The RISC eNews Blast is intended to provide relevant and timely news information from a number of sources to member pool staff. If you see articles in the journals, email and sources you subscribe to that may be of interest to the RISC membership, please feel free to forward them to Erin Rian for inclusion in the eNews Blast. The eNews Blast will be delivered weekly, and the RISC Report newsletter will be delivered every two months. In this week's edition of the RISC eNews Blast:
DATA SECURITY & CYBER RISK
South Carolina Lawmakers Vow to Tackle Cybersecurity (Claims Journal 1/7/2013): The South Carolina House and Senate say that they are making cybersecurity a top priority after the theft last September of tax filings with the South Carolina Department of Revenue. Some of the key preventative steps, such as employee training and response protocols when malicious emails are detected, are low cost. But the costs of addressing the September breach and preventing similar problems going forward are substantial and are being debated in the legislature, with some lawmakers taking the position that the price for remedial credit monitoring is too high for the services being provided. Overall the Governor’s 2013-2014 executive budget includes over $40 million for state agencies’ computer systems and security.
Secret US Cybersecurity Program to Protect Power Grid Confirmed (Christian Science Monitor, 1/3/2013): The National Security Agency is conducting a program known as Perfect Citizen to protect the US power grid from cyber attack. Privacy advocates are concerned that the program may involve intercepting the communications of US citizens, which is prohibited unless the agency has a court order issued by a special court acting under the Foreign Intelligence Surveillance Act. Others support the project because the government relies on the private sector for much of the country’s critical infrastructure and threats appear to be rising.
Ex-chief of Security Speaks About Revenue Hacking (Charlotte Observer, 1/3/2013): A former computer security chief at the South Carolina Department of Revenue told a South Carolina House committee investigating the breach of tax records at the agency that he advocated encryption of agency information for several years, to no avail. He also told the committee that when he left the agency he was not replaced for a year, and that the agency reduced efforts to teach employees about their role in cyber security.
Report Stresses Cloud, Analytics, Mobile, Social Media Security (Information Management, 1/3/2013): The Security for Business Innovation Council has released a report looking at how cloud computing, analytics, mobile devices and social media are affecting IT security strategies. The report explores in depth the theme heard often now, that security can no longer rely on perimeter defenses, but must evolve to protect the organization’s information assets in different environments. Important points include getting the vulnerability message down to managers, managing cloud vendors and ensuring adequate security, using encryption, response exercises for social media crises, end-user training, monitoring data flow in and out of the organization, and data-centric security that travels with the information.
A copy of the full report, Information Security Shake-Up: Disruptive Innovations to Test Security’s Mettle in 2013, is accessible here.
AAIS Releases Sample Data Breach Option Developed with Identity Theft 911 (AAIS Press Release 12/10/2012): The American Association of Insurance Services working with data breach recovery vendor IDT911 has released a sample data breach coverage endorsement for use with small and medium sized commercial accounts. The full text is not included but there is a summary of the provisions. The endorsement is specifically designed to dovetail with the scope of services provided by IDT911, highlighting how insurers and data breach recovery vendors are working together to frame this type of coverage because the primary exposure is recovery costs.
CDHPs, Wellness Programs May Boost Employee Health Management: Survey (Business Insurance, 1/9/2013 ~ Registration maybe required to access this article): A recent survey conducted by Aon Hewitt, National Business Group on Health and Futures Co. indicates certain health care strategies could offer employers a way to boost active health management among workers. With access to the right tools and resources, consumer-driven health plans, health risk questionnaires and wellness programs were key drivers in employees making positive healthy behavior changes. The copy of the survey results, 2013 Consumer Health Mindset, can be accessed here.
Group Health Plans: Year-End Action Items, Upcoming Changes, New Guidance (Mondaq, 1/6/2013): An overview of key end of the year wrap-up and what’s on the horizon for 2013 and 2014 for group health plans.
HHS Issues proposed Regulations Implementing Reinsurance Fees Paid by Carriers and Group Health Plans Under the Affordable Care Act (Lexology, 1/2/2013): Recent proposed regulations address various questions of interest to health insurance carriers and employers sponsoring group health plans. The proposed regulations issued December 7, 2012 focus on and explain how transitional reinsurance program fees will be determined and collected from group health plans in 2014 and beyond.
IRS Releases Proposed ACA Regulations on Employer ‘Shared Responsibility’ (Bloomberg BNA, 1/2/2013): On December 28 the Internal Revenue Service released long anticipated proposed regulations on the “shared responsibility” provisions under the Affordable Care Act on employer health coverage. Starting in 2014, employers with at least 50 full-time employees (including full-time equivalents or FTEs) are required to offer a minimum level of affordable health coverage or pay a penalty. The proposed regulations outline minimum essential coverage, determination of applicable large employer status, identifying full time employees, under what circumstances an employer will be liable for payment, as well as safe harbors and transition rules. The comment period on the proposed regulations closes on March 18, 2013. The full proposed regulations and additional details can be found here. An FAQ page on the IRS website can be accessed here highlighting the proposed regulations.
Wellness Programs Can Reduce Worker Medical Costs by 18%: Study (Business Insurance, 1/9/2013 ~ Registration may be required to access this article): According to a study by the American College of Occupational and Environmental Medicine (ACOEM), workplace wellness programs can reduce costs for risk factors such as physical inactivity, smoking, high blood pressure and obesity by about 18% for workers. The cost savings could be higher for older workers who participate in wellness programs. The study can be found in the January 2013 edition of the Journal of Occupational & Environmental Medicine. A copy of the study can be ordered from the ACOEM website.
OTHER TOPICS OF INTEREST
Mitigating Loss from the Next "Sandy"- Claims Lessons: Communication and CAT Preparation (Property Casualty 360, 1/4/2013): Several steps that insurers can take before a disaster to mitigate losses are:
- Arrange in advance to mitigate losses by safeguarding insureds' valuable property, for example by moving it to safer locations.
- Stay in contact with insureds, including through social media, to be sure they are aware of risk and reminded of what they need to do.
- Help insureds develop and implement business continuity plans.
- Teach insureds in advance how to document their own losses if the damage is so severe that an adjuster cannot immediately make it to their premises.
All of these steps can apply to NLC-RISC member pools' insureds as well as to commercial interests. In fact, the Agility services provided by some pools to their members directly satisfy some of these suggested steps by maintaining contact and providing advice, continuing to educate insureds about disaster response, and providing them with a tool and guidance to prepare business continuity plans.
UPCOMING NLC-RISC EVENTS
Information about NLC-RISC conferences, workshops and regional meetings can be found on our website under the Events tab. Please contact Erin Rian if you have questions.
Essentials in Risk Pool Management Certificate Program ~ Online courses start February 7, 2013: Essentials in Risk Pool Management is a one-course certificate program, developed through a collaboration of NLC-RISC, the Association of Governmental Risk Pools (AGRiP), California Association of Joint Powers Authorities (CAJPA) and Insurance Educational Association (IEA). The curriculum provides a risk pool participant with theoretical and practical knowledge, which provides a solid foundation to successfully work within or manage the risk pool. Completion of Essentials in Risk Pool Management satisfies one of the five required courses for the Associate in Risk Pool Management Designation. Registration for NLC-RISC members is $399. Register here.
Marketing Communications Workshop ~ May 15-16, 2013 in Denver, Colorado at the Sheraton Denver Downtown Hotel. Additional details and registration available early February.
2013 NLC-RISC Trustees Conference ~ May 16-18, 2013 in Denver, Colorado at the Sheraton Denver Downtown Hotel. Additional details and registration available early February.
2013 NLC-RISC Staff Conference ~ October 21-23, 2013 in Portland, Oregon at The Nines. Additional details and registration available Summer 2013.