Blog - Tag: Measured Risk Insurance
Lenders Crack Down on Insurance Requirements
Lenders are tightening commercial insurance requirements for borrowers to ensure that they are adequately covered as property, liability and business interruption claims costs rise across the board.
With lenders tightening their standards, commercial property buyers should start their insurance planning well before closing or refinancing discussions. Lenders want to know that the property is protected, not only for the sake of your investment but also to safeguard the money they are putting into the loan.
Besides demanding adequate coverage limits, insurers are strictly enforcing A-rated insurer requirements and requiring updated appraisals to avoid underinsurance.
These developments require greater coordination between the lender, your insurance broker and legal counsel.
Essential insurance for loans
When seeking a business loan, lenders may require borrowers to prove they have several types of insurance. Here’s how lenders are scrutinizing three of the most commonly required policies:
Property — Lenders are concerned that property values may be understated in light of rampant rebuilding cost inflation. If a major loss occurs, inadequate coverage could create a funding gap that the policyholder would have to cover out of pocket. If that amount is large enough, it could hurt the borrower’s ability to make loan payments.
As a result, lenders want to see property policy limits that can cover the cost to rebuild rather than just the loan balance.
Business interruption — Lenders prioritize business interruption coverage because it directly impacts a borrower’s ability to make loan payments if disaster strikes. If a business is unable to operate due to a fire or supply chain disruption, it could severely affect its cash flow and imperil its ability to make loan payments.
Business interruption may be included in the language of a commercial property policy, but it’s important to ensure it is also suitable for lending purposes.
General liability — Lenders also want their borrowers to have a general liability policy in place that has adequate policy limits. They may require that the borrower carries additional umbrella insurance to cover the cost of large claims.
Liability insurance rates have been rising rapidly due to an explosion in large settlements, often in the tens of millions of dollars. Lenders are insisting that businesses taking out loans have policy limits that will ensure they can stay viable after a large verdict.
Other considerations
As claims costs have risen, lenders are increasingly reviewing endorsements, limits and policy language more carefully to ensure compliance with loan agreements and confirm that insurance can cover most eventualities.
Lenders often request particular wording and endorsements that ensure their rights are protected. These may be found in certificates of insurance or within the policy, including:
Mortgagee clause and lender loss payable wording — This clause ensures the lender is paid if a covered loss occurs. It prioritizes the lender’s interest in the event of a claim.
Proof of insurance showing correct limits and dates — The lender may request a certificate of insurance that lists policy limits, effective dates and contact information for the insurer. Any mistake can delay closing.
Replacement cost valuation — Lenders want the property insured at full replacement cost. This means the policy should reflect what it would take to rebuild the structure today, not what was originally paid for it.
Acceptable deductible levels — Some lenders limit how high the deductible can be. If the deductible is too high, they may require changes before approving the loan.
Some issues can delay closings on properties or cause problems after the loan is made, such as:
- Missing additional insured endorsements,
- Insufficient umbrella limits, or
- Inconsistent named insured listings.
Finally, if you are applying for a loan, reach out to us early as the market has changed drastically, particularly in high-risk areas.
Workers Eating Lunch at Desks Can Lead to Wage and Hour Lawsuits
With wage and hour litigation increasing in California, employers need to be especially careful of employees who eat lunch at their desks and work while eating.
While it’s not an issue for exempt employees, it is for hourly workers, who should be required to take their regular rest and lunch breaks without working while they are off the clock, a human resources specialist warns in a recent blog.
A recent study found that three in five workers report eating lunch at their desks at least sometimes. Even if they are just answering e-mails, that’s enough to result in a large fine for the employer.
Under California law, employers are required to provide meal and rest breaks to their employees. Additionally, the state Supreme Court ruled in 2021 that employers are not allowed to round up time-clock punches for employee meal periods and that workers must receive their full break allowance.
During their meal breaks, it’s important that workers abstain from working at all. That includes answering calls or checking e-mail.
The law
Employers are required to provide a half hour for a meal break to all non-exempt employees who work more than five hours in a day, unless the shift will finish in six hours or less and both the worker and employer agree to skip the meal break.
Meal periods can be taken during work and counted as time worked only if the nature of work prevents relief from all duties and if both the employer and worker agree to working through lunch in writing. Employees have the right to revoke that agreement at any time.
If an employee works more than 10 hours in a day, they are entitled to a second meal break of at least 30 minutes. That’s unless the total hours worked is no more than 12 hours, and both parties agree to waive the second meal break.
In addition to meal breaks, state law requires employers to provide a paid 10-minute rest period for every four hours worked. No break is required if the employee works three and a half hours or less.
Who’s exempt?
Some workers are exempt from these laws, in particular certain executive, administrative and professional employees. In order to be exempt:
- Their primary duties must be executive, administrative or professional, and they should devote more than half of their time to these duties.
- They must regularly and customarily exercise discretion and independent judgment at work; and
- They must earn a salary equivalent to at least twice the state minimum wage for full-time (40 hours/week) work.
What you can do
It’s imperative that you put policies in place to avoid being sued for infringing on your workers’ meal breaks. And your employees should understand they are not to work during their breaks.
You may want to consider:
- Requiring supervisors and managers not to contact workers while they are on their meal breaks. That includes calls, text messages or e-mails.
- Instituting a policy that bars employees from working during their meal breaks or anytime they are not on the clock.
- Encouraging staff to take breaks by normalizing the habit of briefly stepping away from work. Managers can lead by example by taking lunch breaks with their workers.
- Having a designated space like a break room for your staff to take their lunches. Ideally, it should be equipped with one or more tables, a refrigerator, microwave, plates, cups, glasses, sink and dishwasher.
- Recording these breaks so that you can prove your employees actually took them. This is essential in case you are sued. Provide a mechanism for your staff to record their meal periods, and require them to use it.
Cal/OSHA Urges Employers to Protect Outdoor Workers Against Heat Illness
As we get closer to another scorching California summer, Cal/OSHA is reminding employers with outdoor workers to take precautions to protect them against the heat.
California employers need to be especially mindful as Cal/OSHA has workplace safety regulations governing the prevention of heat illness and the agency actively enforces its heat illness prevention standard.
Employers should also comply for the safety and well-being of their workers, as heat illness can be deadly.
Cal/OSHA is urging employers to take the following steps to prevent heat-related illness among their employees who work outdoors:
Plan — Develop and implement an effective written heat illness prevention plan (HIPP) that is specific and customized to your specific operations.
The plan must include the following heat illness prevention and response procedures:
Training — Train all employees and supervisors on heat illness prevention. Nobody should be working outside in heat if they have not been trained in heat illness prevention and emergency procedures.
Water — Provide drinking water that is fresh, pure, suitably cool and free of charge so each worker can drink at least 1 quart per hour, and encourage workers to do so. Water should be located as close as practicable to where employees are working.
Access to shade — When temperatures reach 80 degrees, you must have and maintain one or more areas of shade at all times, when employees are present. Locate the shade as close as practical to the area where employees are working and provide enough to accommodate the number of employees on meal, recovery or rest periods at any time
Even if temperatures are less than 80 degrees, you must permit access to shade for workers to rest.
The importance of rest — Encourage workers to take a cool-down rest in the shade for at least five minutes when they feel the need to do so to protect themselves from overheating. Workers should not wait until they feel sick to cool down.
If an employee starts feeling unwell, they must be monitored for symptoms of heat illness and emergency procedures should be initiated if they don’t improve.
High-heat procedures — During heatwaves (when the mercury reaches 95 degrees), employers must institute high-heat procedures that include monitoring of employees, regular communication, more frequent reminders to drink water and rest, and additional cool-down rest periods.
Emergency response procedures should be site-specific and include who/how to call emergency services and steps to respond to signs and symptoms of heat illness.
Observe all employees and any newly assigned to a high-heat area. You should consider giving employees who have not been working in high temperatures time to adapt to the new conditions. You can do this by initially providing them with lighter work, frequent breaks or shorter hours.
Get the plan right
Your heat illness prevention plan must be in writing and include all of the above. The HIPP must be written both in English and in the language understood by the majority of employees. It must also be available to employees at the work site.
Additional information about heat illness prevention, including details on upcoming training sessions throughout the state, are posted on Cal/OSHA’s Heat Illness Prevention page.
The agency also has extensive multilingual materials for employers, workers and trainers on its “Water. Rest. Shade.” public awareness campaign website.
Bureau Recommends Workers’ Comp Benchmark Rate Hike
California’s workers’ compensation rate-making agency has recommended that average benchmark “pure premium” rates increase by 10.4% for policies incepting on or after Sept. 1, 2026.
The Workers’ Compensation Insurance Rating Bureau cited an increase in cumulative trauma claims as well as rising medical and administrative costs. The filing, if approved by the California Department of Insurance, would be the second consecutive year that the benchmark rate insurers use to price their policies has increased. Last year the DOI approved an 8.1% hike after WCIRB had recommended an 11.2% increase.
The pure premium rate increase has not resulted in employers with few or no workers’ compensation claims paying higher premiums since insurers only use the pure premium rate as a guidepost when pricing their policies. The pure premium rate remains at historical lows and the market is quite competitive.
The 10.4% recommended increase is an average across all the state’s workers’ compensation class codes, and each class will see a different change.
Here’s a look at the cost drivers:
Cumulative trauma claims
WCIRB estimates that 26.4% of all workers’ comp claims filed in the state in 2025 are for cumulative trauma injuries, compared to 15% in 2021. CT claims are not for sudden injuries, but rather those that develop over time through repetitive motions, such as:
- Carpal tunnel syndrome — Often claimed by office workers, data entry personnel and assembly line workers due to repetitive hand and wrist movements.
- Chronic back and neck injuries — Caused by years of lifting, bending, twisting or maintaining poor posture.
- Tendonitis and tendon disorders — Inflammation from repetitive shoulder or arm movements, common in construction, warehouse and food service jobs.
- Shoulder injuries — Rotator cuff tears or bursitis from repetitive overhead lifting.
- Knee problems — Develops from repetitive kneeling, squatting or climbing stairs, frequently seen in plumbers or floor layers.
About three out of every five CT claims are filed after an employee is terminated, according to WCIRB. There is a cottage industry of lawyers who find recently laid-off workers and convince them to file these claims. Adding to the cost: nearly all CT claims are litigated, in most cases from the first notice.
Medical costs
One anomaly in CT claims is that they usually have few medical costs in the first year, which masks the growing issue of rising medical costs for workers’ comp claims. According to WCIRB, average medical costs per claim increased 1.7% between 2021 and 2023, but excluding CT claims, that number rises to 3%.
Associated medical-legal costs are up 14% per claim in 2025, while medical equipment and other medical services costs jumped 7% in the same period.
Claims adjusting costs
The high litigation rates for CT claims are seeping into the cost of adjusting claims, according to WCIRB. It projects that insurers’ loss adjustment expense ratio (the cost of adjusting claims) will increase to 37.7% of claims costs, up from 35.7% in the Sept. 1, 2025, filing.
The total cost of claims adjusting increased from $12,636 per claim in 2024 to $14,235 in 2025 and is expected to rise 5.5% annually between 2026 and 2028 to $16,184.
The takeaway
The Rating Bureau has sent the rate recommendation to the Department of Insurance, which will hold a public hearing in the coming months, after which the insurance commissioner, with input from the public and department actuaries, will either accept the recommendation or order a different rate.
While the workers’ comp market is expected to stay competitive, the rate recommendation could portend moderately increasing rates in the coming years.
Why Safety in Design Should Lead Every Construction Project
Too often, safety on construction sites is treated as a field problem managed after work begins. By then, many of the most significant risks are already built into the job. Safety in design flips that approach by identifying and eliminating hazards before ground is ever broken.
Safety in design is a proactive process that integrates safety into the earliest stages of planning, engineering and layout. The goal is simple: to remove or reduce risks at their source rather than relying on protective equipment, procedures or workarounds later. For construction executives, design safety can mean fewer injuries, lower costs and smoother project delivery.
This approach requires project teams to think through how a structure will be built, used, maintained and eventually demolished — and address hazards at each stage. That means involving safety professionals, engineers and operations personnel so risks can be engineered out rather than managed in the field.
Where design decisions reduce real-world risk
Many of the most effective safety improvements are straightforward design choices made early in a project:
- Add roof parapets or guardrails to reduce fall risks and limit the need for active fall protection systems.
- Relocate rooftop equipment to ground level to eliminate work at height during maintenance.
- Design site layouts to separate pedestrian and vehicle traffic and improve equipment flow.
- Ensure adequate space for safety equipment like eyewash stations and spill kits.
- Plan access for safe removal and replacement of heavy equipment like generators.
Each of these decisions removes a hazard before it reaches the job site, reducing reliance on administrative controls or worker behavior to stay safe.
A gap between design and construction
Despite its benefits, safety in design has historically been underutilized in the U.S. Designers often distance themselves from construction-phase safety due to limited training in safety practices and concerns about increased liability.
That disconnect creates risk. Designers ultimately dictate how a project is built, including the materials and assembly methods used, yet they are often not directly involved in construction safety planning.
Design-build firms tend to perform better in this area. Designers and builders work within the same organization, so can collaborate more effectively. Construction teams flag safety concerns during design, and those lessons carry forward into future projects.
Companies working with outside design firms should insist on similar collaboration. Owners and contractors should consider bringing designers together with construction managers and safety teams to review risks and identify safer alternatives.
Why early involvement pays off
- Lower total project costs: Addressing hazards early avoids costly redesigns, delays and injury-related expenses.
- Fewer incidents and disruptions: Eliminating risks upfront reduces the likelihood of accidents that halt work and injure workers or third parties.
- Improved productivity: Safer, better-designed work sites are more efficient and easier to navigate.
- Reduced insurance and liability exposure: Fewer claims and stronger safety records can improve underwriting outcomes.
- Stronger competitive position: Many project owners now expect documented safety plans as part of bids.
A shift that is gaining momentum
Safety expert Georgi Popov notes that historically, most safety efforts have focused on the operational phase of projects. In an interview with Construction Dive, he said that is changing as more organizations recognize the value of early intervention.
“Our goal is to manage risk throughout the life cycle of a system or building, starting with the design concept,” Popov said, adding that earlier involvement helps eliminate embedded risks before they reach the field.
In short, projects are safer when they are designed that way from the start.
Urgent: Distribute New Workplace Rights Notice to Your Staff
If you have not yet distributed the state’s new required “Workplace Know Your Rights” notice to your workers, you missed the Feb. 1 deadline and need to act immediately.
California’s Workplace Know Your Rights Act (SB 294) mandates that employers provide all employees with an annual, stand-alone written notice detailing key workplace rights, including immigration protections, union organizing, workers’ compensation and law enforcement interactions. Under the law, notices must be distributed by Feb. 1, 2026 and to new employees upon hiring.
The law also requires employers, by March 30, 2026, to give employees the opportunity to designate an emergency contact and indicate whether that contact should be notified if the employee is arrested or detained at work or during work hours.
The notice must be delivered in a stand-alone format using the same method normally used to communicate employment information, such as personal service, e-mail or text message, as long as employees can reasonably be expected to receive it within one business day. Notices must be provided annually and upon hire.
The Labor Commissioner has issued a template in English and Spanish, with additional languages — including Chinese, Filipino, Vietnamese, Korean, Hindi, Urdu and Punjabi — forthcoming.
Workers’ compensation rights
The notice must inform employees of their rights to workers’ compensation benefits if they are injured or become ill due to their job. This includes medical care and disability pay to replace lost wages.
Immigration-related protections
A significant portion of the notice addresses immigration-related protections already codified in California law.
Employers must inform workers of their right to advance notice of inspections by immigration authorities, including inspections of I-9 forms. Employers that receive notice of an inspection must notify employees and any union representatives.
The law reinforces that employers may not engage in retaliatory immigration-related practices, such as threatening to report a worker or family member to authorities or improperly reverifying employment eligibility. The notice also outlines workers’ Fourth and Fifth Amendment rights during workplace interactions with law enforcement.
Right to organize
The notice must also describe employees’ right to unionize and engage in protected concerted activity. This includes the right to discuss wages and working conditions and act together to improve workplace conditions.
Penalties and next steps
The Labor Commissioner may assess penalties of up to $500 per employee per violation for failing to comply with the notice requirement.
Violations of the emergency contact provision can trigger penalties of up to $500 per employee per day, capped at $10,000 per employee.
Employers should:
- Determine and document a distribution method for current employees and new hires.
- Ensure a reliable recordkeeping process to confirm delivery.
- Update onboarding materials for new hires to include the notice and emergency contact designation.
- Train supervisors and managers on emergency contact notification obligations.
- Circulate the notice to staff to give them the opportunity to designate an emergency contact by March 30.
Stealth Trends Driving Workers’ Comp Premiums
While employers’ main priority for containing workers’ comp costs should be workplace safety, they also need to keep an eye out for three stealth factors that can nudge their premiums higher.
Where employees work, what they do from day to day and how production technology affects workplace behavior are all often flying below the radar for many employers, who may be hit with higher premiums after an insurer audit and worker reclassification. In addition, technology designed to increase productivity — like wearables — may actually raise the potential for workplace injuries.
These issues often surface only after a claim occurs or when the insurer conducts a premium audit. The end result can be a costly surprise when the employer receives a bill for additional premiums.
Remote work creates jurisdiction issues
Remote work arrangements are now deeply embedded across many industries. Recent workforce surveys show that a large share of employees whose jobs allow it now work remotely either full time or part time, a sharp increase from pre-pandemic years.
When an employee works from another state, injuries may fall under that state’s workers’ compensation laws. If an employer is headquartered in Louisiana but has a remote worker who is injured while performing job duties in Idaho, two jurisdictions may be involved.
If that state exposure is not disclosed on the workers’ compensation application, coverage gaps or disputes can arise.
Many employers assume remote work reduces risk because employees are no longer in warehouses, job sites or manufacturing facilities. In reality, the exposure has shifted rather than disappeared. Without clear documentation of where employees work and what they do, insurers may default toward broader coverage assumptions that result in higher-rated classifications or expanded exposures.
Job creep
Another growing issue is job creep — employees gradually taking on responsibilities outside their original job descriptions. This happens frequently during staffing shortages, growth periods, tight deadlines or in smaller operations. Office staff may help with shipping. Supervisors may step into hands-on roles. Employees often wear multiple hats to keep operations humming.
From an insurer’s perspective, what matters is the work performed, not just the job title listed on payroll. When a claim occurs, carriers examine real-world duties closely. If, for example, a supervisor is injured while helping on the line, the insurer may reclassify payroll, split classifications or apply greater scrutiny across similar roles.
This issue is especially common among small and midsize employers, where flexibility is often necessary. However, without updated job descriptions and internal documentation, that flexibility can translate into higher premiums and audit-related adjustments.
Productivity technology challenges
Employers are increasingly using time-tracking software, performance dashboards, automated scheduling systems and wearable devices to monitor productivity, track output and manage work.
While these tools can improve efficiency, they can also subtly alter behavior. Employees may work faster when metrics show they are falling behind. Breaks may be delayed or skipped. Safety steps may be rushed. Early signs of strain or discomfort may go unreported to avoid appearing less productive.
Over time, this increased intensity can raise injury risk, particularly for repetitive motion and ergonomic injuries. In addition, productivity systems may change the nature of the job itself — by increasing lifting frequency, reducing recovery time between tasks or assigning more physically demanding work than originally intended.
What employers should review before renewal
To address these stealth exposures and reduce the risk of being hit with a premium increase after an audit, employers should take a closer look at:
- Where employees are actually working, including out-of-state remote arrangements.
- Whether job descriptions reflect real, day-to-day duties.
- How often employees perform tasks outside their formal roles.
- Whether productivity tools are increasing physical or ergonomic demands.
None of these issues are dramatic on their own. But together, they can quietly drive premium increases, coverage disputes and audit surprises.
Employers who proactively address these trends are better positioned to align coverage with reality — and avoid paying for risks they never intended to assume. If you have questions or concerns about any of the above, please contact us to stave off unpleasant premium surprises.
Large Trucks Account for a Third of Work Zone Accidents
Some of the riskiest locations for roadway collisions are work zones, as they often result in changes in traffic patterns and right of way, along with workers present and large commercial vehicles on the scene.
Work zones are designed to improve the safety of workers who are enhancing or repairing roads, freeways, bridges, sewage and other infrastructure by separating construction and maintenance activities from traffic. The crews do that by providing a safe route for motorists, pedestrians and bicyclists and a safe area for the workers on the scene.
That stew of activity and unpredictability sadly results in carnage. In 2023, 899 people died in work zones in the U.S., out of an estimated 101,000 crashes, according to the National Workzone Safety Information Clearinghouse. More than 300 of those fatalities involved large commercial vehicles.
The most common types of fatal accidents in work zones are:
- Crashes involving a commercial vehicle: 33%
- Crashes caused by speeding: 31%
- Rear-end collisions: 24%
With liability risk in mind, it’s important that you take the extra effort to cover driving in work zones during your driver safety training.
At the first sign of road construction, your drivers should slow down. Keep in mind that stopping takes space and time. Depending how fast a truck is traveling, it can take more than the length of a football field to stop, even in the best conditions (good tires and dry pavement). At 65 mph, the stop will take more than 7 seconds to complete.
Stopping distances can be even greater if:
- It is raining or snowing,
- Tires or brakes are worn,
- There is dirt or gravel on the road,
- The truck is carrying a heavy load,
- The truck is carrying a liquid load (especially when the tank is not completely full), or
- The truck is traveling downhill.
The most common types of accident
Let’s look at the most common commercial vehicle work-zone accident scenarios, and why they happen:
Rear-end collisions — These are most common in work zones on freeways, interstates and two-lane highways.
Why they happen: The driver was not aware or prepared for stopped or slowed traffic ahead of them.
Head-on collisions — These are most likely to happen in work zones on two-lane highways.
Why they happen:
- The driver crosses the centerline at night.
- The driver swerves to avoid objects and into oncoming traffic.
Right-angle collisions — These are most likely to happen in work zones on non-freeway multi-lane roads.
Why they happen: The driver pulls out of or turns left into a workspace, intersection or driveway without enough of a gap in traffic.
Sideswipe collisions — These incidents usually occur on freeways, interstates and other multi-lane roadways.
Why they happen: The driver fails to check for vehicles in their blind spots while trying to merge out of a closing lane or into an open one.
Truck collisions with objects or workers — These especially dangerous accidents usually happen in work zones on non-freeway multi-lane roads.
Why they happen: Typically, the driver is traveling too fast to negotiate the work zone.
The American Road Transportation and Builders Association has these recommendations for drivers entering or driving inside a work zone:
- Pay attention to work zone signs.
- Leave enough space between you and the motorist in front of you.
- Be prepared to stop or slow unexpectedly.
- Expect to stop when you see a “Flagger Ahead” sign.
- If stopped or slowed in a traffic queue, consider turning on your flashers to warn traffic coming up behind you.
- Watch for traffic and workers going into or out of the work zone.
- Get into the open lane as soon as possible at lane closures.
- Be especially aware of motorists racing to get ahead of you or trying to turn in front of you at the last second.
- Use alternative routes to avoid work zones whenever feasible.
Corporate Cyber Risk Outlook for 2026
Cyber risks are set to intensify in 2026 as artificial intelligence reshapes how attacks are launched and how organizations defend themselves.
Three new reports agree that cybercrime is becoming faster, more targeted and more disruptive to business operations. AI is accelerating existing threats and shortening the time between intrusion and impact. According to a report by Moody’s Ratings, this shift is pushing companies into “a new era of adaptive, fast-evolving threats” where manual defenses are no longer sufficient to protect an organization.
This is not just a large company problem. Small businesses are increasingly targeted, often because they are seen as easier to breach than larger organizations.
AI is supercharging cybercrime
AI is now widely used by cybercriminals to scale phishing, automate efforts to find website vulnerabilities and create malware that can modify its code to evade detection.
Moody’s “2026 Cyber Risk Outlook” warns that these tools allow attackers to scan networks continuously, exploit misconfigurations at machine speed and launch campaigns against thousands of targets simultaneously.
The World Economic Forum echoes this concern in its “Global Cybersecurity Outlook,” where 94% of leaders surveyed said AI will be the most significant driver of cyber risk in 2026. Nearly nine in 10 respondents reported an increase in AI-related vulnerabilities over the past year, alongside rising cyber-enabled fraud, phishing and software exploits.
AI-enabled social engineering is a particular concern. Advances in voice cloning and deepfake technology are making impersonation attacks more convincing, especially those targeting executives, finance teams and IT staff. These attacks increasingly bypass technical controls by exploiting human trust rather than technical flaws.
New risks from enterprise AI use
The growing use of AI inside organizations is also creating new exposures. Moody’s found that only 29% of surveyed organizations follow the Open Worldwide Application Security Project’s (OWASP’s) best practices guidance for large language model applications, leaving many vulnerable to data leakage, prompt injection and weak access control.
Research from Google Cloud highlights prompt injection as a rising threat in 2026. In these attacks, malicious instructions are embedded in data or user inputs, causing AI systems to bypass safeguards and expose sensitive data.
Ransomware an ongoing threat
Despite improved defenses, ransomware and data-theft extortion remain among the most damaging cyber threats. Moody’s reports that 44% of ransomware attempts in 2025 were stopped before encryption, up sharply from the year before, largely due to better detection and backup practices.
Large enterprises remain prime targets. Their complex networks create blind spots and attackers increasingly focus on extortion tactics that rely on stolen data rather than locked systems.
Google Cloud researchers note that ransomware, data theft and multifaceted extortion continue to generate cascading economic losses across supply chains, with incidents in 2025 resulting in hundreds of millions of dollars in total damage.
What employers can do
While no organization can eliminate cyber risk, the reports point to practical steps that can materially reduce exposure:
Strengthen AI governance. Limit AI system permissions, follow OWASP’s guidance for large language models like ChatGPT and monitor prompt injection attacks and data leakage.
Accelerate detection and response. Automated monitoring and containment tools are increasingly essential as criminals use AI to move quickly through networks.
Plan for data extortion. Create an extortion response plan that addresses regulatory, legal and reputational fallout even when systems remain operational.
Build resilience into infrastructure. Regularly test backups, use cloud systems in multiple locations to spread risk and conduct outage and breach simulations.
Control identity and access. Give staff, systems and applications (including AI agents) only the minimum access they need to do their jobs. Require multi-factor authentication during logins and create just-in-time access protocols so elevated permissions are granted only when needed and automatically removed once a task is complete.
Train employees continuously. Focus on phishing, vishing and executive impersonation scenarios that target human behavior rather than technology.
Secure cyber insurance
Finally, you should consider cyber liability insurance, which can help your business recover quickly from an attack by covering costs such as:
- Data recovery and system restoration after a breach or ransomware attack.
- Legal and regulatory expenses if sensitive customer or employee data is exposed.
- Notification and credit monitoring services for affected parties.
- Business interruption losses from downtime or system failure.
- Public relations and crisis management to help rebuild trust.
Note: Cyber insurance may cover ransomware payments, but coverage is often conditional, increasingly restricted and dependent on policy wording and the circumstances of the attack.
Businesses Scramble to Comply with EEOC’s New Playbook
The Equal Employment Opportunity Commission has rolled out the most dramatic shift in its enforcement posture in decades, narrowing some protections and targeting others, especially around disparate impact, diversity, equity and inclusion (DEI) and gender identity.
Also, with the confirmation of Commissioner Brittany Bull Panuccio in October 2025, the EEOC once again has a voting quorum. Her addition gives the new Republican majority the opportunity to rewrite guidance, revise strategic enforcement plans and launch higher-profile litigation aligned with the administration’s executive orders.
The new enforcement focus, initiated by a series of executive orders by President Trump, stands in contrast to established federal law, opening firms up to litigation by employees that runs counter to EEOC enforcement priorities.
DEI programs under a sharper lens
This year, the EEOC has trained its focus on what it describes as “unlawful DEI-motivated race and sex discrimination.” Programs that once were framed as inclusion efforts are now being scrutinized for potential reverse discrimination.
That includes:
- Mentorship, sponsorship and leadership programs limited to certain demographic groups.
- “Women only” or “underrepresented only” events and resource group activities.
- Hiring, promotion or internship pipelines that expressly prefer certain races or genders.
- Diversity metrics that function more like quotas than broad and aspirational goals.
Gender identity policies
EEOC Chair Andrea Lucas has directed agency lawyers to back away from gender identity litigation and to revisit harassment guidance that spells out protections for transgender employees.
Bathrooms, locker rooms and pronoun policies are likely flashpoints. Employers that wish to maintain strong protections for transgender and nonbinary workers may need to rely more heavily on state law, company values and reputational concerns as their guideposts.
These new policies put employers in a bind. Title VII’s ban on sex discrimination, which covers sexual orientation and gender identity, still stands and many states explicitly protect those groups.
Employers that scale back protections to comply with the new federal posture may reduce the chance of an EEOC probe but increase exposure to private lawsuits, state agency enforcement and reputational damage.
How employers can respond
Audit DEI and talent programs — Inventory all DEI initiatives, resource groups, mentorships and pipelines. Strip out eligibility rules tied to race, sex or national origin. Reframe programs around equal access and business needs.
Refresh public and internal statements — Review diversity pledges, representation goals and reporting. Avoid language that can be read as promising preferences. Emphasize fair processes, bias reduction and inclusion.
Map gender identity and facility policies to actual law — Chart federal, state and local requirements for every location. Where you maintain sex-specific facilities, consider options like single-user restrooms and clear procedures for handling complaints.
Boost religious accommodation practices — Ensure there is a clear, documented process for addressing religious objections, including objections to DEI content or pronoun expectations. Train managers to respond promptly and consistently.
Keep doing adverse impact reviews — Even if the EEOC is stepping back, continue to test hiring tools, promotion systems and layoff criteria for disproportionate effects on protected groups.
Invest in investigation capability — Make sure complaint procedures, investigation protocols and documentation would hold up under scrutiny from private plaintiffs, state agencies or the EEOC under its new priorities.
Takeaway
Finally, ensure that your business secures an employment practices liability policy, which can protect your firm from employee-initiated actions like discrimination or harassment complaints.
These policies can cover court costs, attorneys’ fees, discovery expenses, settlements or judgments and other related costs.