The cloud. That mysteriously vague destination we all have accepted as the repository of unimaginable amounts of digital information. You can send anything to the cloud, and we do.  But how safe is that information – especially vital information about identity, finances, purchasing habits, and so much more?

This can become an especially critical question for business owners, who by necessity accept, process, and share such vital information in the course of doing business.  Even businesses that do not work directly with healthcare, financial or other regulated data may find themselves exchanging identity information with third parties. For example, many businesses use an outsourced payroll reporting company, providing Social Security numbers and possibly additional information to that third party.   

Safeguarding the privacy of the information you share with third parties should become and remain a top priority. A key first step includes carefully and thoroughly vetting your vendors, to make sure that they are adequately protecting the data you are sharing with them. Here are some questions you may want to ask as part of that vetting process:

• Is the vendor, because of the data they possess or the business in which they are engaged, subject to any cyber security regulations, such as Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX) compliance, or New York State Department of Financial Services (NYDFS)?
• Does the vendor have a formal cyber security program with written policies, plans and procedures? If so, does that program follow a cyber security or auditing framework such as CIS, NIST, SOC or ISO? Does the program cover risk assessment, asset management, patch management, vulnerability management, and endpoint detection and response? Does the vendor have incident response, disaster recovery, and business continuity plans?
• Does the vendor provide cyber-security training to their employees? How often? What topics are covered? Does the vendor conduct phishing simulations to test employees’ ability to properly respond to phishing attacks?
• Does the vendor limit each employee’s access to IT resources to only what is required to do that employee’s job? Does the vendor encrypt data? At rest and in motion? Does the vendor require employees to use complex passwords? Does the vendor require multi-factor authentication for access to non-public data? Does the vendor require multi-factor authentication for remote access to IT resources?
• Has the vendor experienced a cyber security incident in the past 24 months? If so, can they describe the incident and what remediations have been made to prevent its recurrence? As a result of the incident, was a cyber insurance policy claim filed, or regulatory action taken?   

While vetting vendors is important, it’s equally essential to ensure that confidential customer information, like personal identification or private health records, is protected as you hold it for your business purposes. How would you answer the above questions if a client posed them to you?

Evergreen Insurance does not provide specific IT counsel or advice, but shares this message to help clients protect their business interests.

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

As more instances of severe weather and the resulting litigation occur, coupled with an ever-increasing rate of repair costs, an emerging issue has begun to impact commercial business owners as they work to secure insurance – the remaining service life and integrity of roofs.

According to the Insurance Information Institute (III), across the U.S. in 2023, insurers lost $79 billion due to natural catastrophes like storms, flooding, droughts, heat waves, and wildfires.  A heightened level of attention among insurance providers to the roofs of commercial buildings has been one result.

III states that if a roof is more than 20 years old when the owner applies for business insurance, most insurance companies will require an inspection, while other companies may decline coverage for this or a number of other factors.  Insurers can’t deny coverage concerning the roof if that roof is less than 15 years old, but if it’s more than that threshold, the owner can get an inspector to certify that the roof has at least five more years of service left.  With an acceptable roof certification, the insurer will likely provide coverage unless there are concerns with other elements of the property or the overall application.  

One option gaining attention features offering insurance that only covers the building’s actual cash value, rather than covering the replacement cost value offered in typical insurance policies.  Actual cash value factors in the cost of depreciation in the final payout, and may be less than the total cost to replace the roof.

Some insurers are reducing coverage for buildings that require costly upgrades, such as roof replacements, before they agree to issue a policy, according to III.  Some are pulling out of areas prone to severe weather entirely, like California and Florida in particular.  Mid-Atlantic states like Pennsylvania have not experienced the same levels of damaging weather or wildfires to date, but being aware of these trends is always a wise strategy.

Contact the professionals at Evergreen for more information.

Interesting how commitments can accumulate when you’re not looking, isn’t it?

You click on a subscription, you agree to get regular updates from a retailer, you cite a preference for a particular brand. And before you know it, funds have been deducted from your checking account, your email inbox gets choked with nuisance messages, and you can’t seem to escape online ads for something for which you are rapidly losing interest. An entire category of online apps has sprung up to help users wrangle these commitments to fit one’s current situation.

What began innocently can end up causing issues that can cost time, money, and patience. The same principle applies to insurance coverage, as a business enters into contracts with partners, suppliers, and vendors.

These agreements are recognized as necessary to conduct, expand, and protect a business’ interests. They make complete sense, and can serve a vital purpose. But caution must be taken when entering these arrangements, to make sure that the business’ insurance policies extend to the terms of any new contracts.

Terms and conditions of insurance coverages are written to specific situations – situations that may take on new wrinkles and specifics under new contractual agreements. The last thing any business owner needs or wants is to discover down the road that a partnership or other agreement under contract with another entity means an existing policy does not offer sufficient coverage.

Working with your insurance provider to conduct a contractual review represents an easy way to safeguard against getting caught in such a scenario.

Contracts and agreements accumulate over time. That’s smart business, typically. Just make sure that your insurance coverage keeps up with the terms of any new situation, to avoid costing you time, money, and patience.

Contact the professionals at Evergreen for more information.

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Artificial Intelligence, or AI, has become ubiquitous across all aspects of modern life, including every type of business. Its ability to access and process information from an unlimited pool of knowledge and existing documents is staggering, but so are the potential shortfalls.

Businesses large and small are wise to develop clear and consistent policies on using this technology. Some concerns that need to be considered include recognizing the uncertainty about who owns the AI-created content, as well as security and privacy concerns regarding proprietary or sensitive information.

An AI usage policy should also acknowledge that the accuracy of AI-generated content cannot be relied upon with any certainty, as it may be outdated, misleading or even fabricated.

Guidelines also could address reviewing AI-generated information for accuracy before relying on it for work purposes. If a reliable source cannot be found to verify the accuracy of AI-generated information, for example, a policy would determine whether that information should be used.

AI promises to change how we work. A well-researched, well-planned, and well-executed AI usage policy can help make sure that those changes remain positive and avoid the problems that otherwise may result.

While insurance isn’t a fix for improper use of AI, cyber insurance should be a part of any business’ overall data security plan. Contact Evergreen for ideas of how to best safeguard your business.

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

In case there was any doubt that identity theft remains one of the easiest and most lucrative ways to steal much more than an individual’s identity, consider these statistics:

According to the Identity Theft Research Center (ITRC) Annual Data Breach Report, 2023 had a record high number of data compromises in the U.S. in a single year. A 72 percentage point hike from the previous all-time high number of compromises set in 2021. At least 353 million individuals were impacted.

According to the FBI’s Internet Crime Report 2023, the bureau received 880,418 complaints of cyber-crime as reported by the public, a 10 percent increase from 2022. The potential total loss increased to $12.5 billion in 2023, up from $10.3 billion in 2022. California, Texas, and Florida had the highest number of cybercrime victims.

The Federal Trade Commission’s (FTC) Consumer Sentinel Network took in over 5.39 million reports in 2023, of which 48 percent were for fraud and 19 percent for identity theft. Credit card fraud accounted for 40.2 percent of identity thefts, followed by miscellaneous identity theft at 25.1 percent, which includes online shopping and payment account fraud, email and social media fraud, and other identity theft. Georgia, Florida, and Nevada had the most identity theft reports.

Cybersecurity tools exist to deflect and avoid falling victim to these attacks against your business and your employees.  Evergreen Insurance provides guidance to help establish safeguards against identity theft and other cybercrimes. Contact us today to learn more.

Copyright 2024 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Of course, it saves the cost of medical bills and lost productivity.  But a solid safety program should – and does – mean more than dollars and cents.  It represents an organization’s commitment to its people, and as cliché as it may sound, people remain the most valuable asset any business can have.

And here’s another hard truth – the best business strategy is one where nobody gets hurt in the first place.

So, naturally, the most successful businesses operate with the highest levels of safety.  That applies equally to the heaviest manufacturing concerns, as well as the most desk-bound service provider.  An employer that respects its people by keeping them safe typically reaps the business rewards.

Evergreen Insurance offers a safety consultant staff unlike other providers.  Armed with educational backgrounds in safety and health, plus hands-on experience with scores of customers, our team brings the skills and insight to improve the safety performance of your business, along with the benefits in premiums that can result.

Customers have appreciated the practical ideas our safety experts have introduced, such as establishing an on-site safety committee to earn discounts on workers’ compensation coverage, raising job-related safety as a core competency to reduce injuries and associated workers comp expenses, and paying closer attention to driver behavior to lower accident rates and the cost of recovery.

We start with an honest assessment of your current program, to evaluate together where any safety-related gaps may exist.  Then, our Safety team walks you through the services and plans that address your risks and opportunities.  We collaborate with you through the entire process to determine the best path forward to ensure the safety of your team and protect your investment.

Can there be an easier, more efficient, and more rewarding way to improve your productivity and profitability than by upgrading your safety program?  Contact us today to learn more.

Copyright 2024 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The world of online cyber operations can be complicated.  Add a layer of determining how to adequately anticipate, deter, and recover from attacks, and that world gets appreciably cloudier.  Even to the point where top C-suite executives in major publicly traded companies can hold misperceptions about what their exposure might be, and how their assumptions about protection can be far off the mark.

A report issued by the Federal Reserve Bank of Chicago* cites a survey of chief financial officers at companies with more than $1 billion in revenue that had been performed by a major commercial property insurer.  The survey found that 71% of those CFOs believed their insurer would cover “most or all” of the losses their company would suffer in a cyberattack. However, the damages those CFOs said expected to suffer in such an event are not, in fact, covered by typical cyber and property insurance policies.  

Ambiguities about cyber protection can filter to small- or medium-sized organizations, as well, with just as serious an impact.  A key “value add” for such privately held organizations would be adding insurance-backed cyber resources at the time of loss, to include immediate access to cyber forensics, legal, claims management, and public relations services.  These services would speed up the return to normalcy and protect the insured’s balance sheet and income statement.

In the world of cybersecurity, fully understanding your organization’s exposures, and knowing what the right insurance can and cannot cover – both before and after a breach – only becomes more important with each passing year.  Contact the experts at Evergreen to get a clear picture of your cybersecurity situation.

Copyright 2024 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

*  https://www.chicagofed.org/publications/chicago-fed-letter/2019/426

Every organization needs liability coverage, but it can be easy for non-profits to overlook a type of liability insurance protecting their corporate body as well as their leaders.

Non-profits need insurance to protect themselves from financial loss and liability that can arise during normal operations. This insurance can help cover expenses while affording donors and stakeholders peace of mind. The types of insurance a non-profit may need depend on many factors, including:

• Legal action could have devastating financial consequences for non-profits that often rely on donations and grants. 
• Workers’ compensation/accident insurance can pay for medical expenses, disability, and death benefits for employees injured on the job.
• Cyber liability insurance can protect non-profits from financial losses that may occur after a data breach or ransomware attack.
• The risk of injury to volunteers and third parties can vary depending on the type of operation the organization runs. For example, non-profits that engage in counseling, vocational training, or other kinds of instruction have significant professional liability exposure.
• Non-profits maintaining a positive public perception is key in obtaining grants and charitable donations, so protecting its reputation is essential.

Also, directors and officers liability (D&O) insurance becomes especially important to non-profits because many individuals take on these roles with limited experience, lacking the proper knowledge and appreciation of their legal duties and responsibilities related to the organization.  Non-profit leadership can become a target for litigation related to wrongful acts, such as mismanagement of resources, employment issues, or failure to fulfill fiduciary duties.  

D&O coverage protects those individuals against personal losses, should they be sued as a result of serving in their roles, and also can cover the costs stemming from legal fees, settlements, judgements, and wrongful allegations brought against the non-profit.  

Being smart about non-profit insurance proves that the notion, “No good deed goes unpunished” doesn’t need to be true.  A better idea is that, “No good deed should go unprotected.” Evergreen offers exceptional expertise in coverage for non-profits.  Contact our professionals today to learn more.

Copyright 2024 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.