Terrorism: What can you do?

In light of continued terrorism attacks and subsequent changes to the UK Government’s threat levels, businesses and individuals are urged to be extra vigilant.

The National Counter Terrorism Security Office (NaCTSO) has issued a National Stakeholders Menu of Tactical Options in response to this raised threat level. It is recommended that all businesses/partners read and consider these. NaCTSO are not at this time recommending any specific changes to how you operate, but recommend that you consider increasing and/or reviewing the following:

  • Security presence
  • Staff Vigilance
  • Partnership working
  • CCTV

Whilst these measures are quickly achievable, by far the greatest asset and tactic you have is engaging staff who deliver a high level of quality of service – by speaking to visitors to your buildings and challenging those displaying unusual behaviour.

You should also review your building and business continuity plans in the light of this attack, ensure that first aid points are fully stocked, and make sure that the location of key equipment is made clear to all staff. We also recommend that employees are directed to the Citizen Aid app and Run, Hide, Tell on YouTube.

The NaCTSO recognise that many businesses will have innovative ways of managing protective security. They ask that where you think you have a tactic or operating model that could be utilised by another similar organisation to good effect, that you share it with the NaCTSO so they can, in turn, share with others.

A final point to note, all terrorists use hostile reconnaissance in attack planning and we are reminded by the NaCTSO of the need to train staff and remind everyone of the vital role they play in recognising hostile reconnaissance. If in doubt, call the anti-terrorist hotline on 0800 789 321 or in an emergency, 999.

Useful Links

The following links provide additional useful information that may assist when deploying the tactical options:

https://www.cpni.gov.uk

https://www.gov.uk/government/publications/stay-safe-film

https://www.gov.uk/nactso

https://www.mi5.gov.uk

 

If you have any concerns or queries regarding your security arrangements, please contact your usual broking team or Gary Foggo (Health & Safety Consultant, TL Dallas) on 07920 862983 or email gary.foggo@tldallas.com.

 

Terrorism Insurance:

The nature of terror attacks are changing and so therefore are the types of insurance available. You may well suffer a loss of business following terror attacks even if the attack does not directly affect your premises and there are types of cover, such as ‘Active Assailant, loss of attraction & threat’ that would cover you in these instances.

For more information please contact your TL Dallas broker or email michelle.clewley@tldallas.com.

Welcome to the latest edition of Covered

We are living in a world of increasing uncertainty as we continue to face new challenges by way of cyber security, terrorism, and an ever-changing legislative backdrop.

This edition of Covered offers insight into the ‘dark’ world of cyber crime – what are the threats; how to mitigate attacks; and some light hearted advice from Bryan Garvie of The BIG Partnership on what PR factors to consider if a breach occurs.

In light of the recent shocking and deplorable terrorism attacks in Manchester and London – and the subsequent change to the UK threat level – we share some of the Government’s recommended tips and best practice for businesses and staff to adopt in and around the workplace.

Our insurance specialists and professional partners shed light on industry changes including the new EU General Data Protection Regulation, the Ogden Discount Rate changes and Early Plea Discounts for Health & Safety prosecutions.
Finally, we look at getting your ‘house’ in order – both from a personal and business perspective: Laura King from Gilson Gray outlines the importance of making a Will, Gary Nixon explains the advantages of Shareholder Protection for businesses, whilst our newly appointed Health & Safety Consultant, Gary Foggo, offers a practical approach to reviewing and updating your Health & Safety culture and paperwork.

As ever, we are here to support you, our valued customers and friends, so please don’t hesitate to get in touch with me or a member of the team if you have any queries or feedback.

Polly Staveley
Managing Director

polly.staveley@tldallas.com

Cyber Crime

As cyber attacks continue to rise and in the wake of the recent NHS cyber breach, UK-based businesses of all sizes are being urged to protect themselves against online crime. Recent government statistics showed nearly half of all UK businesses suffered a cyber breach or attack in the past year.

A recent survey* reveals nearly seven out of ten large businesses identified a breach or attack, with the average cost to large businesses of all breaches over the survey period in 2016 being £20,000 and in some individual cases reaching millions.

The survey also shows that personal data is still a lure for criminals, with businesses holding electronic personal data on customers much more likely to suffer cyber breaches than those that don’t (51 per cent compared to 37 per cent). The most common attacks detected were via ‘phishing’ (fraudulent emails).

Almost all businesses rely on information technology (IT) infrastructure to transmit and store data including, employee and customer records, company business records, e-mail and telephone services, company website and online sales.

 

So, what is Phishing?

Phishing is a form of social engineering that uses email or malicious websites to solicit personal information from an individual or company by posing as a trustworthy organisation or entity. These kind of attacks are often via email and appear to be from an institution or company that the individual does business with. For example, a bank, or a web service the individual may have an account with.

The goal of a phishing attempt is to trick the recipient into providing login credentials or other sensitive information. For instance, a phishing email appearing to come from a bank may warn the recipient that their account information has been compromised, directing the individual to a website where their username and/or password can be reset. This website will also be fraudulent, well designed to look legitimate, but exists solely to collect login information from phishing victims.

These fraudulent websites may also contain malicious code which executes on the user’s local machine when a link is clicked from a phishing email to open the website.

 

How to identify Phishing attacks

As noted above, phishing is most often initiated via email, but there are ways to recognise suspicious emails from legitimate ones. Training employees on how to recognise these malicious emails is a must for enterprises who wish to prevent sensitive data loss.

In many cases, these data leaks occur because employees were not armed with the knowledge they need to help protect critical company data. The following may be indicators that an email is a phishing attempt rather than an authentic communication from the company it appears to be.

  • Emails with generic greetings
  • Emails requesting personal information
  • Emails requesting an urgent response
  • Emails with spoofed links

When in doubt, contact the company in question to find out if the email is legitimate. If it is not, the company is now aware and can take action to warn others of potential phishing attempts appearing to come from their company.

Therefore, companies are exposed to risks which could disrupt business and potentially incur huge unexpected costs. It could also lead to loss of income and possibly reputational damage if companies are unable to trade. In addition, private information held on your employees and customers could be lost, damaged or stolen.

 

What can you do to protect your business?

TL Dallas has access to a number of insurers offering Cyber Liability Insurance to help limit the impact of any breach. We have detailed below how such a policy would work and the processes that would be put in place should a breach occur.

The policy is triggered either by:

  • Loss or suspected loss of non-public data. This could be as a result of misplaced/lost/stolen files or electronic devices used to store, process or transmit data e.g. a laptop, or, a malicious act that erases, alters or destroys data, whether caused from within or outside your organisation
  • Breach of privacy legislation, e.g. Data Protection Act 1998, or other similar privacy laws elsewhere in the world, or
  • The negligent or inadvertent transmission of Malware (any code to erase, deny access to, corrupt, damage, disrupt any network or system or circumvent network security) to a third party
  • Unauthorised Access – meaning access to, and use of your computer system or network infrastructure by any person not authorised to do so, including your employees

A breach could have a major impact on your company. Policies are therefore designed to support you throughout the process with an aim to get your business back up and running as quickly as possible. Typically, you would have one point of contact throughout who would work with you, leading and managing the incident response, tailoring the recovery programme to your needs. The devil is in the detail. Key points to remember:

  • Cyber frauds are unlikely to be covered under fidelity wordings or under ‘crime’ extensions to management protection contracts
  • Cyber wordings on the cover are continually evolving – take care and read all the terms and conditions
  • Be cautious of ‘knowingly surrendered’ exclusions – these will really impact the cover where an insured has been duped
  • Be cautious of ‘social engineering’ exclusions or sub limits

 

Contact your TL Dallas broker for advice or speak to Mike Martin or Matt Smith on 01274 456500 or email mike.martin@tldallas.com/matt.smith@tldallas.com for further details.

 

*Source: The Cyber Security Breaches Survey 2017

How To React When Your Cyber Attack Goes Public

I’m so utterly in thrall to Netflix that I have a mild panic once I reach the end of the latest box set. Mercifully, that’s offset by the wave of relief when I find something new.

And so it was that, after eight blood-spattered seasons of Dexter, I stumbled upon Designated Survivor, in which Kiefer Sutherland plays a reluctant and under-qualified US president. He’s thrust into the role after the rest of the Government dies in a bombing on Capitol Hill during the newly- elected president’s swearing-in ceremony.

A few episodes later, the White House is the victim of a cyber attack. As the source of the breach is sought, the Chief of Staff frets over how to keep it quiet.

In real life, keeping unexpected events under wraps is a difficult balance between business protection and the transparency expected by clients and customers. My experience, though, is that if you’re a business of any repute or note, the truth has an inconvenient habit of finding its way out into the world.

That doesn’t mean you have to book a confessional prime-time ad. But if the breach is likely to have an impact on even a small group of customers, they have to hear it from you. The forthcoming GDPR regulations, which replace existing data protection rules, have specific obligations around reporting data breaches, so you’d be well-advised to speak to your lawyer about these.

More broadly, there are some golden rules. First, prepare for the worst. Most businesses will have some sort of resilience plans in place for fire, plant shutdowns, supply chain disasters – I’m willing to bet few have a data resilience plan, including examining risks in advance and media training spokespeople who can defend the company’s position.

If you have to put your hands up, there can be no half measures. You can’t tell a bit of the truth. Get on the front foot, before you’re asked, and give yourself a chance to control the message. Don’t allow yourself to be ambushed.

Simultaneously, you need to tell people what you’re going to do – or even better, what you’ve already done – to fix the problem so it can never happen again. They have to understand how seriously you take this, and any vague language or half-measures won’t provide the necessary reassurance.

Finally, be consistent. Look at every channel of communication available to you and make sure the message is consistent across all of them. Run communications from a central point and don’t have anyone – and it doesn’t matter how senior they are – going off and doing their own thing.

All of that said, there’s a simple truth about cyber attacks. If it happens to you, in whatever form, it’s going to hurt. If you can make sure your business has a plan which everyone understands, you can come out of a difficult issue looking like the good guys. Whether or not it’ll work for Kiefer I don’t know – I lost interest and started watching Line of Duty.

Bryan Garvie, director, marketing communications agency
Big Partnership

Forthcoming Legislation – General Data Protection Regulation

The new General Data Protection Regulation (GDPR) comes into force on the 25th May 2018.

The GDPR is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

Under GDPR, the data protection principles set out the main responsibilities for organisations. The principles are similar to those of the Data Protection Act with added detail at certain points.

The most significant addition is the accountability principle. The GDPR requires organisations to show how they comply with the principles – for example, by documenting the decisions taken about a processing activity.

Failure to comply with the new legislation will result in fines – up to 20 million euros or 4% of the global annual turnover which eclipse the current maximum fine in the UK of £500,000.

The responsibilities and potential penalties for Data Controllers will now include Mandatory Notification – serious data breaches must be notified to both the Information Commissioner’s Office and individual data subjects.

The list below sets out the details that should be notified to the supervisory authority:

  • the nature of the breach
  • categories and number of data subjects
  • measures taken to mitigate the adverse effects and consequences of the breach

Establishing these details will take considerable investigation.

A processor also has a duty to notify the data controller immediately if it becomes aware of a personal data breach and notification to individual data subjects must be made ‘without undue delay’. 

Failure to comply with the new legislation will result in fines – up to 20 million euros or 4% of the global annual turnover

Although the UK is set to leave the EU in under two years time, it is likely that we will adopt all existing EU laws/regulation to enable us to continue trading effectively with the Eurozone, therefore the red tape will undoubtedly follow.

Most cyber and data insurance policies will offer cover against legal costs and fines associated with a data breach.

For more information please contact your TL Dallas broker or email matt.smith@tldallas.com.

Time to sharpen up your approach to health & safety

The ‘Sentencing Guidelines’ introduced in England and Wales in 2016 saw a significant rise in the size of fines being handed down by the courts in health and safety cases. In 2016, nineteen companies received fines of a million pounds or more, compared to only three in 2015 and none at all in 2014. Further to the increase in financial penalties 46 company directors and senior managers were prosecuted under health and safety laws in 2016 and prison sentences are becoming increasingly likely. Businesses operating north of the border should recognise that the Scottish courts are likely to follow the English and Welsh Sentencing Guidelines.

The Guidelines have made it more important than ever for your business to proactively manage their health and safety provisions which should include your Health and Safety Policy, risk assessments, safe systems of work and staff training. If your health and safety documents are hiding in a dusty folder on the shelf which, for example, only gets opened every six months to record the details of the fire drill then they would definitely benefit from a thorough review. Not only should they be up to date and accurately reflect your business activities but they should also have been communicated throughout your business and be understood by all your employees.

The reasons for having practical, effective, specific and up to date health and safety documentation are compelling but what about aspects beyond the ‘paperwork’ – the human element?

A safety culture (good or bad) within a business can be determined by what its employees actually do rather than what they say and this applies from the boardroom to the shop floor. Attitudes and behaviours demonstrated by all employees are a good barometer of the health and safety culture within a business.

‘Safety culture’ is a frequently used term, but what does it actually mean and how do you measure it?

A safety culture cannot be bought off the shelf as a package; it takes determined commitment and involvement, an understanding of the required outcomes and how these will be achieved and genuine desire for it to succeed.

While the sentencing Guidelines do not impose any further burden upon business the consequences of a successful prosecution now even further outweigh the costs of taking the time and effort in implementing and maintaining a robust health and safety management system.

If you would like to discuss a review of your health and safety management systems or to learn more about the benefits of introducing and sustaining a positive health culture please contact the TL Dallas Risk Management team by emailing riskmanagement@tldallas.com.

Health & Safety – Early Plea Discounts: new guidance on sentencing

On 7th March 2017, the Sentencing Council for England and Wales published new guidance on sentencing offenders who plead guilty.

The new guidelines came into force on 1 June 2017 and can be accessed here.

In England and Wales, in accordance with s.144 of the Criminal Justice Act 2003, in determining what sentence to pass on an offender who has pled guilty to an offence, a court must take into account the stage in the proceedings for the offence at which the offender indicated his intention to plead guilty and the circumstances in which this indication was given.

There is an almost identical provision to be found at s.196 of the Criminal Procedure (Scotland) Act 1995 in relation to Scottish proceedings.

The rationale for allowing “sentence discounting” is that early guilty pleas save court time, avoid witness distress and ultimately benefit the public purse.

Sentence discounting is not a new concept. It is rooted in statute, but its application by the courts both north and south of the border has raised issues in relation to what the court should take into consideration when dealing with an offender who pleads guilty and what discount should apply.

The purpose of the new guideline, which is applicable to England and Wales only, is to encourage early guilty pleas by making clear the stages in proceedings at which an offender can receive the various levels of discount available. It sets out that the maximum sentence discount of one-third is available only if the offender pleads guilty at the first court hearing. Offenders who tender guilty pleas after the first hearing are entitled to maximum sentence discount of one-quarter which will reduce on a sliding scale to a maximum of one-tenth if tendered on the first day of trial.

There are however some noted exceptions which include circumstances where it would be unreasonable to expect the offender to indicate a guilty plea sooner than was done. In such circumstances the maximum discount of one-third may still be applied, even if the offender did not plead guilty at the first opportunity. This may cover situations where further information, evidence, assistance or advice was required before a plea could be indicated. It is thought that this may cover more complicated criminal regulatory cases, including prosecutions under the Health & Safety at Work etc. Act 1974.

This is a welcome clarification of the law on sentence discounting in England and Wales and it will be interesting to see how this is applied. North of the border, the Scottish Sentencing Council is still working on drafting sentencing guidelines. Sheriffs frequently apply an early plea discount already but this is with much more discretion and flexibility.

Clearly, early legal advice in any near miss or incident is very important in order to mitigate the impact of any sentence.

If you have any questions, comments or concerns please get in touch with Malcolm Mackay, Partner, Brodies – malcolm.mackay@brodies.com or call 01224 392 274.

Shareholder Protection – Ensuring Management Continuity

It goes without saying, that the untimely death of a business owner is hugely traumatic for their family, but it will also affect those connected with the business.

One of the financial implications may be that the owner’s widow, widower or other beneficiaries inherits the shares but may have an immediate need for money, while the surviving shareholders may want to buy the shares but might not have sufficient funds available.

The combination of a suitable agreement and the correct insurance will give peace of mind.

Business protection with critical illness pays out a lump sum when an insured person is diagnosed with a terminal illness; a specified critical illness; or dies during the term of the cover. This payout affords business owner(s) to buy the insured’s shareholding interest in the firm (using the appropriate option agreement) and retain control over the running of the business.

Having a suitable agreement is the first step, but insurance may also be needed to provide funds for the share purchase.

The combination of a suitable agreement and the correct insurance will give peace of mind that, should the worst happen, the continuing shareholder would have funds to help buy the shares and the deceased’s family will receive appropriate and prompt financial compensation.

 

For further information on shareholder protection and other financial services, please contact Gary Nixon on 01274 465557 or email gary@tldallasifs.co.uk.

What is a Single Article Limit?

Each insurer will stipulate their own Single Article Limit (SAL) for various sections within their policy. SAL normally applies to the more valuable items rather than general contents and/or buildings. Examples could include watches, jewellery, artwork, a canteen of cutlery, guns etc.

To illustrate, in a policy with SAL of £15,000, a watch specified at £12,000 would not need to be specified but it would still need to be insured within the total amount covered in the unspecified jewellery section. If however, the same watch was valued at £17,000, then this would need to be specified individually under the jewellery section, as this exceeds the SAL.

In the event of a claim for an item exceeding the SAL that has not been specified, the insurer may have the right to repudiate the claim – or, the most they will pay is the SAL. In the latter example, the client would suffer a loss of £2,000 for not being correctly insured. Quite a costly mistake, especially when the premium difference between sums insured would have been affordable.

TL Dallas has access to a number of Insurers who offer policies with generous SALs, providing you with more flexibility and peace of mind and alleviating any concerns about being underinsured. It also means you will not require proof of purchase or valuations for the smaller items to be covered on the policy. Having said that, it is recommended you update valuations every three to five years.

Examples of some Insurers Single Article Limits are shown below:

A number of insurers have increased their Single Article Limits over the past few years meaning more items can be covered by this method rather than being individually listed.

However, care must be taken when changing insurer to ensure that the Single Article Limit remains sufficient for your requirements.

 

If you feel your current policy is not providing you with the cover you require, or has restrictive limits, please contact Michael Gregson on 0131 322 2634 or email Michael.Gregson@tldallas.com to organise a complimentary health check of your insurance policies.

Client Insight – The Graphics Co.

Set up by Chris Sugden and Ben Renshaw, The Graphics Co. is a fairly new business having been established in September 2016. We are based in Mirfield, West Yorkshire but install graphics nationwide.

As our name – The Graphics Co. – suggests, we provide all things graphic, from basic or completely bespoke manifestation to full colour laminated wall graphics and built up stainless steel internally illuminated letters. Our aim is to be a turnkey solution for all our clients; to help enforce their brand throughout the market place. We design, manufacture and install all of the above and much more.

We have a varied client base, looking after all kinds of businesses and organisations including farms, schools & universities, haulage/transportation, interior design companies, design agencies, exhibition companies to name but a few.

We work with TL Dallas’ credit team to protect our debtor book for the insolvency and non-payment of our customers and this has been invaluable to us.

Initially, TL Dallas helped by referring us to a finance company which we required to gain finance against our invoices. The credit policy offered by TL Dallas enabled our finance company to offer more credit which in turn has helped grow the business by increasing the turnover to double what we hoped to achieve in our first year.

On a day to day basis, TL Dallas assist with the running of the policy by applying for credit limits, offering advice on customers credit worthiness, assisting in the preparation of claims and reporting overdue accounts, plus much more.

They have held our hand and offered support where needed in our first year of trading – we really wouldn’t be where we are today without their input.

 

To find out more about our services, please visit www.thegraphicsco.co.uk or email chris@thegraphicsco.co.uk or ben@thegraphicsco.co.uk.

To enquire about Credit Insurance please email sarah.aldridge@tldallas.com.

TL Dallas Team Spotlight: Sarah Aldridge

What do you do at TL Dallas?

I work in the Trade Credit team based in Bradford. I look after and advise clients on their credit insurance policy and credit risk options, mainly new business and portfolio management.

Did you always want to work in insurance?

Does anyone ever want to work in Insurance? No I honestly did not, although my mum worked in Insurance, as an underwriter. I also didn’t want to work in Credit and like many people fell into the industry. I started working when I was 17. I found my National Record of Achievement recently and it was very clear that I wanted to teach languages.

What’s the best bit about working in credit insurance?

I genuinely love it because every day is so different and the need to adapt to different client styles and situations keeps it interesting. One day I could be pitching to an FD decision maker and credit manager in a board room; the next I’m talking to the owner who is still in overalls sat perched in the canteen!

Equally credit insurance is affected by what happens globally – Brexit is bringing all kinds of challenges, including currency exchange, inflation and we see how this affects business in real terms. Nothing stands still.

Outside of work, what keeps you motivated?

Family and friends – I have two children aged 15 & 3 and they motivate me to better myself and to work hard to be a good role model. I’m a bit of a secret geek and love learning (starting my MBA this year). I feel most motivated when I’m writing papers and learning for myself or teaching others. Seeing others develop and knowing you played a part in that is satisfying.

Name a famous person who inspires you?

JK Rowling is a fantastic role model. A single mother who worked so hard to pursue her career, I do love an underdog! She makes people smile with her amazing imagination and I also love how she keeps things real, appearing very down to earth and of course she supports a lot of charities – that always gets my vote!

 

Contact Sarah Aldridge – sarah.aldridge@tldallas.com or call 07779 060060.

A Change to the Ogden Discount Rate: How to Mitigate the Premium Increases Ahead

In February 2017, the Lord Chancellor announced a significant reduction to the Ogden Discount Rate of 2.5%, to the revised level of -0.75%, causing UK insurer shares’ to plummet and sparking reaction from the insurance industry – who was expecting the rate to fall to around 1.5%.

 

So, what is the Ogden discount rate?

  • It is a calculation used by the courts to determine how much insurance companies should pay out to customers in cases of life-changing injury
  • When victims of life-changing injuries accept lump sum compensation payments, the actual amount they receive is adjusted according to the interest they can expect to earn by investing it
  • The Discount Rate is linked, by law, to returns on the lowest risk investments – typically index-linked gilts. The yield on these gilts, or Government bonds, has fallen dramatically since 2001

 

The reduction means that those suffering from serious injuries will receive significantly higher compensation payments than before. Mike Mitchell, Group Broking Manager at TL Dallas observes, “this change has caused insurers to revisit their reserves for existing claims to ensure they have sufficient funding set aside to meet future liabilities; Aviva has announced that this change has increased its Combined Operating Ratio from 94.9% to 106.3%, QBE has announced that it is setting aside an additional $160m in reserves.”

The effects of this will be that insurance that covers bodily injury – principally Motor, Employers’ Liability  and Public Liability – will need to be re-priced to ensure the premiums generate adequate funds. Furthermore, some insurers may well choose not to underwrite these classes of business, so there may also be a contraction in the market supply. The net effect is that premiums will inevitably go up and insurers will become more selective.

Gary Foggo, Health & Safety Consultant at TL Dallas, commented, “now is the time for companies to proactively review their risk management procedures, as well as risk transfer solutions and claims defensibility.”

To combat price increases, businesses will need to demonstrate and evidence how well they manage their risks to ensure they are ‘top of the underwriter’s pile’ come renewal. Firms with resilient and demonstrable health and safety procedures (which drive attitude, behaviours and culture) will be in a stronger position to lessen the knock-on effects.

The first step to controlling risk in the workplace is hazard identification. Thereafter, it is down to control measure implementation and the effective documentation of both. He adds, “it is impossible to eliminate all risks and prevent every accident, but when an accident does occur it is vital a company has the resources available to minimise the effect; that processes are robust; and that documentation is available to defend the claims.”

As part of the process of risk management, businesses should also be considering risk transfer: working with their broker to explore whether their limits of cover and sums insured remain adequate, given the potential change in exposure as the revised Ogden Discount Rate takes effect.

What should you do?

Speak to your broking team. Companies should get support from a qualified risk management professional who will work with you and your broker to review your internal processes and advise on a relevant approach to ensure a safe workplace and proactively manage claims when they do occur.

If you would like to discuss this matter further, please contact our Health & Safety Consultant, Gary Foggo – gary.foggo@tldallas.com or call 0131 322 2641.