Get A Quote

Blog - Tag: Measured Risk Insurance Services

EEOC Sharpens Focus on DEI, ‘Reverse Discrimination’

Federal regulators have stepped up their regulatory focus on corporate diversity, equity and inclusion initiatives and “reverse discrimination,” announcing settlements and lawsuits against notable employers such as Nike as well as smaller companies..

The new push is being conducted under President Trump’s executive order and Equal Employment Opportunity Commission guidance declaring DEI programs and reverse discrimination illegal. Since 2025, the Department of Justice and the EEOC have been targeting employers for these violations, alongside typical workplace discrimination claims involving gender, race and religion.

The new focus has added to employers’ potential liability, and the financial consequences can be significant for those sued.

The Equal Employment Opportunity Commission and the Department of Justice have made clear that DEI enforcement is now a major priority. EEOC Chair Andrea Lucas recently warned Fortune 500 companies that programs labeled as DEI could violate Title VII if employment decisions are influenced by race or sex instead of merit.

Some recent legal actions include:

  • The EEOC is attempting to enforce a subpoena against Nike as part of an investigation into whether the company’s workforce representation goals discriminated against white employees and applicants. The agency pointed to company statements about building a “representative” workforce and internal diversity targets.
  • The agency sued Coca-Cola Beverages Northeast, alleging the company violated Title VII by holding a women-only networking event that excluded male employees while paying participating women to attend.
  • The Justice Department recently settled with PayPal over a pandemic-era investment initiative focused on minority-owned businesses. Federal officials said the case reflects the administration’s broader effort to eliminate what it considers unlawful DEI programs.

 

At the same time, employers should not assume that scaling back DEI efforts eliminates legal exposure. The EEOC continues to pursue traditional discrimination claims involving harassment, retaliation and hiring bias. Recent cases include a $2 million consent decree involving alleged systemic sex discrimination and a race harassment settlement against another employer.

 

Proceed with caution

Employers that overreact by dismantling compliance programs may create new problems. Eliminating anti-harassment training, suspending pay equity reviews or abandoning workplace complaint procedures can increase the risk of discrimination claims and weaken defenses if litigation occurs.

Instead, legal experts recommend that employers carefully review workplace policies and programs to ensure hiring, promotions, compensation and development opportunities remain merit-based and job-related.

Key steps employers should consider include:

  • Reviewing employee handbooks and anti-discrimination policies.
  • Auditing hiring and promotion practices for neutral, job-related criteria.
  • Ensuring mentorship and leadership programs are open to all employees.
  • Continuing anti-harassment and anti-discrimination training.
  • Conducting pay equity reviews under attorney-client privilege.
  • Carefully evaluating DEI language used in recruiting materials and internal communications.
  • Documenting employment decisions thoroughly.
  • Avoiding demographic quotas or preferences tied to protected characteristics.

 

Another growing concern is litigation risk from individuals. Reverse discrimination lawsuits by white employees have become more common, particularly after a recent Supreme Court ruling made it easier for majority-group plaintiffs to bring discrimination claims. One widely watched case involved a former Novant Health executive who won a $4.8 million verdict after alleging he was terminated as part of a diversity push.

 

Review your coverage

With employment litigation risks rising from multiple directions, employers should also review their employment practices liability coverage.

EPLI policies can help cover legal defense costs, settlements and judgments arising from discrimination, harassment and wrongful termination claims. As enforcement activity intensifies, maintaining strong EPLI coverage may become increasingly important for businesses of all sizes.

Read the article

When Outsiders Harass Staff, Employers May Still Be on the Hook

Employers generally understand their obligations when harassment comes from supervisors or co-workers. The risk becomes less clear when the offender is a customer, vendor or outsider, but the legal exposure does not disappear.

While federal statutes like Title VII of the Civil Rights Act do not explicitly address third-party harassment, the Equal Employment Opportunity Commission and most federal courts apply a negligence-based framework. The focus is on what the employer knew and how it responded. Once an employee reports harassment, an employer’s defense weakens if it fails to act.

Courts have largely settled on a practical standard that if an employer knew or should have known about third-party harassment and failed to take prompt, appropriate action, it can be held liable for allowing a hostile work environment to persist. If the employer takes retaliatory action, it could be liable for retaliation as well.

 

Who counts as a third party?

In many industries, employees regularly interact with people outside the organization. Any of the following can become sources of harassment:

  • Customers or clients
  • Vendors or suppliers
  • Independent contractors or consultants
  • Temp workers or staffing agency personnel
  • Building staff, such as security or maintenance crews

 

Employees in service-heavy sectors, like health care, hospitality, retail or field operations, are at the greatest risk of outside harassment.

 

What third-party harassment looks like

Third-party harassment is akin to harassment by a supervisor or coworker and must typically be tied to a protected characteristic such as race, sex, age, disability or religion to constitute a legal liability. Common examples include:

  • Derogatory jokes, slurs or offensive comments
  • Pressure for dates or sexual favors
  • Verbal abuse, ridicule or name-calling
  • Threats, intimidation or aggressive behavior
  • Display of offensive images or materials
  • Physical harassment or unwanted contact

 

In some cases, the harassment is tied to business leverage. For example, a client may imply that it will not sign a contract unless an employee tolerates inappropriate behavior.

 

Why employer response is critical

The key legal trigger is notice. If harassment is obvious or reported and the employer does nothing or takes weak, ineffective action, it may be viewed as tolerating the conduct.

Courts and regulators expect employers to take “reasonably calculated” steps to stop the harassment. That does not mean every incident creates liability, but inaction often does.

Employers also face risk if they appear to prioritize business relationships over employee safety, such as by excusing misconduct from a high-revenue client.

 

Steps employers should take

The following steps can reduce liability and protect workers:

  • Extend anti-harassment policies to explicitly cover third parties.
  • Train managers to recognize and escalate third-party misconduct.
  • Provide employees with clear means of reporting harassment.
  • Encourage prompt reporting without fear of retaliation.
  • Investigate all complaints quickly and document findings.
  • Include anti-harassment provisions in vendor and client contracts.

 

What to do when a complaint is made

When an employee reports third-party harassment, employers should act immediately:

  • Acknowledge the complaint and ensure the employee feels safe.
  • Conduct a prompt, impartial investigation.
  • Limit or end employee contact with the offending individual.
  • Reassign accounts or adjust job duties where appropriate.
  • Follow up to confirm that the behavior has stopped.
  • Document every step taken.

 

Depending on severity, appropriate action may range from asking a customer to stop to terminating a business relationship or involving security or law enforcement.

 

The bottom line

Employers cannot control every outsider’s behavior, but they are expected to control how their organization responds. Ignoring the problem is often what creates liability.

Organizations should consider purchasing employment practices liability insurance, which may cover legal fees, settlement and judgment costs in harassment cases. Give us a call to learn more about this important insurance.

Read the article

Insurers Start Excluding AI Risk in Commercial General Liability Policies, More

Some insurers have begun introducing exclusions for artificial intelligence-related claims from standard business insurance policies, creating potential coverage gaps for businesses that rely on AI tools for marketing, customer service, product development or daily operations.

The changes come after the Insurance Services Office, the industry’s clearinghouse for policy language, introduced three new artificial intelligence exclusions for commercial general liability policies that insurers are beginning to add to coverage forms.

Roughly 86% of all U.S. property/casualty insurance policies contain some form of ISO language, meaning these exclusions could soon become widespread and leave coverage gaps for many employers when their CGL policies come up for renewal. Insurers are also starting to add similar language to other policies with a liability component.

 

New coverage gap

The three new ISO endorsements include:

  • CG 40 47 — The broadest form, excluding coverage for bodily injury, property damage or personal/advertising injury arising out of generative AI.
  • CG 40 48 — A narrower endorsement excluding only personal and advertising injury claims tied to AI.
  • CG 35 08 — An exclusion applying to products and completed operations liability coverage.

 

These endorsements could affect how coverage applies to certain AI-related claims, depending on policy language and endorsements.

One of the largest concerns involves Coverage B of the CGL policy, which traditionally covers claims such as defamation, invasion of privacy, misappropriation of advertising ideas or certain intellectual property-adjacent disputes. Under the new exclusions, those claims may no longer be covered if they arise from AI-generated text, images, audio, video or code.

Even businesses using third-party AI tools, rather than developing their own systems, may still trigger the exclusions. In some cases, incidental use of AI may be enough.

The businesses likely to feel the greatest impact are those integrating generative AI deeply into operations, including:

  • Marketing and advertising firms using AI-generated campaigns,
  • Technology companies embedding AI into products or software,
  • Manufacturers relying on AI-assisted product design,
  • Professional service firms using AI to draft documents or communications,
  • Retailers deploying AI chatbots or recommendation engines,
  • Nonprofits using AI for outreach or donor engagement, and
  • Employers using AI tools in hiring or HR decisions.

 

Insurers are not stopping with general liability coverage. AI exclusions are also beginning to appear in:

  • Directors and officers liability,
  • Employment practices liability,
  • Fiduciary liability,
  • Cyber, and
  • Errors and omissions policies.

 

Some insurers have already received regulatory approval for AI exclusions in Florida, Connecticut and Maryland. Others, including W.R. Berkley, have adopted broader exclusions that eliminate coverage for claims arising out of the use, deployment or development of AI across multiple lines of coverage.

 

What you can do

Businesses should expect insurers to ask more detailed questions about AI usage during renewals and underwriting. Companies that fail to evaluate potential coverage gaps could find themselves uninsured for lawsuits, regulatory investigations or shareholder claims tied to AI-generated content or decision-making.

Organizations should consider taking the following steps:

  • Identify where AI is being used throughout the organization.
  • Strengthen internal AI governance and oversight procedures.
  • Require human review of AI-generated content and decisions.
  • Train employees on acceptable AI use.
  • Evaluate contracts with AI vendors and third-party providers.
  • Discuss AI exposures and coverage gaps with us before renewal.
  • Explore specialized protection options.

 

Some organizations may ultimately need dedicated technology errors and omissions coverage, cyber liability insurance or emerging standalone AI insurance products designed to address AI-related risks. Call us with questions.

Read the article

New 5% Retention Cap for California Contractors

California construction firms must now account for a major shift in how retention payments are handled on private projects. Senate Bill 61, which took effect Jan. 1, 2026, capped retention at 5% on most private commercial construction projects in the state, halving what had long been the standard 10% withholding.

Retention is money withheld from progress payments until a project is substantially complete. Owners have traditionally used retention as leverage to ensure contractors finish the job, address punch-list items and correct deficiencies. In turn, general contractors often withhold the same percentage from subcontractors.

Before SB 61, a 10% retention was common across California private construction projects. Contractors and subcontractors often had to finance payroll, materials and overhead costs while waiting months to receive the final portion of their earned revenue.

Supporters of SB 61 argued that the old system placed too much financial strain on contractors and subcontractors, particularly smaller firms operating on tight margins. By reducing retention to 5%, the law is intended to improve cash flow throughout the construction chain while still giving owners financial protection.

The law applies to private nonresidential construction projects and mixed-use residential developments taller than four stories for contracts executed on or after Jan. 1, 2026. Residential projects and smaller mixed-use developments are generally exempt.

The new rules are straightforward:

  • Owners cannot withhold over 5% when making progress payments to contractors.
  • Contractors cannot withhold more than 5% from subcontractors.
  • Total retention on the project cannot exceed 5% of the contract price.
  • If the prime contract specifies retention below 5%, subcontract retention must match that lower percentage.

 

Courts are required to award attorney’s fees to the prevailing party in compliance disputes, and the statute cannot be waived through contract language.

For contractors, the biggest challenge may be managing the transition. Projects signed in 2025 may still operate under 10% retention terms, while subcontracts issued in 2026 may be limited to 5%. That can create temporary cash-flow gaps for general contractors caught between old and new rules.

 

What you can do

  • Review and revise contract templates to account for the new requirements.
  • Ensure subcontract retention mirrors primary contract requirements.
  • Update accounting and billing procedures to track projects under different retention structures (if you still have projects signed in 2025).
  • Communicate expectations clearly with subcontractors and suppliers.
  • Reassess bonding requirements and risk-management practices.

 

Many industry observers expect the transition will become routine over time. States that previously adopted similar retention caps saw little disruption after implementation.

Read the article

Workplace Violence Prevention Training Deadline Approaching Quickly

California employers are fast approaching another important compliance deadline under the state’s workplace violence prevention law.

By July 1, employers with 10 or more employees must provide annual workplace violence prevention training to staff and review their workplace violence prevention plan. The requirement stems from Senate Bill 553, codified in California Labor Code Section 6401.9, which took effect July 1, 2024.

This year marks the second annual compliance deadline under the law. In addition to yearly retraining, employers must also provide workplace violence prevention training to all new hires when they begin employment.

Cal/OSHA has been actively enforcing the law during workplace safety inspections, making it important for employers to ensure their plans, training and record-keeping procedures are current. Violations can result in penalties ranging from $18,000 to $25,000 per violation.

The law requires covered employers to maintain a written workplace violence prevention plan that addresses how the company will identify, evaluate and respond to workplace violence hazards.

At a minimum, employers should annually review whether:

  • The individual responsible for administering the plan is still correctly identified,
  • Reporting procedures remain clear,
  • Emergency response procedures are up to date,
  • Workplace violence hazards have changed,
  • Incident investigation procedures are functioning properly, and
  • Employees understand how to report concerns without fear of retaliation.

Employers should also review violent incident logs and prior investigations to determine whether any patterns or deficiencies need to be addressed.

Training requirements
The law requires employers to provide effective training both upon hire and annually thereafter. Training materials must be easy for employees to understand and should address hazards specific to the workplace and employees’ job duties.

Required training topics include:

  • The employer’s workplace violence prevention plan,
  • How employees can participate in the plan,
  • Definitions and requirements under Labor Code Section 6401.9,
  • How to report workplace violence incidents or threats,
  • Protections against retaliation for reporting concerns,
  • Job-specific workplace violence hazards and preventive measures,
  • Emergency response procedures, and
  • The purpose of the violent incident log and how employees can access related records.

Employers must also provide employees with an opportunity to ask questions and receive additional information during the training.

Record-keeping obligations

The law also includes extensive record-retention requirements. Employers must maintain:

  • Hazard identification and correction records for at least five years,
  • Violent incident logs for at least five years,
  • Incident investigation records for at least five years, and
  • Training records for at least one year.

Recent changes under SB 513 also expanded workplace training record requirements. Employers should ensure training records include the employee’s name, the trainer’s name, the competencies covered and any certifications issued.

Breakdown of penalties

Serious violations: Fines can reach up to $25,000 per violation. This applies if an employer lacks the mandated Workplace Violence Prevention Plan (WVPP) or fails to properly train staff.

Willful or repeated violations: Fines scale up to a maximum of $158,727. This is triggered when an employer knowingly ignores the law or has a history of continuous non-compliance.

Failure to keep records: Improperly maintaining the required “violent incident log” or ignoring incident reporting procedures can also lead to significant civil citations.

A final word

With the July 1 deadline approaching, employers that have not already scheduled their annual review and retraining should do so soon to avoid compliance issues and potential penalties.

Read the article

Report, Investigate Near Misses to Improve Safety

One of the most important workplace safety tools you can implement is reporting near misses and correcting the factors that lead to them.

A near miss is an event that could have led to a workplace injury, illness or death. While you are not required to report near misses to your insurer, you should take note of them because they can help identify deficiencies in your safety protocols.

You should use near misses as a starting point for inspections that can help prevent actual workplace injuries. But you can’t investigate what you don’t know, so it’s crucial that your staff report such events.

 

What is and isn’t a near miss

An OSHA fact sheet defines a near miss — or close call — as an incident in which no property was damaged and no workers were injured, but given a slight shift in time or position, damage or injury could have occurred.

Resist the urge to chalk a near miss up to luck. The fact sheet stresses that although near misses cause no immediate harm, they may precede events in which a loss or injury could occur.

Typically, near misses are the result of a faulty process or management system. Your goal should be to investigate where the breakdown occurred and how it can be improved.

 

A near-miss program

Near-miss reporting is vitally important to preventing serious, fatal and catastrophic incidents that are less frequent but far more harmful than other incidents.

The National Safety Council recommends that the following be included in your safety program:

  • Clearly define “near miss.
  • Establish a reporting system that reinforces that every opportunity to identify and control hazards must be acted on.
  • Investigate to identify system weaknesses or employee actions that led to the near miss.
  • Use investigation results to address the failure that led to the near miss and to improve safety systems.
  • Use the lessons learned and new protocols in employee safety training.

 

Reporting system

Encourage your workers to report such incidents because they may occur out of sight of a supervisor or manager.

Provide clear instructions for all personnel on how to report near misses, including who to report to. Create forms that detail what happened and why it constituted a near miss.

Do not retaliate against any employee for raising a near miss or other safety concerns. Instead of trying to assign blame when investigating a near miss, focus on what precipitated it.

 

Case studies

A chemical manufacturer tracks lower-level claims and near misses to identify areas where more significant injuries are likely to occur. The company encourages employees to resolve issues on a temporary basis until permanent controls can be implemented.

Another manufacturer uses near-miss analysis to head off future incidents. It uses an event system that records near misses, including detailed information on what led to them and the lessons learned. These lessons are shared throughout the organization.

Read the article

Hand and Power Tool Safety Can Avoid Amputations, Worse

While tools used in construction, agriculture, manufacturing and other industries make workers’ lives easier, they can also pose a danger of injury or death if used incorrectly or if they malfunction, to the worker using the tool, co-workers and the public.

Injured workers may suffer pain, recovery challenges and the possibility that they may be unable to return to work, while your company could face OSHA fines and higher workers’ compensation premiums. If a third party is injured, buckle up for the inevitable lawsuit, which can explode into a multi-million settlement or judgment.

To reduce the chances of these scenarios, employers must train workers to recognize hazards associated with the tools they use and follow procedures necessary to prevent injuries.

 

Hand tools

Hand tools include anything from axes to wrenches, and the greatest hazards they pose result from misuse and improper maintenance.

The employer is responsible for the safe condition of tools and equipment used by employees, while workers are responsible for properly using and maintaining their tools. Employees should be trained to report any issues to management so tools can be removed from service or repaired.

 

Power tools

Power tools pose significant risks to workers, including cuts, amputations, eye injuries, electric shock and hearing damage, particularly when used improperly or without safeguards. Many incidents stem from inadequate training, lack of maintenance or the removal of safety guards, which can turn routine tasks into serious hazards.

 

Guards

Hazardous moving parts of power tools must be safeguarded. For example, if exposed to contact by employees, belts, gears, shafts, pulleys, sprockets, spindles, drums, flywheels, chains and other reciprocating, rotating or moving parts of equipment must be guarded.

Ensure that all tools with moving parts have guards to prevent workers from contacting them. Employees who use equipment that requires guarding must also avoid wearing loose clothing or jewelry to avoid deadly entanglement.

 

Electric tools

Employees using electric tools must be aware of several dangers; the most serious is the possibility of electrocution. Among the chief hazards of electric-powered tools are burns and slight shocks, which can lead to injuries or even hearing loss.

Even a small amount of current can result in death. Electric shock can also cause the user to fall from a ladder or elevated surface, elevating the risk substantially.

 

Powered abrasive wheel tools

Powered abrasive grinding, cutting, polishing and wire buffing wheels create safety problems because they may produce flying fragments.

Workers can protect themselves with proper attire that resists impact from sharp fragments and shielding that protects the hands, neck and face.

 

Pneumatic tools

Pneumatic tools are powered by compressed air. Examples include chippers, drills, hammers and sanders, all of which pose several dangers. The main one is the danger of being struck by a tool attachment or a fastener used with the tool.

Powder-actuated pneumatic tools operate like a loaded gun and should be treated with the same precautions. They are so dangerous that they must be operated by specially trained employees.

 

Hydraulic power tools

The fluid in hydraulic power tools must be an approved fire-resistant fluid and must retain its operating characteristics at extreme temperatures. Never exceed the recommended operating pressure.

Employees and employers must work together to establish safe working procedures. If there is a hazardous situation, it should be brought to the attention of the appropriate individual immediately.

 

A final word

Employers can reduce risks by implementing formal training programs, enforcing the use of personal protective equipment and ensuring that tools are regularly inspected and maintained.

Importantly, workers should inform supervisors if a tool is not working properly, is lagging or has loose parts. Malfunctioning tools must be removed from service and either repaired or replaced.

Read the article

NLRB Reinstates 2020 Rule on Joint-Employer Liability

The National Labor Relations Board has formally reinstated its 2020 rule governing when a company is deemed a joint employer under labor law, loosening standards put in place during the Biden administration.

This pro-business shift will make it harder for workers to hold parent companies, franchisors or hiring entities liable for labor violations by contractors, subcontractors or franchisees.

Because a federal court had vacated a 2024 Biden-era rule, a public comment period was unnecessary, and the rule took effect Feb. 27, 2026.

A finding of joint employment can have significant consequences for companies under the National Labor Relations Act. Under established case law, each company found to be a joint employer by the NLRA may be held liable for the unfair labor practices of its co-employers.

Under the reinstated standard, merely holding a contractual right to control another entity’s workers or exercising indirect control such as setting safety standards is not enough to create a joint-employer relationship.

Types of cases affected:

  • Franchise disputes: Cases where employees of a franchisee (e.g., a fast-food restaurant) seek to hold the franchisor responsible for unfair labor practices, wage disputes or bargaining.
  • Staffing agency arrangements: Situations where workers hired through a staffing agency claim that the company they are assigned to is also their employer, particularly in disputes regarding discrimination or union organizing.
  • Subcontractor relationships: Cases involving construction or logistics firms where a general contractor or larger client is accused of interfering with the labor rights of a subcontractor’s employees.
  • Unfair labor practices: Cases where unions charge a parent company or hiring entity with violating rights will now be harder to prove unless the parent company or hiring entity directly controls hiring, firing or wages.
  • Collective bargaining: Cases determining whether a large corporation must sit at the bargaining table with workers employed by a vendor or contractor.

 

The reinstated rule explained

Under the reinstated rule, a business must possess and exercise “substantial direct and immediate control” over at least one essential term and condition of employment of another employer’s staff to be a joint employer.

The rule defines substantial direct control as actions that have “a regular or continuous consequential effect” on several core aspects of a worker’s job. This includes the employer’s ability to:

  1. Hire or fire a worker,
  2. Supervise and control an employee’s work schedule or conditions of employment to a significant degree,
  3. Determine a worker’s rate and method of payment, and
  4. Maintain the employee’s employment records.

 

An employer does not have to meet all four factors to be considered a joint employer. Also, even when an employer exercises direct control over another employer’s workers, it will not be considered a joint employer if the control is exercised on a sporadic, isolated or de minimis basis.

 

The takeaway

This new rule will provide employers with clarity and certainty in instances where they may be considered joint employers, either when working with contractors or as franchisees.

However, employers still face some risk and should ensure that managers stay within the confines of the rules when establishing project goals and directing the work of third-party providers such as subcontractors and staffing agencies through direct supervision or task assignment. When dealing with these workers, managers should focus on what needs to be done rather than how the vendor’s employees perform it.

For franchisees, it will now be more difficult to pull franchisors into labor disputes and collective bargaining, which may prompt unions to focus on site-specific organizing.

Read the article

How to Avoid Employee Retaliation Claims

Retaliation is the most common employment-related claim filed with the U.S. Equal Employment Opportunity Commission and often accompanies discrimination or harassment complaints.

For employers, these claims can be more difficult to defend than the underlying allegation because courts interpret retaliation broadly and juries closely scrutinize timing and intent. As a result, these cases can be costly to defend even if the complaint is found to be meritless.

At its core, retaliation occurs when an employer takes an adverse employment action against a worker because that individual engaged in protected activity. That action may include termination, demotion, suspension, denial of promotion, reduced hours or reassignment to a less desirable shift.

It can also involve more subtle conduct such as heightened scrutiny, exclusion from meetings or workplace ostracism if it would dissuade a reasonable person from raising concerns.

 

What qualifies as protected activity

Federal and state laws protect employees who speak up about workplace issues. These protections apply even if the underlying complaint ultimately proves unsubstantiated as long as it was made in good faith.

Retaliation protections appear in numerous federal statutes, each with its own procedures and remedies, including:

  • Title VII of the Civil Rights Act of 1964,
  • The Americans with Disabilities Act,
  • The Age Discrimination in Employment Act, and
  • Whistleblower provisions enforced by OSHA.

 

Examples of protected activity include:

  • Filing or threatening to file a discrimination charge.
  • Reporting harassment to a supervisor or human resources.
  • Participating in an internal investigation or testifying in a proceeding.
  • Requesting a reasonable accommodation for a disability or religious practice.
  • Taking protected leave under the Family and Medical Leave Act.
  • Reporting a workplace injury or filing a workers’ compensation claim.
  • Raising workplace safety concerns under the Occupational Safety and Health Act.
  • Blowing the whistle on fraud or regulatory violations.

 

Why retaliation claims are so common

Employment attorneys often add retaliation to discrimination lawsuits because the standard for proving it can be less demanding.

Courts may view close timing between a complaint and an adverse action as evidence of a retaliatory motive. Inconsistent explanations for discipline, weak documentation or emotional language in personnel files can also undermine an employer’s defense.

These cases are costly. Even if an employer ultimately prevails, defense costs can reach tens or even hundreds of thousands of dollars. If the employee wins, damages may include back pay, front pay, reinstatement, compensatory and punitive damages and attorneys’ fees.

Beyond legal costs, retaliation claims can damage morale, increase turnover and attract regulatory scrutiny.

 

How employers can reduce their risk

Business owners and HR leaders can take proactive steps to prevent retaliation and strengthen their defense if a claim arises:

  • Publish and regularly communicate a clear anti-retaliation policy.
  • Train managers and supervisors on what constitutes protected activity and prohibited conduct.
  • Promptly investigate all complaints and document the process thoroughly.
  • Keep knowledge of complaints on a need-to-know basis.
  • Separate the complainant and accused in a neutral, nonpunitive manner.
  • Conduct follow-up check-ins after investigations close.
  • Ensure discipline is consistent with past practice and supported by objective metrics.
  • Review the timing of employment decisions if they occur after a worker raises issues.
  • Require multiple levels of review before disciplining someone who has recently complained for unrelated reasons.
  • Use timely documentation that is factual and free of speculation or sarcasm.
  • Implement a litigation hold if a charge is filed and preserve relevant records.

 

Under OSHA’s whistleblower provisions, for example, employers must provide a safe reporting channel for safety concerns and ensure workers can report hazards without fear of reprisal. Employers that encourage reporting and respond constructively can reduce legal exposure.

 

The insurance backstop

Even the most diligent employer can face a retaliation allegation. Employment Practices Liability Insurance or EPLI can help cover the costs of defending against claims of retaliation, discrimination, harassment and other employment-related actions.

Policies typically cover legal defense expenses, settlements and judgments, subject to their terms and exclusions.

Additionally, clear policies, consistent enforcement and strong documentation practices are essential. Pairing these efforts with appropriate insurance coverage can help protect both the organization and its bottom line.

Read the article

Cyber Criminals Use Data to Fine-Tune Extortion Demands

Cyber criminals are increasingly stealing companies’ data to bolster their ransomware extortion demands, according to a new report by cyber insurer Resilience.

As part of these tactics, hackers are infiltrating company databases before launching attacks to better understand their defenses and the value of their data and maximize ransom demands. They are also searching for companies’ cyber insurance policies to tailor demands to coverage and maximize payouts.

The results emphasize the importance of employers adapting their defenses to evolving cyberattacks that, if large enough, can cripple an organization’s ability to recover.

 

A more calculated form of extortion

This shift toward a focus on data has been rapid. Data theft-only attacks rose from 49% of extortion claims in the first half of 2025 to 65% in the second half, according to the “Resilience 2025 Cyber Risk Report.”

Criminals now infiltrate networks, quietly move through databases and assess which data has the highest regulatory, legal or competitive value — then structure ransom demands accordingly.

In some cases, threat groups have gone further by searching stolen files for cyber insurance policies. Groups such as Interlock reviewed policy details to calibrate ransom demands within coverage limits and increase the odds of payment.

Extortion has also become layered. Attackers may:

  • Demand payment to decrypt systems
  • Demand additional payment to suppress stolen data
  • Threaten customers or business partners directly

 

Even when organizations pay for data suppression, there is no guarantee the data will not be sold or leaked later. According to the Resilience report, this dynamic contributes to rising litigation and long-tail losses.

 

Points of failure: Where attackers are getting in

The report emphasizes that hackers are primarily focused on gaining access by stealing or abusing employees’ login credentials.

According to the Resilience report, key points of failure include:

Phishing: The resurgence of phishing in 2025 suggests AI is making campaigns more believable and scalable. AI-generated phishing campaigns are achieving success rates as high as 54% compared with 12% for traditional methods.

New tools allow attackers to craft highly personalized messages, impersonate executives and bypass language barriers. Deepfake audio and video are expected to raise the risk of executive impersonation and fraudulent wire transfers next year.

Vendor compromise: When critical vendors are breached, losses can cascade across entire industries. Vendor-related incidents carried an average severity of $1.36 million.

These events generally fall into three categories:

  • Vendor ransomware that spreads business interruption to clients
  • Vendor data breaches that expose customer information
  • Non-malicious vendor outages that disrupt operations

 

Even when internal controls are strong, companies remain exposed to failures across their supply chain.

 

Credential theft via infostealers: More than 2 billion credentials were harvested in 2025, often serving as an early warning sign of a larger ransomware attack.

 

How firms can protect themselves

As threats evolve and cyber attackers use new tactics, employers will need to react accordingly.  Organizations may consider:

  • Investing in data loss prevention and zero-trust software.
  • Deploying multifactor authentication and e-mail authentication protocols.
  • Monitoring for stolen credentials on the dark web and rotating session tokens immediately when compromise is detected. This will often require contracting with vendors that specialize in this area.
  • Developing vendor incident contingency plans that address supply chain failures.
  • Conducting tabletop exercises to rehearse coordinated legal, technical and communications responses.
  • Reviewing cyber insurance policy limits to ensure coverage reflects current severity levels rather than historical averages.

 

If you have concerns about potential cyber risks, give us a call.

Read the article