Get A Quote
Get A Quote

Cal/OSHA Urges Employers to Protect Outdoor Workers Against Heat Illness

As we get closer to another scorching California summer, Cal/OSHA is reminding employers with outdoor workers to take precautions to protect them against the heat.

California employers need to be especially mindful as Cal/OSHA has workplace safety regulations governing the prevention of heat illness and the agency actively enforces its heat illness prevention standard.

Employers should also comply for the safety and well-being of their workers, as heat illness can be deadly.

Cal/OSHA is urging employers to take the following steps to prevent heat-related illness among their employees who work outdoors:

Plan — Develop and implement an effective written heat illness prevention plan (HIPP) that is specific and customized to your specific operations.

The plan must include the following heat illness prevention and response procedures:

Training — Train all employees and supervisors on heat illness prevention. Nobody should be working outside in heat if they have not been trained in heat illness prevention and emergency procedures.

Water — Provide drinking water that is fresh, pure, suitably cool and free of charge so each worker can drink at least 1 quart per hour, and encourage workers to do so. Water should be located as close as practicable to where employees are working.

Access to shade — When temperatures reach 80 degrees, you must have and maintain one or more areas of shade at all times, when employees are present. Locate the shade as close as practical to the area where employees are working and provide enough to accommodate the number of employees on meal, recovery or rest periods at any time

Even if temperatures are less than 80 degrees, you must permit access to shade for workers to rest.

The importance of rest — Encourage workers to take a cool-down rest in the shade for at least five minutes when they feel the need to do so to protect themselves from overheating. Workers should not wait until they feel sick to cool down.

If an employee starts feeling unwell, they must be monitored for symptoms of heat illness and emergency procedures should be initiated if they don’t improve.

High-heat procedures — During heatwaves (when the mercury reaches 95 degrees), employers must institute high-heat procedures that include monitoring of employees, regular communication, more frequent reminders to drink water and rest, and additional cool-down rest periods.

Emergency response procedures should be site-specific and include who/how to call emergency services and steps to respond to signs and symptoms of heat illness. 

Observe all employees and any newly assigned to a high-heat area. You should consider giving employees who have not been working in high temperatures time to adapt to the new conditions. You can do this by initially providing them with lighter work, frequent breaks or shorter hours.

 

Get the plan right

Your heat illness prevention plan must be in writing and include all of the above. The HIPP must be written both in English and in the language understood by the majority of employees. It must also be available to employees at the work site.

Additional information about heat illness prevention, including details on upcoming training sessions throughout the state, are posted on Cal/OSHA’s Heat Illness Prevention page.

The agency also has extensive multilingual materials for employers, workers and trainers on its “Water. Rest. Shade.” public awareness campaign website.

Tags: ,
Posted in Uncategorized |
Read the article

Bureau Recommends Workers’ Comp Benchmark Rate Hike

California’s workers’ compensation rate-making agency has recommended that average benchmark “pure premium” rates increase by 10.4% for policies incepting on or after Sept. 1, 2026.

The Workers’ Compensation Insurance Rating Bureau cited an increase in cumulative trauma claims as well as rising medical and administrative costs. The filing, if approved by the California Department of Insurance, would be the second consecutive year that the benchmark rate insurers use to price their policies has increased. Last year the DOI approved an 8.1% hike after WCIRB had recommended an 11.2% increase.

The pure premium rate increase has not resulted in employers with few or no workers’ compensation claims paying higher premiums since insurers only use the pure premium rate as a guidepost when pricing their policies. The pure premium rate remains at historical lows and the market is quite competitive.

The 10.4% recommended increase is an average across all the state’s workers’ compensation class codes, and each class will see a different change.

Here’s a look at the cost drivers:

 

Cumulative trauma claims

WCIRB estimates that 26.4% of all workers’ comp claims filed in the state in 2025 are for cumulative trauma injuries, compared to 15% in 2021. CT claims are not for sudden injuries, but rather those that develop over time through repetitive motions, such as:

  • Carpal tunnel syndrome — Often claimed by office workers, data entry personnel and assembly line workers due to repetitive hand and wrist movements.
  • Chronic back and neck injuries — Caused by years of lifting, bending, twisting or maintaining poor posture.
  • Tendonitis and tendon disorders — Inflammation from repetitive shoulder or arm movements, common in construction, warehouse and food service jobs.
  • Shoulder injuries — Rotator cuff tears or bursitis from repetitive overhead lifting.
  • Knee problems — Develops from repetitive kneeling, squatting or climbing stairs, frequently seen in plumbers or floor layers.

 

About three out of every five CT claims are filed after an employee is terminated, according to WCIRB. There is a cottage industry of lawyers who find recently laid-off workers and convince them to file these claims. Adding to the cost: nearly all CT claims are litigated, in most cases from the first notice.

 

Medical costs

One anomaly in CT claims is that they usually have few medical costs in the first year, which masks the growing issue of rising medical costs for workers’ comp claims. According to WCIRB, average medical costs per claim increased 1.7% between 2021 and 2023, but excluding CT claims, that number rises to 3%.

Associated medical-legal costs are up 14% per claim in 2025, while medical equipment and other medical services costs jumped 7% in the same period.

 

Claims adjusting costs

The high litigation rates for CT claims are seeping into the cost of adjusting claims, according to WCIRB. It projects that insurers’ loss adjustment expense ratio (the cost of adjusting claims) will increase to 37.7% of claims costs, up from 35.7% in the Sept. 1, 2025, filing.

The total cost of claims adjusting increased from $12,636 per claim in 2024 to $14,235 in 2025 and is expected to rise 5.5% annually between 2026 and 2028 to $16,184.

 

The takeaway

The Rating Bureau has sent the rate recommendation to the Department of Insurance, which will hold a public hearing in the coming months, after which the insurance commissioner, with input from the public and department actuaries, will either accept the recommendation or order a different rate.

While the workers’ comp market is expected to stay competitive, the rate recommendation could portend moderately increasing rates in the coming years.

Tags: , ,
Posted in Uncategorized |
Read the article

Report, Investigate Near Misses to Improve Safety

One of the most important workplace safety tools you can implement is reporting near misses and correcting the factors that lead to them.

A near miss is an event that could have led to a workplace injury, illness or death. While you are not required to report near misses to your insurer, you should take note of them because they can help identify deficiencies in your safety protocols.

You should use near misses as a starting point for inspections that can help prevent actual workplace injuries. But you can’t investigate what you don’t know, so it’s crucial that your staff report such events.

 

What is and isn’t a near miss

An OSHA fact sheet defines a near miss — or close call — as an incident in which no property was damaged and no workers were injured, but given a slight shift in time or position, damage or injury could have occurred.

Resist the urge to chalk a near miss up to luck. The fact sheet stresses that although near misses cause no immediate harm, they may precede events in which a loss or injury could occur.

Typically, near misses are the result of a faulty process or management system. Your goal should be to investigate where the breakdown occurred and how it can be improved.

 

A near-miss program

Near-miss reporting is vitally important to preventing serious, fatal and catastrophic incidents that are less frequent but far more harmful than other incidents.

The National Safety Council recommends that the following be included in your safety program:

  • Clearly define “near miss.
  • Establish a reporting system that reinforces that every opportunity to identify and control hazards must be acted on.
  • Investigate to identify system weaknesses or employee actions that led to the near miss.
  • Use investigation results to address the failure that led to the near miss and to improve safety systems.
  • Use the lessons learned and new protocols in employee safety training.

 

Reporting system

Encourage your workers to report such incidents because they may occur out of sight of a supervisor or manager.

Provide clear instructions for all personnel on how to report near misses, including who to report to. Create forms that detail what happened and why it constituted a near miss.

Do not retaliate against any employee for raising a near miss or other safety concerns. Instead of trying to assign blame when investigating a near miss, focus on what precipitated it.

 

Case studies

A chemical manufacturer tracks lower-level claims and near misses to identify areas where more significant injuries are likely to occur. The company encourages employees to resolve issues on a temporary basis until permanent controls can be implemented.

Another manufacturer uses near-miss analysis to head off future incidents. It uses an event system that records near misses, including detailed information on what led to them and the lessons learned. These lessons are shared throughout the organization.

Tags: ,
Posted in Uncategorized |
Read the article

Hand and Power Tool Safety Can Avoid Amputations, Worse

While tools used in construction, agriculture, manufacturing and other industries make workers’ lives easier, they can also pose a danger of injury or death if used incorrectly or if they malfunction, to the worker using the tool, co-workers and the public.

Injured workers may suffer pain, recovery challenges and the possibility that they may be unable to return to work, while your company could face OSHA fines and higher workers’ compensation premiums. If a third party is injured, buckle up for the inevitable lawsuit, which can explode into a multi-million settlement or judgment.

To reduce the chances of these scenarios, employers must train workers to recognize hazards associated with the tools they use and follow procedures necessary to prevent injuries.

 

Hand tools

Hand tools include anything from axes to wrenches, and the greatest hazards they pose result from misuse and improper maintenance.

The employer is responsible for the safe condition of tools and equipment used by employees, while workers are responsible for properly using and maintaining their tools. Employees should be trained to report any issues to management so tools can be removed from service or repaired.

 

Power tools

Power tools pose significant risks to workers, including cuts, amputations, eye injuries, electric shock and hearing damage, particularly when used improperly or without safeguards. Many incidents stem from inadequate training, lack of maintenance or the removal of safety guards, which can turn routine tasks into serious hazards.

 

Guards

Hazardous moving parts of power tools must be safeguarded. For example, if exposed to contact by employees, belts, gears, shafts, pulleys, sprockets, spindles, drums, flywheels, chains and other reciprocating, rotating or moving parts of equipment must be guarded.

Ensure that all tools with moving parts have guards to prevent workers from contacting them. Employees who use equipment that requires guarding must also avoid wearing loose clothing or jewelry to avoid deadly entanglement.

 

Electric tools

Employees using electric tools must be aware of several dangers; the most serious is the possibility of electrocution. Among the chief hazards of electric-powered tools are burns and slight shocks, which can lead to injuries or even hearing loss.

Even a small amount of current can result in death. Electric shock can also cause the user to fall from a ladder or elevated surface, elevating the risk substantially.

 

Powered abrasive wheel tools

Powered abrasive grinding, cutting, polishing and wire buffing wheels create safety problems because they may produce flying fragments.

Workers can protect themselves with proper attire that resists impact from sharp fragments and shielding that protects the hands, neck and face.

 

Pneumatic tools

Pneumatic tools are powered by compressed air. Examples include chippers, drills, hammers and sanders, all of which pose several dangers. The main one is the danger of being struck by a tool attachment or a fastener used with the tool.

Powder-actuated pneumatic tools operate like a loaded gun and should be treated with the same precautions. They are so dangerous that they must be operated by specially trained employees.

 

Hydraulic power tools

The fluid in hydraulic power tools must be an approved fire-resistant fluid and must retain its operating characteristics at extreme temperatures. Never exceed the recommended operating pressure.

Employees and employers must work together to establish safe working procedures. If there is a hazardous situation, it should be brought to the attention of the appropriate individual immediately.

 

A final word

Employers can reduce risks by implementing formal training programs, enforcing the use of personal protective equipment and ensuring that tools are regularly inspected and maintained.

Importantly, workers should inform supervisors if a tool is not working properly, is lagging or has loose parts. Malfunctioning tools must be removed from service and either repaired or replaced.

Tags: ,
Posted in Uncategorized |
Read the article

AI Deepfakes Fuel New Wave of Workplace Harassment

The rise of generative artificial intelligence is creating a troubling new category of workplace risk: employees using AI-generated “deepfakes” to harass, humiliate or retaliate against co-workers.

While harassment claims are nothing new, employers should be aware that this emerging form of misconduct is already appearing in lawsuits and is expected to grow as AI tools become cheaper, easier to use and more realistic. These incidents can involve sexually explicit fake videos, manipulated recordings depicting an employee violating company policy or altered audio suggesting someone made offensive or abusive remarks.

It’s important that employers understand this emerging form of workplace harassment.

 

Recent cases

In one recent case, a law enforcement officer alleged colleagues created and circulated an AI-generated video depicting him in a sexualized scenario meant to mock his sexual orientation. In another, a television meteorologist sued her employer after deepfake sexual images using her likeness were circulated and, she claimed, the issue was inadequately addressed by her employer.

Appellate courts have also upheld significant verdicts where employers failed to act after deepfake content spread within organizations.

Compounding the risk, the volume of deepfake content is exploding. Reports have found millions of deepfake files circulating online, with sexually explicit content making up the majority. As these tools become more accessible, misuse in the workplace is expected to increase.

 

Existing laws still apply

Harassment involving deepfakes is generally evaluated under the same standards as traditional workplace harassment claims. If the content targets an employee based on protected characteristics such as gender, race or sexual orientation — and contributes to a hostile work environment — employers may face liability under federal and state anti-discrimination laws if complaints are not handled appropriately.

Employers may also be exposed to claims involving:

  • Defamation
  • Invasion of privacy
  • Intentional infliction of emotional distress
  • Violations of emerging state laws targeting nonconsensual deepfake content

 

Why it’s an issue

Most employee handbooks and anti-harassment policies were drafted before generative AI became widely available, so they do not explicitly address synthetic media or AI misuse.

As a result, employees may not clearly understand that this conduct is prohibited, and employers may have a harder time defending their policies if litigation arises.

 

What employers can do

  • Update anti-harassment policies. Explicitly prohibit creating, sharing or possessing AI-generated content that is sexually explicit, defamatory or targets protected characteristics in your policies.
  • Address off-duty conduct. Make it clear that behavior outside of work that affects the workplace can be subject to disciplinary action.
  • Enhance investigation protocols. Treat digital content as potentially manipulated evidence. Verify its authenticity and document findings carefully.
  • Train managers and employees. They should know how to recognize deepfake harassment and respond appropriately.
  • Act promptly and consistently. When issues arise, apply discipline regardless of the employee’s role or tenure.
  • Monitor legal developments. States continue to pass laws targeting deepfake misuse and Congress is considering broader regulation.
  • Review insurance coverage. Call us to see if your employment practices liability or cyber policies address claims involving synthetic media. An employment practices liability insurance can cover litigation costs, including legal fees, discovery, settlements and judgments in harassment cases.
Tags:
Posted in Uncategorized |
Read the article

NLRB Reinstates 2020 Rule on Joint-Employer Liability

The National Labor Relations Board has formally reinstated its 2020 rule governing when a company is deemed a joint employer under labor law, loosening standards put in place during the Biden administration.

This pro-business shift will make it harder for workers to hold parent companies, franchisors or hiring entities liable for labor violations by contractors, subcontractors or franchisees.

Because a federal court had vacated a 2024 Biden-era rule, a public comment period was unnecessary, and the rule took effect Feb. 27, 2026.

A finding of joint employment can have significant consequences for companies under the National Labor Relations Act. Under established case law, each company found to be a joint employer by the NLRA may be held liable for the unfair labor practices of its co-employers.

Under the reinstated standard, merely holding a contractual right to control another entity’s workers or exercising indirect control such as setting safety standards is not enough to create a joint-employer relationship.

Types of cases affected:

  • Franchise disputes: Cases where employees of a franchisee (e.g., a fast-food restaurant) seek to hold the franchisor responsible for unfair labor practices, wage disputes or bargaining.
  • Staffing agency arrangements: Situations where workers hired through a staffing agency claim that the company they are assigned to is also their employer, particularly in disputes regarding discrimination or union organizing.
  • Subcontractor relationships: Cases involving construction or logistics firms where a general contractor or larger client is accused of interfering with the labor rights of a subcontractor’s employees.
  • Unfair labor practices: Cases where unions charge a parent company or hiring entity with violating rights will now be harder to prove unless the parent company or hiring entity directly controls hiring, firing or wages.
  • Collective bargaining: Cases determining whether a large corporation must sit at the bargaining table with workers employed by a vendor or contractor.

 

The reinstated rule explained

Under the reinstated rule, a business must possess and exercise “substantial direct and immediate control” over at least one essential term and condition of employment of another employer’s staff to be a joint employer.

The rule defines substantial direct control as actions that have “a regular or continuous consequential effect” on several core aspects of a worker’s job. This includes the employer’s ability to:

  1. Hire or fire a worker,
  2. Supervise and control an employee’s work schedule or conditions of employment to a significant degree,
  3. Determine a worker’s rate and method of payment, and
  4. Maintain the employee’s employment records.

 

An employer does not have to meet all four factors to be considered a joint employer. Also, even when an employer exercises direct control over another employer’s workers, it will not be considered a joint employer if the control is exercised on a sporadic, isolated or de minimis basis.

 

The takeaway

This new rule will provide employers with clarity and certainty in instances where they may be considered joint employers, either when working with contractors or as franchisees.

However, employers still face some risk and should ensure that managers stay within the confines of the rules when establishing project goals and directing the work of third-party providers such as subcontractors and staffing agencies through direct supervision or task assignment. When dealing with these workers, managers should focus on what needs to be done rather than how the vendor’s employees perform it.

For franchisees, it will now be more difficult to pull franchisors into labor disputes and collective bargaining, which may prompt unions to focus on site-specific organizing.

Tags: ,
Posted in Uncategorized |
Read the article

Why Safety in Design Should Lead Every Construction Project

Too often, safety on construction sites is treated as a field problem managed after work begins. By then, many of the most significant risks are already built into the job. Safety in design flips that approach by identifying and eliminating hazards before ground is ever broken.

Safety in design is a proactive process that integrates safety into the earliest stages of planning, engineering and layout. The goal is simple: to remove or reduce risks at their source rather than relying on protective equipment, procedures or workarounds later. For construction executives, design safety can mean fewer injuries, lower costs and smoother project delivery.

This approach requires project teams to think through how a structure will be built, used, maintained and eventually demolished — and address hazards at each stage. That means involving safety professionals, engineers and operations personnel so risks can be engineered out rather than managed in the field.

 

Where design decisions reduce real-world risk

Many of the most effective safety improvements are straightforward design choices made early in a project:

  • Add roof parapets or guardrails to reduce fall risks and limit the need for active fall protection systems.
  • Relocate rooftop equipment to ground level to eliminate work at height during maintenance.
  • Design site layouts to separate pedestrian and vehicle traffic and improve equipment flow.
  • Ensure adequate space for safety equipment like eyewash stations and spill kits.
  • Plan access for safe removal and replacement of heavy equipment like generators.

 

Each of these decisions removes a hazard before it reaches the job site, reducing reliance on administrative controls or worker behavior to stay safe.

 

A gap between design and construction

Despite its benefits, safety in design has historically been underutilized in the U.S. Designers often distance themselves from construction-phase safety due to limited training in safety practices and concerns about increased liability.

That disconnect creates risk. Designers ultimately dictate how a project is built, including the materials and assembly methods used, yet they are often not directly involved in construction safety planning.

Design-build firms tend to perform better in this area. Designers and builders work within the same organization, so can collaborate more effectively. Construction teams flag safety concerns during design, and those lessons carry forward into future projects.

Companies working with outside design firms should insist on similar collaboration. Owners and contractors should consider bringing designers together with construction managers and safety teams to review risks and identify safer alternatives.

 

Why early involvement pays off

  • Lower total project costs: Addressing hazards early avoids costly redesigns, delays and injury-related expenses.
  • Fewer incidents and disruptions: Eliminating risks upfront reduces the likelihood of accidents that halt work and injure workers or third parties.
  • Improved productivity: Safer, better-designed work sites are more efficient and easier to navigate.
  • Reduced insurance and liability exposure: Fewer claims and stronger safety records can improve underwriting outcomes.
  • Stronger competitive position: Many project owners now expect documented safety plans as part of bids.

 

A shift that is gaining momentum

Safety expert Georgi Popov notes that historically, most safety efforts have focused on the operational phase of projects. In an interview with Construction Dive, he said that is changing as more organizations recognize the value of early intervention.

“Our goal is to manage risk throughout the life cycle of a system or building, starting with the design concept,” Popov said, adding that earlier involvement helps eliminate embedded risks before they reach the field.

In short, projects are safer when they are designed that way from the start.

Tags: , ,
Posted in Uncategorized |
Read the article

How to Avoid Employee Retaliation Claims

Retaliation is the most common employment-related claim filed with the U.S. Equal Employment Opportunity Commission and often accompanies discrimination or harassment complaints.

For employers, these claims can be more difficult to defend than the underlying allegation because courts interpret retaliation broadly and juries closely scrutinize timing and intent. As a result, these cases can be costly to defend even if the complaint is found to be meritless.

At its core, retaliation occurs when an employer takes an adverse employment action against a worker because that individual engaged in protected activity. That action may include termination, demotion, suspension, denial of promotion, reduced hours or reassignment to a less desirable shift.

It can also involve more subtle conduct such as heightened scrutiny, exclusion from meetings or workplace ostracism if it would dissuade a reasonable person from raising concerns.

 

What qualifies as protected activity

Federal and state laws protect employees who speak up about workplace issues. These protections apply even if the underlying complaint ultimately proves unsubstantiated as long as it was made in good faith.

Retaliation protections appear in numerous federal statutes, each with its own procedures and remedies, including:

  • Title VII of the Civil Rights Act of 1964,
  • The Americans with Disabilities Act,
  • The Age Discrimination in Employment Act, and
  • Whistleblower provisions enforced by OSHA.

 

Examples of protected activity include:

  • Filing or threatening to file a discrimination charge.
  • Reporting harassment to a supervisor or human resources.
  • Participating in an internal investigation or testifying in a proceeding.
  • Requesting a reasonable accommodation for a disability or religious practice.
  • Taking protected leave under the Family and Medical Leave Act.
  • Reporting a workplace injury or filing a workers’ compensation claim.
  • Raising workplace safety concerns under the Occupational Safety and Health Act.
  • Blowing the whistle on fraud or regulatory violations.

 

Why retaliation claims are so common

Employment attorneys often add retaliation to discrimination lawsuits because the standard for proving it can be less demanding.

Courts may view close timing between a complaint and an adverse action as evidence of a retaliatory motive. Inconsistent explanations for discipline, weak documentation or emotional language in personnel files can also undermine an employer’s defense.

These cases are costly. Even if an employer ultimately prevails, defense costs can reach tens or even hundreds of thousands of dollars. If the employee wins, damages may include back pay, front pay, reinstatement, compensatory and punitive damages and attorneys’ fees.

Beyond legal costs, retaliation claims can damage morale, increase turnover and attract regulatory scrutiny.

 

How employers can reduce their risk

Business owners and HR leaders can take proactive steps to prevent retaliation and strengthen their defense if a claim arises:

  • Publish and regularly communicate a clear anti-retaliation policy.
  • Train managers and supervisors on what constitutes protected activity and prohibited conduct.
  • Promptly investigate all complaints and document the process thoroughly.
  • Keep knowledge of complaints on a need-to-know basis.
  • Separate the complainant and accused in a neutral, nonpunitive manner.
  • Conduct follow-up check-ins after investigations close.
  • Ensure discipline is consistent with past practice and supported by objective metrics.
  • Review the timing of employment decisions if they occur after a worker raises issues.
  • Require multiple levels of review before disciplining someone who has recently complained for unrelated reasons.
  • Use timely documentation that is factual and free of speculation or sarcasm.
  • Implement a litigation hold if a charge is filed and preserve relevant records.

 

Under OSHA’s whistleblower provisions, for example, employers must provide a safe reporting channel for safety concerns and ensure workers can report hazards without fear of reprisal. Employers that encourage reporting and respond constructively can reduce legal exposure.

 

The insurance backstop

Even the most diligent employer can face a retaliation allegation. Employment Practices Liability Insurance or EPLI can help cover the costs of defending against claims of retaliation, discrimination, harassment and other employment-related actions.

Policies typically cover legal defense expenses, settlements and judgments, subject to their terms and exclusions.

Additionally, clear policies, consistent enforcement and strong documentation practices are essential. Pairing these efforts with appropriate insurance coverage can help protect both the organization and its bottom line.

Tags: ,
Posted in Uncategorized |
Read the article

Cyber Criminals Use Data to Fine-Tune Extortion Demands

Cyber criminals are increasingly stealing companies’ data to bolster their ransomware extortion demands, according to a new report by cyber insurer Resilience.

As part of these tactics, hackers are infiltrating company databases before launching attacks to better understand their defenses and the value of their data and maximize ransom demands. They are also searching for companies’ cyber insurance policies to tailor demands to coverage and maximize payouts.

The results emphasize the importance of employers adapting their defenses to evolving cyberattacks that, if large enough, can cripple an organization’s ability to recover.

 

A more calculated form of extortion

This shift toward a focus on data has been rapid. Data theft-only attacks rose from 49% of extortion claims in the first half of 2025 to 65% in the second half, according to the “Resilience 2025 Cyber Risk Report.”

Criminals now infiltrate networks, quietly move through databases and assess which data has the highest regulatory, legal or competitive value — then structure ransom demands accordingly.

In some cases, threat groups have gone further by searching stolen files for cyber insurance policies. Groups such as Interlock reviewed policy details to calibrate ransom demands within coverage limits and increase the odds of payment.

Extortion has also become layered. Attackers may:

  • Demand payment to decrypt systems
  • Demand additional payment to suppress stolen data
  • Threaten customers or business partners directly

 

Even when organizations pay for data suppression, there is no guarantee the data will not be sold or leaked later. According to the Resilience report, this dynamic contributes to rising litigation and long-tail losses.

 

Points of failure: Where attackers are getting in

The report emphasizes that hackers are primarily focused on gaining access by stealing or abusing employees’ login credentials.

According to the Resilience report, key points of failure include:

Phishing: The resurgence of phishing in 2025 suggests AI is making campaigns more believable and scalable. AI-generated phishing campaigns are achieving success rates as high as 54% compared with 12% for traditional methods.

New tools allow attackers to craft highly personalized messages, impersonate executives and bypass language barriers. Deepfake audio and video are expected to raise the risk of executive impersonation and fraudulent wire transfers next year.

Vendor compromise: When critical vendors are breached, losses can cascade across entire industries. Vendor-related incidents carried an average severity of $1.36 million.

These events generally fall into three categories:

  • Vendor ransomware that spreads business interruption to clients
  • Vendor data breaches that expose customer information
  • Non-malicious vendor outages that disrupt operations

 

Even when internal controls are strong, companies remain exposed to failures across their supply chain.

 

Credential theft via infostealers: More than 2 billion credentials were harvested in 2025, often serving as an early warning sign of a larger ransomware attack.

 

How firms can protect themselves

As threats evolve and cyber attackers use new tactics, employers will need to react accordingly.  Organizations may consider:

  • Investing in data loss prevention and zero-trust software.
  • Deploying multifactor authentication and e-mail authentication protocols.
  • Monitoring for stolen credentials on the dark web and rotating session tokens immediately when compromise is detected. This will often require contracting with vendors that specialize in this area.
  • Developing vendor incident contingency plans that address supply chain failures.
  • Conducting tabletop exercises to rehearse coordinated legal, technical and communications responses.
  • Reviewing cyber insurance policy limits to ensure coverage reflects current severity levels rather than historical averages.

 

If you have concerns about potential cyber risks, give us a call.

Tags: ,
Posted in Uncategorized |
Read the article

Cal/OSHA Proposes New First-Aid Kit Rules

The Cal/OSHA Standards Board is in the final stages of approving updates to its first-aid kit rules that could take effect later this year.

The proposal aims to ensure that kits are easily located in the workplace and accessible within three or four minutes from any part of a worksite. Employers will also be required to assess “unique hazards” at the workplace and provide specialized first-aid supplies as needed to address those risks.

According to the Standards Board, the goal of the changes is to reduce the time for injured employees to receive first aid and improve treatment effectiveness.

Under the proposal, Class A first-aid kits would be required to meet the American National Standards Institute/International Safety Equipment Association (ANSI/ISEA) standard known as the “Minimum Requirements for Workplace First Aid Kits and Supplies.”

If employers choose not to use kits that comply with the new standard, the proposed rules would allow them to consult a physician or licensed health care professional about their choice of first-aid supplies.

Employers will also be required to evaluate first-aid supply needs and ensure adequate quantities and types of materials are available for employees at each job site.

At a minimum, employers shall furnish at least one approved first-aid kit. Based on the employer’s size and workplace hazards, employers shall also evaluate the need for:

  • Additional first-aid kids.
  • Additional types or quantities of first aid equipment or supplies.

 

The required contents of kits are changing, with four new items and four items being removed. The proposed regulations would require the following to be in most first-aid kits:

  • Adhesive dressings
  • Adhesive tape rolls, 1-inch wide
  • Eye dressing packet
  • 1-inch gauze bandage roll or compress
  • 2-inch gauze bandage roll or compress
  • 4-inch gauze bandage roll or compress
  • Sterile gauze pads, 2-inch square
  • Sterile gauze pads, 4-inch square
  • Sterile surgical pads suitable for pressure dressings
  • Triangular bandages
  • Medical exam gloves (NEW)
  • Tweezers
  • Cotton-tipped applicators
  • Antibiotic treatment, single-use application (NEW)
  • Antiseptic, single-use application (NEW)
  • Flashlight
  • Magnifying glass
  • Single-use disposable barrier device for CPR where CPR may be required (NEW)
  • Appropriate record forms
  • An up-to-date “standard” or “advanced” first-aid textbook, manual or equivalent

 

While first-aid kits are primarily for minor injuries, the board said it included ANSI/ISEA-required breathing barriers to help with resuscitative breathing and cardiopulmonary resuscitation, which can improve a person’s chances of survival while waiting for emergency services.

The above list eliminates the following from the items currently required:

  • Safety pins
  • Scissors
  • Forceps
  • Emesis basin
  • Portable oxygen and its breathing equipment
Tags: ,
Posted in Uncategorized |
Read the article