The modern workplace is changing, and that’s creating new risks for CFOs to mitigate.
Steven Wilkins, senior vice president, head of casualty and partner at Hiscox USA, an international specialist insurer based in Atlanta, talked with StrategicCFO360 about what to look out for—and how to lessen the risk.
What are the workplace trends changing the risk landscape for companies?
Businesses of all sizes have been faced with many challenges since the pandemic, including inflation, a volatile economy, supply chain constraints and record-setting low unemployment. While concerning, CFOs mostly recognize these trends and have tested strategies to deal with the impacts. However, one emerging trend that business leaders will have to learn to tackle is the changing workplace and the associated changing risk landscape.
There are two key changes impacting businesses across the country. First, a shift toward remote working driven by rapid adoption during the pandemic and cemented by the low unemployment levels which are empowering employees to choose how and where they work. And second, an increase in the use of gig workers or contractors to overcome shortages of full-time staff.
Combined, these two trends are changing how companies operate and shifting the risks that must be addressed.
What are the risks associated with this changing business environment?
This new working model that includes remote working options and flexible office spaces is here to stay and with it, the security threats posed by this distributed environment. The growing desire of employees to work from anywhere—be that a home office, a coffee shop, or while traveling—has created vulnerabilities for companies, and IT security teams are having to adapt.
Work from home/anywhere settings typically have less secure connections and provide easy access to company networks. Couple this with an increased use of online collaboration and productivity tools that have a wide range of security protocols, and the risk of cyberattack and associated financial costs increases exponentially.
Furthermore, the explosion of the gig economy creates its own inherent concerns, and it is only growing. In fact, even in one of the most robust job markets the U.S. has seen, the global gig economy is expected to be valued at $455 billion by the end of next year. The freelance market alone is expected to grow 15 percent year over year through 2026.
What many companies do not realize is that when hiring a freelancer or contractor to perform client work, there is an additional level of risk and liability. For instance, businesses can be liable for issues if a client sues as a result of being given incorrect advice or there is damage to a client’s property, even if this work has been performed by a freelance worker or contractor.
Many mistakenly believe that these individuals are covered by the company’s insurance policies, but that is often not the case. This means if there is an issue or something goes wrong relating to the work completed by a freelance worker, it could lead to a drawn-out process causing reputational damage and financial costs for the company. And in many cases these issues don’t arise until long after the freelancer has moved on.
What is the financial impact of these expanded cyber risks as a result of remote work options and how can CFOs protect their companies?
It’s no secret that during the worst of the pandemic, cyberthreats intensified and security teams had to reconsider their approach to safeguarding companies. But according to the 2022 Hiscox Cyber Readiness Report released last August, there has been a 7 percent increase in cyberattacks on U.S. businesses, even with significant numbers of employees returning to the office.
Nearly half of all U.S. businesses (47 percent) have suffered an attack in the past 12 months. Equally disturbing, the report finds that the median cost of a cyberattack has increased 80 percent over the last year from $10,000 to $18,000. Hackers are becoming bolder and more sophisticated, at a time when 50 percent of companies do not feel they have the necessary budgets to mitigate cyber risks, according to a study just released by the Neustar International Security Council.
Beyond the standard response to safeguarding your company against cyberattacks, including implementing new security measures and developing early detection/rapid response action plans, CFOs can lean into partnerships to help prevent attacks and reduce the financial impact.
While cybersecurity insurance should be a standard for all organizations, it is not. This insurance not only protects you from the costs associated with a data breach, hack or ransomware demand, but often provides you with access to a team of breach response experts who will spring into action as soon as a breach is reported. Quick action by professionals will minimize the damage to your business and your reputation.
Further, even if businesses have this insurance, many CFOs are unaware of the additional benefits insurance companies may offer, such as cybersecurity training for your workforce. Check with your insurance provider to discover whether workforce cyber training is included in your policy.
What steps should businesses take to ensure the ongoing safety of their company when hiring gig workers?
CFOs should make sure that the individuals responsible for hiring are properly assessing the credentials of freelance candidates just as they would before engaging a full-time employee. Running background checks, reviewing work product, understanding commensurate industry experience and calling references are just the beginning.
If you choose to move forward with a candidate, it’s important to ensure that the same cybersecurity initiatives that are in place for full-time employees when in office or working remotely, are in place for the gig worker. Importantly, you will also want to consider the risk and liability associated with these workers.
Questions to consider:
Does the company policy cover freelancers? Many CFOs assume that the company’s general and professional liability insurance policies cover these individuals as they do full-time employees. This is typically not the case.
Does the contractor have his/her own general liability or professional liability coverage? Don’t assume that they do. Whether hiring construction type positions or knowledge workers (i.e., lawyers, IT consultants, accountants), many in the gig workforce are unaware of the need to protect themselves. In many cases, the hiring company should ask to be named as an additional insured on the freelancer’s policy. This will give you increased access to the policy’s protection.
What type of insurance does the company need or does the candidate have? There is significant exposure when hiring freelance resources and the insurance needs vary based upon the type of work. Two key policies to consider are general liability and professional liability.
General liability insurance covers a wide range of scenarios where an accident or unseen event occurs, and the policyholder is deemed to be liable. A key example would be the damaging of a client’s property, e.g., a landscaper accidentally damaging a window or a consultant spilling coffee on a laptop. Professional liability insurance covers negligence arising from professional services. These can range from alleged or actual negligence, e.g., a freelance accountant giving incorrect advice to a client, to personal injury from alleged libel and slander if the consultant is thought to have said or written something negative or untrue.