in technology
have also created new dangers for
businesses, and an emerging area of
insurance and law centered on cyberrisks.
As a business, your risks are not
confined to credit card numbers and
transactions. You could be facing
immense liability from any of these
cyber-crime related risks:
l
l
l
Target was named a defendant in
a lawsuit within days of the news
breaking. The lawsuit against Target
claimed, “Target failed to implement
and maintain reasonable security
procedures and practices appropriate
to the nature and scope of the
information compromised in the data
breach.” Naturally, Target can afford
the top attorneys in the country to
defend its interests. However, for most
small or medium-sized businesses,
l
l
l
Security breaches in business
checking accounts
Electronic theft of money you hold
as a fiduciary for your clients or
customers
Health insurance records
Theft of personal information such as
e-mail addresses
Customer bank account and other
billing information
Personally-identifiable medical
information
Criminals are not the only cause for
cyber risks. A fire can destroy your
servers or a virus can infect your
continued on page 3
Welcome to the BancorpSouth Insurance
Newsletter!
It is with great satisfaction that we bring this newsletter to you. In this issue and in
coming months, we will discuss pertinent risk management topics which may affect
your organization. We sincerely hope that you will find this newsletter informative
and please do not hesitate to contact us should you have any questions or needs.
Why Workers’ Compensation Rating Matters
Most business owners and executives
understand that workers’ compensation
insurance not only protects workers,
but also protects their company.
However, fewer business owners
are aware of how premiums are
determined and how their safety
track record figures into their
rating. Understanding the workers’
compensation rating process can help
you to qualify for lower premiums,
saving your business money and
making you more competitive.
Industry underwriters set workers’
compensation premiums using a
process similar to how most companies
price group health insurance. The
underwriters look at the actual claims
experience for similar workers in
your area and your company’s claims
history. Underwriters turn to the
National Council on Compensation
Insurance (NCCI) when there is
insufficient local claims experience.
The NCCI hosts a library of workers
injury and compensation data.
Generally, underwriters will take your
payroll and multiply it by an average
claim factor for a particular type of
worker. This produces a baseline
average of the total number of
expected claims, which they subdivide
as claims per $100,000 of payroll,
claims per year or claims per time
unit. Underwriters consider frequency
of claims as a close representation
of an individual business’s safety
culture. They also average severity of
claims for the type of worker in your
industry. Then underwriters combine
the frequency and severity of claims
and arrive at a baseline prediction for
expected losses.
Underwriters must then try to assess
your business and answer the following
question: Given the policies and
procedures in place at your business
and your claims history, is your
company likely to produce losses that
are higher or lower than the industry
baseline?
Over time, underwriters have
discovered that the most likely future
claims predictor is a history of claims
at your company. Therefore, to save
money on workers’ compensation
premiums, it makes sense for the
company to focus on preserving
the safety of the work environment.
Businesses can invest in a safe work
About Our CARE Program
environment in terms of both resources
and management focus.
Your underwriters will then assign your
business a workers’ compensation
insurance rating also known as an
experience modifier (E-Mod). An
E-Mod of “1” means your business
meets the average claims experience
in your industry for the area.
Any rating higher than “1” indicates
a below-average risk for workers’
compensation claims and can result in
an increase in premium. Your E-Mod
represents your workers’ compensation
claim experience and directly impacts
your insurance premiums. By reducing
your E-Mod by just 0.01, you can
reduce workers’ compensation
premiums by up to one percent.
If your rating is higher than “1”, you
may be able to qualify for future
lower rates by reviewing your safety
program and the types of losses your
company has incurred. By identifying
patterns and recurring themes within
your claims history, you may be able
to reduce the workplace accidents and
injuries.
Best Practices
In the long run, your safety record is a
reflection of your overall safety culture.
Everyone is a part of your workplace
safety culture, but your company’s
leaders must support the mission.
Below are a few best practices for
improving your safety culture.
l
l
l
l
Invest in safety training for all of your
workers
Make safety training programs
tailored to specific job roles
Appoint a team to monitor your safety
and OSHA compliance, and empower
him or her to enforce it throughout
the company
Empower any worker to halt work
activities if he or she becomes aware
of an unsafe work condition, until that
condition can be corrected
Our Claims Analysis Reducing
Experience Modifiers, or CARE,
program audits every workers’
compensation claim with reserves
above $5,000, any claim with indemnity
(lost time) reserves or any claim open
longer than 180 days. Additionally,
our audit service makes certain your
E-Mod is properly calculated and is at
its lowest possible point. To achieve
this goal, our audit service includes:
l
l
l
l
l
Claim review (retrospective and
prospective) with an assigned
adjuster to ensure the file is reserved
in accordance with best practices and
claim closure is expedited
Follow-up and verification of reserve
reductions resulting from our review
process
Recalculation, confirmation and
projection of E-Mods eliminating
errors, reducing premiums and
illustrating the impact of losses on
premiums
Affirmation with various rating
bureaus verifying any corrections
have been made
No-cost analysis or math model
For more information about workers’
compensation rating or our CARE
program, please contact your
BancorpSouth Insurance Services
representative.
continued from page 4 ... New
Commercial Driver’s License
Medical Certification Rules
to Federal Motor Carrier Safety
Administration (FMCSA) for a
renewal of your variance.
If a commercial driver fails to comply
with the new requirements, he or
she will fall into “not-certified” status.
Drivers not in compliance may lose
their commercial driver’s license, per
federal regulations CFR 383, 384,
390 and 391.
Specific requirements and
procedures to provide medical
clearance information vary by state.
A breakout of specific requirements
by state, along with contacts for
more information, is available at
http://www.fmcsa.dot.gov.
continued from page 1 ... Protecting
Your Business Against Data
Breaches
computer systems. Damages can
quickly total into the hundreds of
thousands or millions of dollars,
depending on the size of the
business and the nature of the
comprised, destroyed or stolen
data.
Insuring Against the Risk
Safety Training May Prevent Costly
OSHA Citations
The Occupational Safety and Health
Administration (OSHA) recently cited
a major piping company in Texas
for three serious violations and four
repeat violations. The company made
clamps, expansion joints and pipe
supports for oil refineries. OSHA cited
the company after an employee at
the piping company was injured by a
mechanical press’ broken die piece.
The combined total of the citations was
almost $200,000.
For the repeat violations, the company
had failed to guard band saws and
punch presses. They also failed to
provide lockout/tagout education about
energized sources to employees. In
addition to this, they failed to conduct
an annual review of such procedures.
OSHA issues repeat violation citations
if an employer has a previous citation
for an offense and commits the same
or similar offense again. This includes
any of the employer’s other facilities
in states where there are federal
enforcement laws. Any previous
offense applies for the past five years.
In this specific case, the company had
received citations in 2011.
The company was cited for failing to
use undamaged slings for moving
and lifting equipment and failing to
secure a fuel gas cylinder. They also
did not provide proper strain relief for
their electrical wiring. Employers can
receive serious violations if there is
a substantial risk of serious physical
harm or death as a result of a condition
that an employer knew about but did
not fix.
Approximately 700 employees at the
company were receiving citations. In
2011, OSHA inspected the company
twice. Citations were issued for failing
to guard the operation points on the
press brakes, shears and band saws.
The company settled the 2011 cases;
however, the company contested the
2013 citations.
Every company can learn a lesson from
this case. It is important to know how
to avoid these types of risks. OSHA
provides training for lockout/tagout
procedures on their website through
the 29 CFR 1910.147 regulation.
Multiple OSHA departments and
compliance officers helped develop
the lockout/tagout program. This
information gives new and seasoned
workers the knowledge they need to
stay safe and conduct lockout/tagout
procedures correctly.
To ensure thorough lockout/tagout
training, there are three training
components. OSHA provides a lockout/
tagout tutorial, several abstracts and
discussions of major issues and seven
simulated case studies.
Machine guarding is another important
issue in the lockout/tagout program.
Moving parts in machines can severely
injure or kill workers, so companies
should properly train workers to know
how to avoid injuries. Workers should
safeguard machine parts to help
prevent injuries. When injuries happen,
employers have a responsibility to
control or eliminate the machines
causing the injuries. OSHA offers
general information about motion
hazards of machines and proper
techniques for safeguarding them.
OSHA also highlights standards and
provides information about specific
types of machines.
If a company is cited by OSHA, the
business has 15 working days from the
time the citation was issued to comply
or request a conference with an area
Fortunately, it’s now possible to
insure against the devastating
effects of a data breach or network
disaster. You can purchase a
separate cyber liability policy
helping protect your business
against cyber risks. While there is
no “standard policy form” at this
point, most cyber liability policies
provide coverage against the
following types of risks:
l
l
l
l
l
l
Data destruction
Data recovery costs
Business continuation
Data theft costs
Extortion
Legal fees arising from cyber risks
As with any type of insurance,
definitions matter, so look beyond
the monthly or annual premium
costs. Be sure to review coverage
definitions and any exclusions.
Who to Involve
Selecting appropriate coverage
is a team effort. Best practices
include getting input from not only
management, but also dedicated IT
personnel and your BancorpSouth
Insurance Services agent. These
professionals can help keep
management apprised of the latest
scams, risks and vulnerabilities
within their own business.
To learn more about protecting your
business against data breaches,
contact your BancorpSouth
Insurance Services representative.
director. If businesses feel there was
an error in the citation or would like
to contest the findings, they should
schedule a conference. To learn more
about compliance standards and the
consequences of failing to comply,
discuss concerns your BancorpSouth
Insurance Services representative.
New Commercial Driver’s License Medical
Certification Rules
The deadline for compliance with a
new set of rules concerning the medical
certification is upon us. As of January
30, 2014, commercial drivers must
provide additional information to their
state driver’s licensing authority. They
must report information on the type
of vehicle they operate or expect to
operate. In some industries or operators
of certain types of vehicles may have
to submit a current medical examiner’s
certificate to their State Driver Licensing
Agenciy (SDLA) in order to receive a
“certified” medical status.
Specifically, State Driver Licensing
Agencies (SDLAs) will be adding
medical self-certification status and the
information on your medical examiner’s
certificate to your commercial driver’s
license system (CDLIS) record. There is
no change in overall federal standards
for driver physical qualification
requirements.
Specific Instructions
You must determine whether you
operate in interstate or intrastate
commerce, and if you are subject to
the federal or state requirements. You
must certify to your SDLA that you fall
into one of the four operation categories
listed below:
l
l
l
l
Interstate non-excepted: You are an
interstate non-excepted driver and
must meet the Federal DOT medical
card requirements
Interstate excepted: You are an
interstate excepted driver and do
not have to meet the Federal DOT
medical card requirements.
Intrastate non-excepted: You are an
intrastate non-excepted driver and
are required to meet the medical
requirements for your state.
Intrastate excepted: You are an
intrastate excepted driver and
do not have to meet the medical
requirements for your state.
Drivers with physical impairments
affecting their ability to operate a
commercial motor vehicle (CMV) safely
must obtain a “variance” from their
state to drive commercially. Commercial
drivers must carry the variance
document when operating a commercial
motor vehicle. A Skill Performance
Evaluation (SPE) is a special type of
“variance.” The SPE is required for
drivers with impaired or missing limbs
(e.g., a hand or finger, an arm, foot or
leg). The commercial driver must carry
the SPE certificate at all times. The
document contains requirements for any
special equipment that the driver must
be wearing or the commercial vehicle
must possess in order for the driver to
operate the vehicle.
If your medical certificate or variance
is about to expire, you must have a
new medical examination and obtain
a medical certificate. You must
then provide the new medical
examiner’s certificate to your
State Driver Licensing
Agency (SDLA). You
are also responsible
for applying
Information contained in this newsletter about product offerings, services, or benefits is illustrative and general in description, and is not intended to be relied on as complete
information. While every attempt is made to ensure the accuracy of the information provided, we do not warranty the accuracy of the information. Therefore, information should
be relied upon only when coordinated with professional tax and legal advice.
BancorpSouth Insurance Services is powered by BancorpSouth Bank; a wholly-owned
subsidiary of BancorpSouth Inc., a $13.4 billion-financial holding company based in Tupelo,
Mississippi. BancorpSouth Insurance Services is annually ranked as one of the nation’s
largest brokers by Business Insurance magazine. Equipped to service clients across the globe
through our Worldwide Broker Network relationship, we have over 30 offices with almost
600 insurance and risk management professionals ready to serve.
Risk Monitor