Whether you accept the idea of climate change or not, here are the facts, as reported by the National Oceanic and Atmospheric Administration (NOAA)’s National Centers for Environmental Information, in its recently updated 2024 Billion-Dollar Disaster Analysis*:

• The U.S. experienced 27 individual weather and climate disasters last year with at least $1 billion in damages, trailing only the record-setting 28 events analyzed in 2023. 
• The cost of these disasters came to approximately $182.7 billion. This figure is based on analysis through January 10, 2025, and may rise an additional several billion dollars, as new data become available. 
• This total places 2024 as the fourth-costliest on record, trailing 2017 ($395.9 billion), 2005 ($268.5 billion) and 2022 ($183.6 billion). 
• Adding the 27 events of 2024 to the record that begins in 1980, the U.S. has sustained 403 weather and climate disasters for which the individual damage costs reached or exceeded $1 billion. The cumulative cost for these 403 events exceeds $2.915 trillion.
• The 2024 disasters caused at least 568 direct or indirect fatalities, the eighth-highest for these billion-dollar disasters over the last 45 years (1980-2024).

Even in areas of the country that typically are spared from these types of events, policyholders are likely to see the effects begin to impact property insurance rates and coverage options in the future.

Are you prepared for a weather-related emergency? That preparation should include not only insurance-related questions, but also policies on employee safety, and ensuring the integrity of physical spaces, structures, and equipment, among other considerations.

Severe weather most likely is not going away or becoming less of a threat. Neither is the effect on people and property. It is wise to check your emergency preparations in case a natural disaster strikes your part of the world.

*https://www.climate.gov/news-features/blogs/beyond-data/2024-active-year-us-billion-dollar-weather-and-climate-disasters

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The cloud. That mysteriously vague destination we all have accepted as the repository of unimaginable amounts of digital information. You can send anything to the cloud, and we do.  But how safe is that information – especially vital information about identity, finances, purchasing habits, and so much more?

This can become an especially critical question for business owners, who by necessity accept, process, and share such vital information in the course of doing business.  Even businesses that do not work directly with healthcare, financial or other regulated data may find themselves exchanging identity information with third parties. For example, many businesses use an outsourced payroll reporting company, providing Social Security numbers and possibly additional information to that third party.   

Safeguarding the privacy of the information you share with third parties should become and remain a top priority. A key first step includes carefully and thoroughly vetting your vendors, to make sure that they are adequately protecting the data you are sharing with them. Here are some questions you may want to ask as part of that vetting process:

• Is the vendor, because of the data they possess or the business in which they are engaged, subject to any cyber security regulations, such as Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX) compliance, or New York State Department of Financial Services (NYDFS)?
• Does the vendor have a formal cyber security program with written policies, plans and procedures? If so, does that program follow a cyber security or auditing framework such as CIS, NIST, SOC or ISO? Does the program cover risk assessment, asset management, patch management, vulnerability management, and endpoint detection and response? Does the vendor have incident response, disaster recovery, and business continuity plans?
• Does the vendor provide cyber-security training to their employees? How often? What topics are covered? Does the vendor conduct phishing simulations to test employees’ ability to properly respond to phishing attacks?
• Does the vendor limit each employee’s access to IT resources to only what is required to do that employee’s job? Does the vendor encrypt data? At rest and in motion? Does the vendor require employees to use complex passwords? Does the vendor require multi-factor authentication for access to non-public data? Does the vendor require multi-factor authentication for remote access to IT resources?
• Has the vendor experienced a cyber security incident in the past 24 months? If so, can they describe the incident and what remediations have been made to prevent its recurrence? As a result of the incident, was a cyber insurance policy claim filed, or regulatory action taken?   

While vetting vendors is important, it’s equally essential to ensure that confidential customer information, like personal identification or private health records, is protected as you hold it for your business purposes. How would you answer the above questions if a client posed them to you?

Evergreen Insurance does not provide specific IT counsel or advice, but shares this message to help clients protect their business interests.

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.