Tag Archives: dan holden

The Cyber Threat in Manufacturing

A friend of mine asked me if the cyber-risk threat was a bit of flimflam designed to sell more insurance policies. He compared cyber-risk to the Red Scare of the 1950s, when families scrambled to build bomb shelters to protect them from a war that never came. The only ones who got rich back then were the contractors, he concluded.

I found his question incredible. But I realized that he didn’t work in the commerce stream, per se, which quelled my impulse to slap him around.

See also: 3 Things on Cyber All Firms Must Know  

I shared with him some statistics that sobered him up quickly. I explained that cyber-crime costs the global economy more than $400 billion per year, according to estimates by the Center for Strategic and International Studies. Each year, more than 3,000 companies in the U.S. have their systems compromised by criminals. IBM reports more than 91 million security events per year. Worse yet, the Global Risks 2015 report, published in January by the World Economic Forum (WEF), included this rather stark warning: “90% of companies worldwide recognize they are insufficiently prepared to protect themselves against cyber-attacks.”

Cyber protection is not just about deploying advanced cyber threat technology to manage risk; you also have to educate your employees to not fall victim to unassuming scams like “phishing,” which is stealing private information via e-mail or text messages. It remains the most popular con as far as stealing company data because it’s so painfully simple. Just pretend to be someone else and hope a few people fall for it.

While most people understand the threat to data privacy for retailers, hospitals and banks and other financial institutions, few realize that manufacturers are also vulnerable in terms of property damage and downtime. In 2014, a steel manufacturing facility in Germany lost control of its blast furnace, causing massive damage to the plant. The cause of the loss was not employee error, but rather a cyber-attack. While property damage resulting from a cyber-attack is rare, the event was a wake-up call for manufacturers worldwide.

According to The Manufacturer newsletter, “the rise of digital manufacturing means many control systems use open or standardized technologies to reduce costs and improve performance, employing direct communications between control and business systems.” This exposes vulnerabilities previously thought to affect only office computers. In essence, according to The Manufacturer, cyber attacks can now come from both inside and outside of the industrial control system network.

See also: Now Is the Time for Cyber to Take Off  

Manufacturers also need to be concerned about cyber attacks that would: a) interrupt their physical supply chain or, b) allow access to their system via the third-party vendor. Manufacturers must then take steps to mitigate those risks. When Target and Home Depot were hacked several years ago, it wasn’t a direct attack on them but an attack on one of their third-party vendors. By breaching the vendors’ weak cyber security, the criminals were able to access the larger prize.

To circle back to my friend’s weird fallout-shelter theory, it’s certainly a good idea to have a backup plan in case one is hit by a proverbial “cyber-bomb.” But rather than hunker down and wait for the attack to occur, it’s critical to educate employees, vet vendors’ cyber-security and adopt — and continuously optimize — a formal cybersecurity program.

Why Workers’ Comp File Reviews Can Be a Waste of Time

I’ve spent a substantial amount of my insurance career reviewing workers’ comp claim files in my capacity as a claim supervisor, a manager and a consultant for a large insurance broker. Those years allowed me to come to the following conclusion: Unless the employer is prepared, it’s wasting its time sitting through a workers’ comp file review.

I know…pretty simple, right? While it seems like common sense, you’d be surprised how many employers don’t do their prep work. Many times, I’ve seen an employer sitting in the meeting nodding approvingly while the examiner provides a lackluster or imprecise update. The employers — neither being experts nor adequately prepared — don’t know the difference. And because they allowed themselves to be bamboozled, the file reviews are basically for naught.

Don’t get me wrong. I’m not saying file reviews are total rubbish. The mere fact that you requested the file review shows you are somewhat interested and will most certainly motivate the examiners to update files.

But a file review will only scratch the surface. You might as well call the file review, “Tell-me-what- you-want-me-to-know-in-three-minutes-or-less.”

I always advocate for an actual file audit on occasion to supplement your quarterly file reviews on all high value/high exposure cases. When it comes to a file audit, there’s no place to hide. Stone after stone will be unturned so no doubt remains as to whether the file was handled right by the examiner. You see, oftentimes what the examiner tells you — and what the file ultimately reveals — are totally different scenarios. The audit isn’t a way to catch the examiner slacking but rather to find out if your money is well-spent on that particular examiner or, more importantly, on that third-party administrator or insurance carrier.  Basically, an audit answers the nagging question: Am I getting the bang for my buck?

Back to file reviews: So what constitutes prep work? This is pretty straightforward. It all boils down to how much you know about the injured worker’s current situation. Do you know his diagnosis and the effectiveness of the treatment regime? The treating physician? The return-to-work situation? Claimant attorney? Employee’s work history? Personnel history? Medical history? Did the examiner establish a plan of action and stick to it? Did he share that plan with you prior to the claim review? Most importantly, did the examiner continually move forward in regard to file management and expedition to closure?

Some employers would say, “Why would I need to know all that when the file review will tell me everything I need to know?” If that’s the case, I’d suggest you go back and read the first paragraph. An employer can’t be an active participant if it doesn’t what it’s dealing with.

You must also remember you’re most likely sharing the examiner with several other employers, and the examiner only has so many hours in a day. Her time will be focused on the employers who either squawk the most, or (and this is crucial) closely follow their files. Disinterested employers will always fall to the wayside.

Yes, it will take time to keep up to speed on the claims. But it’ll pay dividends when it’s time for the file review because you’ll be a functioning part of the decision-making.

So be interested. Be involved. And do you prep work. If you’re not prepared, it’s pretty easy for an examiner to gloss over prior missteps, especially if the employer is a workers’ comp neophyte…and missteps cost the employer money.