How to Avoid Employee Retaliation Claims
Retaliation is the most common employment-related claim filed with the U.S. Equal Employment Opportunity Commission and often accompanies discrimination or harassment complaints.
For employers, these claims can be more difficult to defend than the underlying allegation because courts interpret retaliation broadly and juries closely scrutinize timing and intent. As a result, these cases can be costly to defend even if the complaint is found to be meritless.
At its core, retaliation occurs when an employer takes an adverse employment action against a worker because that individual engaged in protected activity. That action may include termination, demotion, suspension, denial of promotion, reduced hours or reassignment to a less desirable shift.
It can also involve more subtle conduct such as heightened scrutiny, exclusion from meetings or workplace ostracism if it would dissuade a reasonable person from raising concerns.
What qualifies as protected activity
Federal and state laws protect employees who speak up about workplace issues. These protections apply even if the underlying complaint ultimately proves unsubstantiated as long as it was made in good faith.
Retaliation protections appear in numerous federal statutes, each with its own procedures and remedies, including:
- Title VII of the Civil Rights Act of 1964,
- The Americans with Disabilities Act,
- The Age Discrimination in Employment Act, and
- Whistleblower provisions enforced by OSHA.
Examples of protected activity include:
- Filing or threatening to file a discrimination charge.
- Reporting harassment to a supervisor or human resources.
- Participating in an internal investigation or testifying in a proceeding.
- Requesting a reasonable accommodation for a disability or religious practice.
- Taking protected leave under the Family and Medical Leave Act.
- Reporting a workplace injury or filing a workers’ compensation claim.
- Raising workplace safety concerns under the Occupational Safety and Health Act.
- Blowing the whistle on fraud or regulatory violations.
Why retaliation claims are so common
Employment attorneys often add retaliation to discrimination lawsuits because the standard for proving it can be less demanding.
Courts may view close timing between a complaint and an adverse action as evidence of a retaliatory motive. Inconsistent explanations for discipline, weak documentation or emotional language in personnel files can also undermine an employer’s defense.
These cases are costly. Even if an employer ultimately prevails, defense costs can reach tens or even hundreds of thousands of dollars. If the employee wins, damages may include back pay, front pay, reinstatement, compensatory and punitive damages and attorneys’ fees.
Beyond legal costs, retaliation claims can damage morale, increase turnover and attract regulatory scrutiny.
How employers can reduce their risk
Business owners and HR leaders can take proactive steps to prevent retaliation and strengthen their defense if a claim arises:
- Publish and regularly communicate a clear anti-retaliation policy.
- Train managers and supervisors on what constitutes protected activity and prohibited conduct.
- Promptly investigate all complaints and document the process thoroughly.
- Keep knowledge of complaints on a need-to-know basis.
- Separate the complainant and accused in a neutral, nonpunitive manner.
- Conduct follow-up check-ins after investigations close.
- Ensure discipline is consistent with past practice and supported by objective metrics.
- Review the timing of employment decisions if they occur after a worker raises issues.
- Require multiple levels of review before disciplining someone who has recently complained for unrelated reasons.
- Use timely documentation that is factual and free of speculation or sarcasm.
- Implement a litigation hold if a charge is filed and preserve relevant records.
Under OSHA’s whistleblower provisions, for example, employers must provide a safe reporting channel for safety concerns and ensure workers can report hazards without fear of reprisal. Employers that encourage reporting and respond constructively can reduce legal exposure.
The insurance backstop
Even the most diligent employer can face a retaliation allegation. Employment Practices Liability Insurance or EPLI can help cover the costs of defending against claims of retaliation, discrimination, harassment and other employment-related actions.
Policies typically cover legal defense expenses, settlements and judgments, subject to their terms and exclusions.
Additionally, clear policies, consistent enforcement and strong documentation practices are essential. Pairing these efforts with appropriate insurance coverage can help protect both the organization and its bottom line.
Cyber Criminals Use Data to Fine-Tune Extortion Demands
Cyber criminals are increasingly stealing companies’ data to bolster their ransomware extortion demands, according to a new report by cyber insurer Resilience.
As part of these tactics, hackers are infiltrating company databases before launching attacks to better understand their defenses and the value of their data and maximize ransom demands. They are also searching for companies’ cyber insurance policies to tailor demands to coverage and maximize payouts.
The results emphasize the importance of employers adapting their defenses to evolving cyberattacks that, if large enough, can cripple an organization’s ability to recover.
A more calculated form of extortion
This shift toward a focus on data has been rapid. Data theft-only attacks rose from 49% of extortion claims in the first half of 2025 to 65% in the second half, according to the “Resilience 2025 Cyber Risk Report.”
Criminals now infiltrate networks, quietly move through databases and assess which data has the highest regulatory, legal or competitive value — then structure ransom demands accordingly.
In some cases, threat groups have gone further by searching stolen files for cyber insurance policies. Groups such as Interlock reviewed policy details to calibrate ransom demands within coverage limits and increase the odds of payment.
Extortion has also become layered. Attackers may:
- Demand payment to decrypt systems
- Demand additional payment to suppress stolen data
- Threaten customers or business partners directly
Even when organizations pay for data suppression, there is no guarantee the data will not be sold or leaked later. According to the Resilience report, this dynamic contributes to rising litigation and long-tail losses.
Points of failure: Where attackers are getting in
The report emphasizes that hackers are primarily focused on gaining access by stealing or abusing employees’ login credentials.
According to the Resilience report, key points of failure include:
Phishing: The resurgence of phishing in 2025 suggests AI is making campaigns more believable and scalable. AI-generated phishing campaigns are achieving success rates as high as 54% compared with 12% for traditional methods.
New tools allow attackers to craft highly personalized messages, impersonate executives and bypass language barriers. Deepfake audio and video are expected to raise the risk of executive impersonation and fraudulent wire transfers next year.
Vendor compromise: When critical vendors are breached, losses can cascade across entire industries. Vendor-related incidents carried an average severity of $1.36 million.
These events generally fall into three categories:
- Vendor ransomware that spreads business interruption to clients
- Vendor data breaches that expose customer information
- Non-malicious vendor outages that disrupt operations
Even when internal controls are strong, companies remain exposed to failures across their supply chain.
Credential theft via infostealers: More than 2 billion credentials were harvested in 2025, often serving as an early warning sign of a larger ransomware attack.
How firms can protect themselves
As threats evolve and cyber attackers use new tactics, employers will need to react accordingly. Organizations may consider:
- Investing in data loss prevention and zero-trust software.
- Deploying multifactor authentication and e-mail authentication protocols.
- Monitoring for stolen credentials on the dark web and rotating session tokens immediately when compromise is detected. This will often require contracting with vendors that specialize in this area.
- Developing vendor incident contingency plans that address supply chain failures.
- Conducting tabletop exercises to rehearse coordinated legal, technical and communications responses.
- Reviewing cyber insurance policy limits to ensure coverage reflects current severity levels rather than historical averages.
If you have concerns about potential cyber risks, give us a call.
Cal/OSHA Proposes New First-Aid Kit Rules
The Cal/OSHA Standards Board is in the final stages of approving updates to its first-aid kit rules that could take effect later this year.
The proposal aims to ensure that kits are easily located in the workplace and accessible within three or four minutes from any part of a worksite. Employers will also be required to assess “unique hazards” at the workplace and provide specialized first-aid supplies as needed to address those risks.
According to the Standards Board, the goal of the changes is to reduce the time for injured employees to receive first aid and improve treatment effectiveness.
Under the proposal, Class A first-aid kits would be required to meet the American National Standards Institute/International Safety Equipment Association (ANSI/ISEA) standard known as the “Minimum Requirements for Workplace First Aid Kits and Supplies.”
If employers choose not to use kits that comply with the new standard, the proposed rules would allow them to consult a physician or licensed health care professional about their choice of first-aid supplies.
Employers will also be required to evaluate first-aid supply needs and ensure adequate quantities and types of materials are available for employees at each job site.
At a minimum, employers shall furnish at least one approved first-aid kit. Based on the employer’s size and workplace hazards, employers shall also evaluate the need for:
- Additional first-aid kids.
- Additional types or quantities of first aid equipment or supplies.
The required contents of kits are changing, with four new items and four items being removed. The proposed regulations would require the following to be in most first-aid kits:
- Adhesive dressings
- Adhesive tape rolls, 1-inch wide
- Eye dressing packet
- 1-inch gauze bandage roll or compress
- 2-inch gauze bandage roll or compress
- 4-inch gauze bandage roll or compress
- Sterile gauze pads, 2-inch square
- Sterile gauze pads, 4-inch square
- Sterile surgical pads suitable for pressure dressings
- Triangular bandages
- Medical exam gloves (NEW)
- Tweezers
- Cotton-tipped applicators
- Antibiotic treatment, single-use application (NEW)
- Antiseptic, single-use application (NEW)
- Flashlight
- Magnifying glass
- Single-use disposable barrier device for CPR where CPR may be required (NEW)
- Appropriate record forms
- An up-to-date “standard” or “advanced” first-aid textbook, manual or equivalent
While first-aid kits are primarily for minor injuries, the board said it included ANSI/ISEA-required breathing barriers to help with resuscitative breathing and cardiopulmonary resuscitation, which can improve a person’s chances of survival while waiting for emergency services.
The above list eliminates the following from the items currently required:
- Safety pins
- Scissors
- Forceps
- Emesis basin
- Portable oxygen and its breathing equipment
Urgent: Distribute New Workplace Rights Notice to Your Staff
If you have not yet distributed the state’s new required “Workplace Know Your Rights” notice to your workers, you missed the Feb. 1 deadline and need to act immediately.
California’s Workplace Know Your Rights Act (SB 294) mandates that employers provide all employees with an annual, stand-alone written notice detailing key workplace rights, including immigration protections, union organizing, workers’ compensation and law enforcement interactions. Under the law, notices must be distributed by Feb. 1, 2026 and to new employees upon hiring.
The law also requires employers, by March 30, 2026, to give employees the opportunity to designate an emergency contact and indicate whether that contact should be notified if the employee is arrested or detained at work or during work hours.
The notice must be delivered in a stand-alone format using the same method normally used to communicate employment information, such as personal service, e-mail or text message, as long as employees can reasonably be expected to receive it within one business day. Notices must be provided annually and upon hire.
The Labor Commissioner has issued a template in English and Spanish, with additional languages — including Chinese, Filipino, Vietnamese, Korean, Hindi, Urdu and Punjabi — forthcoming.
Workers’ compensation rights
The notice must inform employees of their rights to workers’ compensation benefits if they are injured or become ill due to their job. This includes medical care and disability pay to replace lost wages.
Immigration-related protections
A significant portion of the notice addresses immigration-related protections already codified in California law.
Employers must inform workers of their right to advance notice of inspections by immigration authorities, including inspections of I-9 forms. Employers that receive notice of an inspection must notify employees and any union representatives.
The law reinforces that employers may not engage in retaliatory immigration-related practices, such as threatening to report a worker or family member to authorities or improperly reverifying employment eligibility. The notice also outlines workers’ Fourth and Fifth Amendment rights during workplace interactions with law enforcement.
Right to organize
The notice must also describe employees’ right to unionize and engage in protected concerted activity. This includes the right to discuss wages and working conditions and act together to improve workplace conditions.
Penalties and next steps
The Labor Commissioner may assess penalties of up to $500 per employee per violation for failing to comply with the notice requirement.
Violations of the emergency contact provision can trigger penalties of up to $500 per employee per day, capped at $10,000 per employee.
Employers should:
- Determine and document a distribution method for current employees and new hires.
- Ensure a reliable recordkeeping process to confirm delivery.
- Update onboarding materials for new hires to include the notice and emergency contact designation.
- Train supervisors and managers on emergency contact notification obligations.
- Circulate the notice to staff to give them the opportunity to designate an emergency contact by March 30.
Is Your Property Covered During Renovations?
Commercial property owners are often surprised to learn how strict insurance policies can be once a building is considered vacant. Under commonly used property insurance forms developed by the Insurance Services Office, coverage for certain types of damage can be sharply limited if a building has been vacant for more than 60 consecutive days.
At the same time, those ISO forms — and decades of court rulings — recognize an important exception: a building that is under construction is not treated as vacant. Just as important for property owners planning upgrades, that exception has been extended to buildings under renovation as well.
How vacancy exclusions work
Most ISO-based commercial property policies include a “vacancy loss condition.” If a covered building has been vacant for more than 60 consecutive days before a loss, coverage is reduced or eliminated for certain causes of loss.
For buildings vacant beyond that 60-day window, ISO forms typically provide:
- No coverage for vandalism, sprinkler leakage (unless protected against freezing), building glass breakage, water damage and theft or attempted theft.
- Reduced coverage for other covered causes of loss, usually a 15% reduction in the amount paid.
What counts as “vacant” depends on who is insured. For tenants, vacancy generally means the space does not contain enough business personal property to conduct customary operations. For building owners, vacancy usually depends on whether at least 31% of the total square footage is rented or used for normal operations.
These provisions are designed to address higher risk. Empty buildings are more vulnerable to vandalism, undetected water leaks and theft because fewer people are present to spot problems early.
Construction and renovation exemptions
ISO forms carve out an important exception: buildings under construction are not considered vacant, even if they would otherwise meet the definition of vacancy.
Construction sites usually have workers present, materials moving in and out and regular activity that reduces the risks vacancy exclusions are meant to address.
Over time, courts have extended that same reasoning to renovation work on existing buildings. A key case is TRB Investments, Inc. v. Fireman’s Fund Ins. Co., decided by the California Supreme Court in 2006. In that case, the court ruled that a policy’s exception for buildings “under construction” also applied to a building undergoing renovation.
The court reasoned that renovation activity can involve just as much — or more — daily presence as new construction. From a risk standpoint, it would not make sense to treat a building undergoing renovation as vacant while protecting one under construction.
That reasoning is now reflected directly in ISO’s commercial property forms.
The takeaway
Vacancy exclusions are one of the most misunderstood parts of commercial property insurance. ISO forms and court decisions offer meaningful protection for buildings under construction or renovation, but that protection depends on real activity taking place.
Before you start a renovation, call us for a review of your policy language to confirm how your policy defines vacancy and to discuss whether supplemental coverage makes sense. Doing so can help ensure that a temporary period of renovation does not turn into an unexpected coverage problem after a loss.
Stealth Trends Driving Workers’ Comp Premiums
While employers’ main priority for containing workers’ comp costs should be workplace safety, they also need to keep an eye out for three stealth factors that can nudge their premiums higher.
Where employees work, what they do from day to day and how production technology affects workplace behavior are all often flying below the radar for many employers, who may be hit with higher premiums after an insurer audit and worker reclassification. In addition, technology designed to increase productivity — like wearables — may actually raise the potential for workplace injuries.
These issues often surface only after a claim occurs or when the insurer conducts a premium audit. The end result can be a costly surprise when the employer receives a bill for additional premiums.
Remote work creates jurisdiction issues
Remote work arrangements are now deeply embedded across many industries. Recent workforce surveys show that a large share of employees whose jobs allow it now work remotely either full time or part time, a sharp increase from pre-pandemic years.
When an employee works from another state, injuries may fall under that state’s workers’ compensation laws. If an employer is headquartered in Louisiana but has a remote worker who is injured while performing job duties in Idaho, two jurisdictions may be involved.
If that state exposure is not disclosed on the workers’ compensation application, coverage gaps or disputes can arise.
Many employers assume remote work reduces risk because employees are no longer in warehouses, job sites or manufacturing facilities. In reality, the exposure has shifted rather than disappeared. Without clear documentation of where employees work and what they do, insurers may default toward broader coverage assumptions that result in higher-rated classifications or expanded exposures.
Job creep
Another growing issue is job creep — employees gradually taking on responsibilities outside their original job descriptions. This happens frequently during staffing shortages, growth periods, tight deadlines or in smaller operations. Office staff may help with shipping. Supervisors may step into hands-on roles. Employees often wear multiple hats to keep operations humming.
From an insurer’s perspective, what matters is the work performed, not just the job title listed on payroll. When a claim occurs, carriers examine real-world duties closely. If, for example, a supervisor is injured while helping on the line, the insurer may reclassify payroll, split classifications or apply greater scrutiny across similar roles.
This issue is especially common among small and midsize employers, where flexibility is often necessary. However, without updated job descriptions and internal documentation, that flexibility can translate into higher premiums and audit-related adjustments.
Productivity technology challenges
Employers are increasingly using time-tracking software, performance dashboards, automated scheduling systems and wearable devices to monitor productivity, track output and manage work.
While these tools can improve efficiency, they can also subtly alter behavior. Employees may work faster when metrics show they are falling behind. Breaks may be delayed or skipped. Safety steps may be rushed. Early signs of strain or discomfort may go unreported to avoid appearing less productive.
Over time, this increased intensity can raise injury risk, particularly for repetitive motion and ergonomic injuries. In addition, productivity systems may change the nature of the job itself — by increasing lifting frequency, reducing recovery time between tasks or assigning more physically demanding work than originally intended.
What employers should review before renewal
To address these stealth exposures and reduce the risk of being hit with a premium increase after an audit, employers should take a closer look at:
- Where employees are actually working, including out-of-state remote arrangements.
- Whether job descriptions reflect real, day-to-day duties.
- How often employees perform tasks outside their formal roles.
- Whether productivity tools are increasing physical or ergonomic demands.
None of these issues are dramatic on their own. But together, they can quietly drive premium increases, coverage disputes and audit surprises.
Employers who proactively address these trends are better positioned to align coverage with reality — and avoid paying for risks they never intended to assume. If you have questions or concerns about any of the above, please contact us to stave off unpleasant premium surprises.
Why Every Business Needs Hired and Non-Owned Auto Coverage
Even if you have company cars or a fleet of vans, occasions may arise that require an employee to run an errand in their personal vehicle or one of your employees needs to rent a car while on a business trip visiting a client.
In these circumstances if you don’t have the proper coverage, you could be leaving your organization exposed to liability if an employee injures a third party in an accident. There are two types of insurance that are vital in these situations: Non-owned auto coverage and hired auto insurance.
These two policies offer very different types of coverage, and it is important to understand each to ensure you find the policy that is right for your operation:
- Non-owned auto coverage — This insurance protects your company if sued as a result of an auto accident that you or one of your employees has in a personal vehicle while on company business.
- Hired auto coverage — This provides your company with liability insurance for vehicles that you rent, hire or borrow on a short-term basis for business purposes.If you or an employee are in a car accident while driving one of these vehicles for work, hired auto insurance can help pay for your liability costs.
You should consider these two coverage options if your company ever rents cars or vans for business purposes (including travel to conferences, visiting clients, etc.) or if employees use their personal vehicles to run company errands.
These important coverages are usually added to a general liability policy or a commercial auto policy as an endorsement or a rider.
When there are no vehicles titled in the company name, this additional coverage will serve to meet the contract requirement for commercial auto coverage in most states.
How the coverages work
Both hired and non-owned auto insurance are a type of liability insurance, meaning they will only cover property damage and injuries to third parties, as well as any legal fees, settlements or court judgements relating to third party claims. Hired and non-owned auto insurance helps cover:
- Physical damage to a third party’s vehicle,
- Bodily injuries and medical expenses if a third party is hurt in an accident with you or one of your staff, and
- Legal expenses if your business gets sued for negligence.
However, these polices won’t help with:
- Property damage to your business’s hired or non-owned vehicle.
- Medical bills if you or your employee get hurt in an accident while using rented or personal vehicles.
- Liability coverage, property damage or bodily injury from an accident while you or your employee drive for personal reasons that are not related to your business.
Do you need coverage?
If your business rents or borrows vehicles to do work or if your employees use their personal vehicles on business, hired and non-owned auto coverage is crucial to manage your risk.
It can help pay for any property damage that you or your employees cause while on company business in rented or personal vehicles. It also covers vehicles used for your business if they cause bodily injury to another driver in a car accident.
Large Trucks Account for a Third of Work Zone Accidents
Some of the riskiest locations for roadway collisions are work zones, as they often result in changes in traffic patterns and right of way, along with workers present and large commercial vehicles on the scene.
Work zones are designed to improve the safety of workers who are enhancing or repairing roads, freeways, bridges, sewage and other infrastructure by separating construction and maintenance activities from traffic. The crews do that by providing a safe route for motorists, pedestrians and bicyclists and a safe area for the workers on the scene.
That stew of activity and unpredictability sadly results in carnage. In 2023, 899 people died in work zones in the U.S., out of an estimated 101,000 crashes, according to the National Workzone Safety Information Clearinghouse. More than 300 of those fatalities involved large commercial vehicles.
The most common types of fatal accidents in work zones are:
- Crashes involving a commercial vehicle: 33%
- Crashes caused by speeding: 31%
- Rear-end collisions: 24%
With liability risk in mind, it’s important that you take the extra effort to cover driving in work zones during your driver safety training.
At the first sign of road construction, your drivers should slow down. Keep in mind that stopping takes space and time. Depending how fast a truck is traveling, it can take more than the length of a football field to stop, even in the best conditions (good tires and dry pavement). At 65 mph, the stop will take more than 7 seconds to complete.
Stopping distances can be even greater if:
- It is raining or snowing,
- Tires or brakes are worn,
- There is dirt or gravel on the road,
- The truck is carrying a heavy load,
- The truck is carrying a liquid load (especially when the tank is not completely full), or
- The truck is traveling downhill.
The most common types of accident
Let’s look at the most common commercial vehicle work-zone accident scenarios, and why they happen:
Rear-end collisions — These are most common in work zones on freeways, interstates and two-lane highways.
Why they happen: The driver was not aware or prepared for stopped or slowed traffic ahead of them.
Head-on collisions — These are most likely to happen in work zones on two-lane highways.
Why they happen:
- The driver crosses the centerline at night.
- The driver swerves to avoid objects and into oncoming traffic.
Right-angle collisions — These are most likely to happen in work zones on non-freeway multi-lane roads.
Why they happen: The driver pulls out of or turns left into a workspace, intersection or driveway without enough of a gap in traffic.
Sideswipe collisions — These incidents usually occur on freeways, interstates and other multi-lane roadways.
Why they happen: The driver fails to check for vehicles in their blind spots while trying to merge out of a closing lane or into an open one.
Truck collisions with objects or workers — These especially dangerous accidents usually happen in work zones on non-freeway multi-lane roads.
Why they happen: Typically, the driver is traveling too fast to negotiate the work zone.
The American Road Transportation and Builders Association has these recommendations for drivers entering or driving inside a work zone:
- Pay attention to work zone signs.
- Leave enough space between you and the motorist in front of you.
- Be prepared to stop or slow unexpectedly.
- Expect to stop when you see a “Flagger Ahead” sign.
- If stopped or slowed in a traffic queue, consider turning on your flashers to warn traffic coming up behind you.
- Watch for traffic and workers going into or out of the work zone.
- Get into the open lane as soon as possible at lane closures.
- Be especially aware of motorists racing to get ahead of you or trying to turn in front of you at the last second.
- Use alternative routes to avoid work zones whenever feasible.
Corporate Cyber Risk Outlook for 2026
Cyber risks are set to intensify in 2026 as artificial intelligence reshapes how attacks are launched and how organizations defend themselves.
Three new reports agree that cybercrime is becoming faster, more targeted and more disruptive to business operations. AI is accelerating existing threats and shortening the time between intrusion and impact. According to a report by Moody’s Ratings, this shift is pushing companies into “a new era of adaptive, fast-evolving threats” where manual defenses are no longer sufficient to protect an organization.
This is not just a large company problem. Small businesses are increasingly targeted, often because they are seen as easier to breach than larger organizations.
AI is supercharging cybercrime
AI is now widely used by cybercriminals to scale phishing, automate efforts to find website vulnerabilities and create malware that can modify its code to evade detection.
Moody’s “2026 Cyber Risk Outlook” warns that these tools allow attackers to scan networks continuously, exploit misconfigurations at machine speed and launch campaigns against thousands of targets simultaneously.
The World Economic Forum echoes this concern in its “Global Cybersecurity Outlook,” where 94% of leaders surveyed said AI will be the most significant driver of cyber risk in 2026. Nearly nine in 10 respondents reported an increase in AI-related vulnerabilities over the past year, alongside rising cyber-enabled fraud, phishing and software exploits.
AI-enabled social engineering is a particular concern. Advances in voice cloning and deepfake technology are making impersonation attacks more convincing, especially those targeting executives, finance teams and IT staff. These attacks increasingly bypass technical controls by exploiting human trust rather than technical flaws.
New risks from enterprise AI use
The growing use of AI inside organizations is also creating new exposures. Moody’s found that only 29% of surveyed organizations follow the Open Worldwide Application Security Project’s (OWASP’s) best practices guidance for large language model applications, leaving many vulnerable to data leakage, prompt injection and weak access control.
Research from Google Cloud highlights prompt injection as a rising threat in 2026. In these attacks, malicious instructions are embedded in data or user inputs, causing AI systems to bypass safeguards and expose sensitive data.
Ransomware an ongoing threat
Despite improved defenses, ransomware and data-theft extortion remain among the most damaging cyber threats. Moody’s reports that 44% of ransomware attempts in 2025 were stopped before encryption, up sharply from the year before, largely due to better detection and backup practices.
Large enterprises remain prime targets. Their complex networks create blind spots and attackers increasingly focus on extortion tactics that rely on stolen data rather than locked systems.
Google Cloud researchers note that ransomware, data theft and multifaceted extortion continue to generate cascading economic losses across supply chains, with incidents in 2025 resulting in hundreds of millions of dollars in total damage.
What employers can do
While no organization can eliminate cyber risk, the reports point to practical steps that can materially reduce exposure:
Strengthen AI governance. Limit AI system permissions, follow OWASP’s guidance for large language models like ChatGPT and monitor prompt injection attacks and data leakage.
Accelerate detection and response. Automated monitoring and containment tools are increasingly essential as criminals use AI to move quickly through networks.
Plan for data extortion. Create an extortion response plan that addresses regulatory, legal and reputational fallout even when systems remain operational.
Build resilience into infrastructure. Regularly test backups, use cloud systems in multiple locations to spread risk and conduct outage and breach simulations.
Control identity and access. Give staff, systems and applications (including AI agents) only the minimum access they need to do their jobs. Require multi-factor authentication during logins and create just-in-time access protocols so elevated permissions are granted only when needed and automatically removed once a task is complete.
Train employees continuously. Focus on phishing, vishing and executive impersonation scenarios that target human behavior rather than technology.
Secure cyber insurance
Finally, you should consider cyber liability insurance, which can help your business recover quickly from an attack by covering costs such as:
- Data recovery and system restoration after a breach or ransomware attack.
- Legal and regulatory expenses if sensitive customer or employee data is exposed.
- Notification and credit monitoring services for affected parties.
- Business interruption losses from downtime or system failure.
- Public relations and crisis management to help rebuild trust.
Note: Cyber insurance may cover ransomware payments, but coverage is often conditional, increasingly restricted and dependent on policy wording and the circumstances of the attack.
How to Avoid Being Sued for Injuries at Your Commercial Property
One of the biggest risks commercial property owners face is a visitor suffering an injury on their property.
One slip and fall can start a cascade of events, starting with a premises liability lawsuit seeking financial compensation. Your defense, as a property owner would be proving that you lived up to your duty of care to protect visitors to your property from injury.
Also, since your commercial property policy will not cover property liability, you’ll need a commercial general liability coverage as well.
Accidents happen, but if a third party is injured on your commercial property, the chances are high they’ll seek some type of compensation, either for medical costs, lost wages or both. And if they seek out legal counsel, prepare to be sued.
Prevent accidents before they happen
To reduce the chance of an accident, keep a tidy facility and fix any issues that could result in an injury. Take the following steps:
- Be proactive about inspections, repairs and maintenance.
- Have written inspection and maintenance guidelines that meet or exceed industry standards particularly as they concern safety of tenants and guests.
- Ensure your employees closely follow the guidelines and encourage them to report any issues that could result in injury.
In the discovery phase of a lawsuit, a plaintiff may ask for your maintenance and risk management procedures as well as documentation regarding whether you followed those procedures.
Your policies should be extensive and clear, but not overly intricate. Documentation is key to showing that you took reasonable steps to keep the property safe.
Your defense
Keep in mind that the duty is for you to use a reasonable amount of care. What is reasonable is determined in comparison with what an average commercial property owner would do.
There are times when accidents really do happen, and you are not automatically liable for them. You are neither expected to be perfect, nor are you expected to prevent every single mishap.
Rented property
A commercial property owner may not have a duty of care when they are not in control of their property. When the owner leases the property, the lessee may assume the duty of care to maintain the premises in reasonable condition.
A lease should clearly state that the renter is responsible for premises safety and that they indemnify the owner in any lawsuits and pay the costs to defend these lawsuits.
Insurance
Finally, make sure that you have commercial general liability insurance, which covers legal defense and potential settlements or judgments, helping protect your assets and financial stability.