,

Distracted driving continues to inflate auto-insurance rates

Driving and texting; Don't do it.

Since 2011, nationwide auto-insurance premiums have increased by 16 percent. Today, the average annual rate for one driver is $926.

According to Bloomberg, the country's largest auto insurers have paid out $1.05 in costs for every $1 worth of premiums. This is in contrast to about a decade ago, when insurers pulled in $1 for every 95¢ they spent on claims. In other words, they used to profit 5¢ on the dollar.

In response to the reversal of this trend, the pace of auto-insurance rate hikes has hit a 13-year high. Obviously, consumers and some regulatory bodies aren't too pleased. Nevertheless, it appears that the rate increases are in direct response to increasing payouts.

And as for what's bringing up the claims, experts have their eyes on distracted drivers.

Texting and driving: A recipe for disaster – and higher premiums

"A sizable percentage of drivers are texting and driving."

It turns out that of all the distractions on the road, none is quite as disruptive as texting and driving. One of the nation's largest auto insurers noted that 36 percent of its claims stem from incidents involving texting, according to NBC.

Furthermore, a driver doesn't necessarily have to submit a claim involving texting for rates to increase under that particular plan. Receiving a citation for texting and driving is reason enough to justify a premium hike, even if there was no collision or apparent impedance on the driver's performance. Think of tickets as the probable cause in the auto insurance world.

Unfortunately, it's not just the people texting and driving who suffer. In the long run, any person on the road, regardless of their driving record, is more likely to make a claim. With a sizable percentage of drivers texting and driving, the hazard will pervade the entirety of that driver's surroundings.

Case in point, auto insurers are technically losing money right now.

It may get worse before it gets better

"Digital innovation in automobiles could ultimately put lives at risk."

Because texting appears to be one of the more significant drivers of rate increases, in theory at least, voice dictation for texting could help save lives by keeping eyes on the road.

However, not everyone is convinced that smarter vehicles are a good idea. One study found that interacting with voice recognition and AI such as Amazon's Alexa or Apple's Siri in vehicles is actually more dangerous than talking on the phone. What's more, automakers haven't stopped at hands-free texting. Ford and Hyundai, for instance, are currently helping people manage their calendars and shop online using their voice.

The concern here is that the distracted driving will get worse. In addition to increasing the likelihood of claims and raising the average costs of auto insurance, digital innovation in automobiles could ultimately put more lives at risk. 

For now, the best thing that drivers can do is avoid using any type of voice dictation technology while their vehicle is in motion – maybe waiting instead until a traffic light.  As for any handling of a smartphone behind the wheel, the best rule of thumb is this: If you can't do something without taking eyes off the road or hands on the wheel, then don't do it. 

, ,

Businesses, consumers: Should you insure your drones?

Drone coverage will become a more pressing matter as UAV popularity gains momentum.

The use of unmanned aerial vehicles, more popularly known as drones, for commercial and recreational purposes has taken off, and it's left a few big questions up in the air – namely, who should be covered, and to what extent?

It's worth noting that as of this writing, the Federal Aviation Administration does not mandate coverage for UAVs. However, the soaring global market (estimations put its worth at around $21 billion by 2020) may soon necessitate more rigid parameters regarding UAV-related liability. 

Flying into new risk territory

A drone accident can result in any number of losses to the owner of the UAV."

Recreational use will most likely account for the majority of market growth in the next few years, according to MarketsandMarkets. As this happens, consumers will be quite literally flying into new risk territory. In terms of property damages, a drone accident can result in any number of losses to the owner of the UAV, but also to any asset that happens to be in proximity of the device. This includes private assets such as homes, lawn furniture and automobiles, but also commercial holdings, and perhaps most pressingly, critical infrastructure, i.e., power lines and traffic lights. 

Consider, for instance, the historic blackout that occurred in the summer of 2003. A single energy company's failure to trim a few branches near a high-voltage line sparked an outage that left approximately 50 million people without power in the U.S. and parts of Canada. The likelihood of a recreational user finding him or herself in the Kafkaesque position of having induced a nationwide power outage is slim, to say the least. Nevertheless, there are plenty of high-risk liabilities; for example, physical injuries caused by drone accidents or malfunctions, and privacy violations from the camera functionality. 

Likewise, some businesses such as Amazon, UPS and DHL are already using drones for commercial purposes. In order to qualify for commercial use of UAVs, businesses must file for Section 333 exemption from the FAA, allowable under the 2012 FAA Modernization and Reform Act. From there, however, commercial drone liability insurance is entirely optional. 

Gauging risk exposure

"Full liability coverage is the most prudent course of action."

Risk exposure for recreational use of drones is arguably diluted compared to commercial use, if for no other reason than that a business is likely to be responsible for multiple UAVs at a given moment. Drones may range in cost from a few hundred to a few thousand dollars, with the highest-end devices sometimes creeping into the tens of thousands of dollars. Business assets such as these, which are not easily replaced, should invariably be insured. 

Where liability is concerned, commercial drone insurance is generally recommended, but may or may not be a priority deadening on its use. Using drones for conservation or environmental monitoring purposes may have low exposure in regard to human safety. However, using drones for surveillance purposes at urban construction sites, for media coverage during public events or for product delivery in close proximity to people and their private property is inherently more risky. In such cases, full liability coverage is the most prudent course of action.   

Recreational drone use tends to be less risky, but the FAA requires registration of personal drones nonetheless. What's more, recreational use of drones has in fact resulted in serious accidents that necessitate expensive medical treatments. In 2015, a 16-month-old toddler toddler lost an eye after being hit in the face with a drone. This isn't to suggest that all drone users should run out and purchase a plan – however, it's worth considering, especially for drone UAV enthusiasts inhabiting cities and areas with dense populations. 

In conclusion: We recommend complete coverage for all commercial uses of drone, and for recreational users who will be operating their UAV in close proximity to other people and private property.

, , ,

OSHA injury reporting changes may affect workers comp insurers

As OSHA makes changes to its injury reporting policies, workers compensation insurers may be affected.

As the Occupational Safety and Health Administration makes changes to its workplace injury and illness reporting guidelines, workers compensation insurers may have to reconsider their internal risk management and accident prevention policies.

OSHA's Improve Tracking of Workplace Injuries and Illnesses rule will require employers in high-hazard industries to meet electronic recordkeeping guidelines for reporting workplace injuries and illnesses. In addition, they must make these records publicly available as data to be posted on OSHA's website. According to a report in Business Insurance, this should provide an additional incentive to workers compensation insurers to prevent workplace safety incidents, as this information is used by OSHA to publicly shame repeated violators and their workers comp insurers.

"OSHA has made a habit of naming both employers and their workers comp insurers in news releases about citations."

Speaking at a National Advisory Committee on Occupational Safety & Health, David Michaels, assistant secretary of Labor for Occupational Safety and Health, said the agency has previously made a habit of naming both employers and their workers comp insurers in news releases about citations and fines issued for violations of safety regulations.

"These are cases in which the employer's actions really were egregious, one or more workers were hurt very seriously and the actions taken by employers should have been stopped long before the workers got hurt," Michaels said. "I had a discussion with one executive at one [insurance] carrier saying, 'Why did you list us on the press release, we had nothing to do with this. I said, 'That's exactly right. The workers compensation carriers should play a role in this.'"

Collaboration between insurer and client crucial 
Business Insurance had previously reported that OSHA has begun naming both cited employers and their workers compensation insurers in instances where citations and fines were above $40,000.

"For some companies, the damage to their corporate image may be more of a deterrent than the fines OSHA may issue," the agency said in a statement released to Business Insurance. "Likewise, we recognize that workers compensation insurers can have a role in influencing companies to implement safety and health management systems and reduce the risk to employees."

Many states require workers comp insurers to provide accident prevention services to employers. However, even if this is not required by law, insurers are encouraged to offer these programs. As PropertyCasuatly 360 reported,  a properly run workers' compensation insurance program is the property and casualty coverage where a business has the most opportunity to reduce its claims and cost.

PC360 recommended that workers comp insurers work with employers to implement the most current methodologies for evaluating and tracking the performance of the workers' compensation program, including determining what areas of the company have the highest risk for injury. Insurers should also make sure the company's executives understand the cost of a workplace injury beyond immediate compensation, especially as OSHA changes may present public relations challenges. Businesses can also use this information to evaluate their insurer and grade its performance in helping the organization to mitigate its risks.  

, ,

Insurers may re-evaluate driverless car technology following fatal accident

Driverless features should not exclude drivers from safe operation of vehicles, insurers say.

A recent fatal accident involving a Tesla Model S electric sedan using an autopilot system has been called the world's first driverless car fatality and may require insurers to re-evaluate the technology.

The accident occurred after the Tesla failed to apply the brakes when a tractor-trailer made a left turn in front of the vehicle. However, human error may have also played a factor in the accident as the Tesla owner was reportedly watching a movie while operating the vehicle and the tractor-trailer driver had previously been cited for multiple safety violations.

According to Insurance Business America, the accident means insurers will need to factor in human understanding of the technology when determining risks. While some reports had previously claimed driverless cars would all but mitigate the risks of driving, this belief may have overlooked the role human understanding plays in safely operating the vehicles as well as the current capability of the software. Drivers will need to be adequately trained on the limits of the technology, IBA reported.

"Tesla itself has said 'driverless' features do not excuse human drivers from safety obligations."

In fact, Tesla itself has said "driverless" features do not excuse human drivers from safety obligations. In a statement released to The New York times, Tesla spokesperson Khobi Brooklyn said the Model S's Autopilot system "does not turn a Tesla into an autonomous vehicle and does not allow the driver to abdicate responsibility."

Insurers react to the accident
Additionally, many insurers have noted one incident provides insufficient evidence for evaluating the overall risk and innovations of driverless car technology. While this accident will need to inform evaluations of driverless technology moving forward, it should not impede the progress of self-driving vehicles as a way to reduce accidents and improve overall road safety.

"This incident will certainly be incorporated into our ongoing fact gathering efforts and recommendations," the American Association of Managing General Agents said in a statement. "[But] it would be premature to criticize Tesla Motors, the software or other technology provider whose products are part of the beta phase of the Autopilot program, before all of the contributing facts are known and understood."

However, the Times noted, many insurers will likely begin requiring more information about cars that have optional self-driving capabilities. For instance, an insurer may currently be covering a Tesla vehicle without knowing whether the particular car has been equipped with an Autopilot system.  Currently, many insurers use vehicle identification numbers when assigning rates, but this information alone would not inform the insurer of the various options selected for an individual car or whether the driver has activated the driverless software.

Very few cars with self-driving features are currently on the road, the Times reported. Most fully automatic cars are part of fleets, such as those owned by Google, and often carry special insurance and are operated under controlled conditions. Many insurers consider features such as Tesla's Autopilot software to be driver-assisted systems, not true driverless technology, and advise manufacturers to educate drivers that eyes should remain on the road and hands still be kept on the wheel.

Currently, fewer than a dozen states have passed regulations specifically related to self-driving cars.

, ,

OSHA ruling may mean changes for injury reporting

New OSHA regulations require employers to establish protections for employees reporting work-related injuries.

The Occupational Safety and Health Administration has issued its final ruling on modernizing injury data collection in workplaces, requiring employers to meet electronic recordkeeping guidelines for reporting workplace injuries and illnesses and making such records publicly available.

Under the new rule, employers in high-hazard industries will be required to send injury and illness data to OSHA to be posted on the agency's website.

"The final rule prohibits employers from discriminating against employees for reporting injuries or illnesses."

"Our new reporting requirements will 'nudge' employers to prevent worker injuries and illnesses to demonstrate to investors, job seekers, customers and the public that they operate safe and well-managed facilities,"  Dr. David Michaels, Assistant Secretary of Labor for Occupational Safety and Health, said in a statement. "Access to injury data will also help OSHA better target our compliance assistance and enforcement resources at establishments where workers are at greatest risk, and enable 'big data' researchers to apply their skills to making workplaces safer."

As Business Insurance reported, this rule affects organizations with 250 or more employees in industries covered by OSHA's existing recordkeeping regulation – meaning those who submit 300, 300A and 301 forms each year. Additionally, the rule includes businesses with 20 to 249 employees in high-risk industries, such as agriculture, forestry, construction and manufacturing.

Information for 2016 must be submitted by July 1, 2017. Information for 2017 must be submitted by July 1, 2018. Beginning in 2019, data will need to be submitted by March 2 each year.

Internal changes
OSHA's new regulation requires employers to implement an employee injury and illness reporting system that meets specific criteria. This includes the following:

  • Creating a way for employees to promptly and accurately report work-related injuries and illnesses
  • Anti-retaliation protections so that employees do not feel discouraged or deterred from reporting injuries or illnesses
  • Informing employees of their right to report work-related injuries and illnesses

The final rule also explicitly prohibits any employers from discharging, punishing or discriminating against employees for reporting injuries or illnesses.

By August 12 of this year, employers will be required to have formal programs in place for informing employees of their right to report injuries and illness in a way that does not discharge or discriminate against employees for reporting.

According to Lexology, risk managers may wish to review these policies before implementation. Certain aspects, including safety incentive programs and post-accident drug testing, could be considered discriminatory actions under the new OSHA ruling.

If drug testing, or the threat of drug testing, is only administered to employees who report injuries or illnesses, it would be considered an action that discourages reporting. Employers are advised to limit post-incident testing to instances in which drug use was likely to have contributed to the accident and can be accurately identified.

Incentive programs, such as those where employees can win a prize if they are not injured over a set time, may also be considered detrimental if they encourage the under-recording of injuries and illnesses. Using incentive programs to impair accurate recordkeeping is also prohibited under the OSHA rule.

, ,

Finance industry faces increased cyberrisk

The finance sector is targeted for cyberattack 300 times more frequently than any other industry.

Europe's largest lender, HSBC Holdings P.L.C., was forced to suspend services on Friday, Jan. 29, following a cyberattack.

While normal operations were interrupted by a denial of service attack, the company said it was able to successfully defend its systems and customer transactions were not affected.

As Business Insurance reported, this is the second time in the same month the lender has faced service interruption, though the company confirmed the first incident was not related to cyberattack. However, both events are part of a series of recent technological failures for the British financial industry that have prompted lawmakers to call for increased investment in cyber infrastructure and security.

"The financial industry is targeted by cybercriminals 300 times more frequently than any other industry."

As Forbes contributor Steve Morgan noted, American financial institutions have also stepped up their efforts to combat cyberterrorism. Bank of America Corp. CEO Brian Moynihan stated his company spent $400 million on cybersecurity in 2015. Additionally, Moynihan noted cybersecurity was the only section of the company's budget that was not subject to financial restraint.

The need for cybersecurity in the finance industry
According to some industry experts, this increased investment in minimizing cyberrisk can't come soon enough. A report from software security firm WebSense found the financial industry is targeted by cybercriminals 300 times more frequently than any other industry.

"Increasingly, cybersecurity is a primary focus for businesses of all sizes in every industry, but no more so than for the financial services sector," the Websense report found. "Today, financial leaders and authorities are acutely aware of the financial sector's status and vulnerability as a major target of cyber-attacks. No less than 80 percent of leaders in the banking and financial services sector cite cyberrisks as a top concern."

The report noted that in addition to straight monetary loss that a financial institution can incur from service disruption or theft due to a successful data breach, additional long-term damage to the company and its consumers could be incalculable. Loss of consumer confidence and reputation damage can lead to reduced profitability for the lender, and higher debt levels and currency devaluations could have cascading economic impact, the report found.

As Lexology reported, the financial industry saw increased attention from regulatory enforcement and legislative actions in 2015, and that trend is expected to continue through 2016. The U.S. Securities and Exchange Commission established that it could bring enforcement actions against financial institutions that fail to meet certain cybersecurity standards, and the New York Department of Financial Services and the Financial Industry Regulatory Authority both issued reports containing recommended best practices for mitigating cyberrisk within the sector.

From this activity, key trends for cyberprotection of financial services emerged, Lexology noted. These recommendations include identifying potential risk, working with senior management to create cybersecurity frameworks and creating training programs for employees across all departments in order to minimize cyberthreats. Additionally, both the NYDFS and FIRA stressed the need to routinely review internal cybersecurity procedures as well as any purchased cyberinsurance.

, ,

FDA issues guidelines for medical device cybersecurity

Medical devices with wireless network access may be points of vulnerability for health care institutions.

The U.S. Food and Drug Administration is placing additional pressures on medical device manufacturers to address cybersecurity concerns.

The FDA has issued a draft with recommendations for monitoring, identifying and addressing cybersecurity vulnerabilities in medical devices currently on the market. The draft is designed to address the evolving nature of cybersecurity threats by encouraging manufacturers to consider these risks not only at the design phase, but as ongoing maintenance to the products.

"Manufacturers should consider addressing cyberrisks as ongoing maintenance of the products."

"All medical devices that use software and are connected to hospital and health care organizations' networks have vulnerabilities – some we can proactively protect against, while others require vigilant monitoring and timely remediation," said Suzanne Schwartz, acting director of Emergency Preparedness/Operations and Medical Countermeasures, in a statement.

As Threatpost noted, the core of the FDA's recommendations involves the sharing and dissemination of cybersecurity information and intelligence. The draft urged manufacturers to be aware of the vulnerabilities of their products and design efficient communication policies and procedures that could address risks prior to exploitation, or at least early in the process. The draft also calls for routine updates to a device's cybersecurity systems.

While the FDA will not require notification or review for regular cybersecurity upgrades or maintenance procedures, the draft does state any threat that could compromise "the essential clinical performance of a device and present a reasonable probability of serious adverse health consequences or death" would require device manufacturers to notify the agency.

As Reuters noted, the FDA draft is not legally binding, but is designed to serve as a guideline for manufactures before serious harm occurs.

The cybrerrisk of medical devices
As CBS New York reported, cybersecurity experts have cautioned that health care institutions are also vulnerable to cyberattack through wireless medical devices. As the new outlet reported, devices such as IV pumps are often connected to secured hospital servers, but require no username or password to use, creating a vulnerable point of intrusion for the network.

According to a report from HealthCare IT News, the biggest draw to medical devices for hackers and other cybercriminals is electronic protected health information.

"The biggest draw to medical devices for cybercriminals is electronic protected health information."

"In the last two years, healthcare providers and insurers have been hit by some of the most severe network intrusions ever observed, exposing millions of patient records and costing victim organizations tens of millions of dollars," Dan McWhorter, vice president of global threat intelligence and strategy at FireEye cybersecurity firm, told the news outlet.

Government-affiliated cyberterrorists also frequently target the health care industry, McWhorter noted. The increased use of Internet-connected medical devices, which often provide life-saving services, creates unique vulnerability as data-sharing between secure servers and remotely connected devices can create potential openings for exploitation.

The FDA's increased focus on the cyberrisk of medical devices follows the Obama administration's executive order on improving critical infrastructure cybersecurity issued in February 2013. The FDA cybersecurity draft will be open for public comment for 90 days.

, ,

Cybersecurity provision expected to pass into legislation

Opponents of a new cybersecurity provision say it will aid the government in illegal survelliance.

After several years of debate, the U.S. may soon pass new cybersecurity legislation as a provision buried in an omnibus spending bill makes its way through Congress.

As The Associated Press reported, the Cybersecurity Act of 2015 is designed to encourage private companies to share technical information about hacking attempts with each other and the federal government.

"The provision most closely resembles the controversial Cybersecurity Information Sharing Act."

The new provision combines House and Senate versions of the cybersecurity bill, however it most closely resembles the Senate version, also known as the Cybersecurity Information Sharing Act. CISA drew heavy criticism from civil liberties groups and technology companies including Apple, Adobe, Google and Twitter. Opponents of CISA said it increased government surveillance of U.S. citizens and added to the vulnerability of sensitive user data.

There are some differences between the new provision and CISA. The new language allows the president to create "portals" where private companies can hand over data directly to law enforcement. While the president could theoretically enable such portals within the FBI or CIA, the act only allows the president to designate a federal agency other than the Homeland Security Department to receive this data if DHS cannot and doing so is completely necessary. However, the president is specifically prohibited from appointing the Department of Defense, and thus the National Security Agency, for this role.

Businesses and the government would also be required to scrub any private user information from the data.

The privacy debate surrounding cybersecurity
Addressing Congress, House Intelligence Committee member Rep. Adam Schiff, D-Calif, said the new provision allows companies to protect themselves from cyberattack but also added privacy protections missing from CISA.

"We have to measure this against the daily invasion of our privacy by these hackers," Schiff said. "Those who believe that perfect should be the enemy of the good, have to justify how they're willing to accept rampant hacking into our privacy and do nothing about it."

"The ACLU said the act would aid the government in secret monitoring of citizens."

However, the American Civil Liberties Union said the cybersecurity provision would enable companies to aid the government in secret monitoring of citizens "under the guise of cybersecurity."

"This would allow companies to share large amounts of private consumer information with government agencies, including possibly the FBI and NSA," the ACLU wrote in a statement. "This information can be used for criminal prosecutions unrelated to cybersecurity, including the targeting of whistleblowers under the Espionage Act."

According to WIRED, by slipping the cybersecurity provision into the spending bill, Congress has reduced the likelihood of a president veto or public debate. Additionally, the new provision allows data shared for cybersecurity purposes to be used by law enforcement under set conditions. Under CISA, such usage required proof of "an imminent threat," but with the new provision only proof of a "specific threat" is required.

As CBS News reported, President Obama is expected to pass the spending bill, including the cybersecurity provision. According to the White House, the president was pleased with the provision, which he felt increased cyberprotections "while carefully safeguarding privacy, confidentiality and civil liberties."

, ,

Cybersecurity industry to grow in 2016 and beyond

The need for cybersecurity will only increase in 2016, especially in vulnerable sectors such as the health care industry.

The cybersecurity industry saw a lot of growth in 2015, and worldwide information security spending is projected to increase.

According to a report from Gartner, Inc., companies will invest $75.4 billion in data and information protection by the end of 2015, 4.7 percent more than what was spent in 2014. Much of the push comes from increased instances of government-backed cyberattacks, new legislation that is raising an awareness of cybersecurity and high-profile data breaches. Companies are making more investment in cloud security tools and threat intelligence, the report found.

"Interest in security technologies is increasingly driven by elements of digital business, particularly cloud, mobile computing and now also the Internet of Things, as well as by the sophisticated and high-impact nature of advanced targeted attacks," Elizabeth Kim, research analyst at Gartner, said in a statement.

"Analysts predicted cyberprotection spending will reach $170 billion by 2020."

Additionally, cybersecurity analysts speaking with RT news projected cyberprotection spending will reach $170 billion by 2020, with North America and Europe remaining the top markets. The need for increased protection will be propelled by the increasingly sophisticated nature of attacks and the constantly changing risks that come with advances in new technologies, the news outlet reported.

The Internet of Things, which includes the internet connections embedded into common physical objects from cars to smartwatches to coffee pots, can also increase network vulnerability, RT news noted.

What to expect in the coming year
As CNBC reported, 2016 will also likely be a big year for cyberattacks, as well as investment in protection. Speaking with the news outlet, Fortinet global security strategist Derek Manky said hackers are expected to target infrastructure as well as personal medical devices. Comparing it to "an arms race in terms of security," Manky cautioned that connected devices will be especially vulnerable intrusion points for networked systems.

CNBC noted many experts are also predicting an increase in malware aimed at cloud and cloud-based systems. Ghostware systems designed to mask signs of a cyberattack will also be more frequently deployed, allowing hackers continued access to private and public systems.

As USA Today reported, the health care industry will remain one of the most vulnerable sectors. As the news outlet reported, the black market sale of medical information is more valued than credit or debit card numbers. Medical identity theft can also be more difficult for victims to recover from and can pose a potentially life-threatening situation if medical information of theft and victim becomes intertwined.

The recent passing of the Cybersecurity Information Sharing Act may be able to provide some assistance to private and public organizations combating cyberattacks. Though critics of the act contend it may pose threats to vulnerable user data and allow for illegal government monitoring, others argue the legislation encourages information sharing that may help to stop cyberattacks in real time. As Forbes commentator Robert Rose noted, the act may be able to pave the way for "an emergency-call system" for cyberattacks, as well as increased multi-sector private-public cooperation.