Achieving cost efficiency and filling gaps in expertise has led many companies to rely more and more on outside vendors and third parties for services, including cybersecurity. But significant vulnerabilities also accompany those important factors, exposing businesses to cyber breaches, compromised data, operational disruptions, costly insurance claims, and legal battles. 

For example, if a vendor responsible for processing payments has inadequate cybersecurity and gets attacked, it compromises the company’s customer data. Such breaches have occurred with alarming frequency, causing significant financial and reputational damage. These attacks also open the floodgates for hackers to infiltrate the company’s network, disrupting operations and leading to business interruption claims. 

The potential for such claims, along with regulatory compliance concerns, underscores the importance of thoroughly assessing the cybersecurity posture of any third party before entering a business relationship. This process should include both the IT/security team and the legal department, and should examine the following items:

1. Vetting the Vendor:
   Rigorously assess the vendor’s cybersecurity practices to ensure robust defenses are in place, to include the vendor’s incident response plan and compliance with relevant standards and regulations.  Incorporating adequate cybersecurity measures and response plans into the vendor contract is crucial.

2. Requiring Cyber Insurance:
   Vendors should be required to carry cyber insurance covering breaches that could impact your operations, including third-party liability for hardware failures, system breakdowns, and business interruption claims. Review the policy for exclusions or limitations that might impact your company’s coverage.

3. Incorporating Risk-Shifting Provisions:
   Your legal team should include risk-shifting provisions in contracts with third-party vendors, so that if a breach occurs, the vendor indemnifies your company against both direct losses and third-party claims. This indemnification should cover both standard and gross negligence, as well as willful misconduct, and include reimbursements for any losses beyond what insurance might cover. Such contractual agreements shift the financial burden back onto the vendor in the event of a cyber incident.

The professionals at Evergreen Insurance understand these scenarios and can speak the language of business owners looking for the best package of protection. Contact us to learn more.

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Being asked to serve on a board or to help manage a company or non-profit organization can be a very rewarding experience. Yet at the same time, the personal financial risks tied to these roles must always be recognized and minimized.

Management liability coverage – including directors and officers (D&O), employment practices liability (EPLI), and fiduciary liability insurance – exists to help protect the personal assets of leaders and senior managers, as well as the financial assets of the company against lawsuits. These specialized areas of insurance also pay for legal defense and may include provisions for the insurer to provide expert legal counsel in the case of lawsuits filed against a company and its directors and executives.

Allegations made in such claims cover a myriad of possibilities, including, among others:

• Denial or change of benefits.
• Retaliation against an employee.
• Discrimination based on religious beliefs, accommodation of disabilities, or work location preferences.
• Administrative error.
• Improper advice or counsel.
• Excessive fees charged for 401(k) or 403(b) investment plans at corporations and non-profit entities, respectively.
• Wrongful termination of, or failure to adequately fund, a benefits plan.
• Conflict of interest.
• Imprudent investment of assets or lack of investment diversity.
• Imprudent choice of insurance company, mutual fund, or third-party service provider.

While management liability coverage is commonly held among for-profit companies and non-profit organizations, it is less so among privately held companies, as concerns over cybersecurity have overshadowed this area. The risk for leaders of these privately held entities is every bit as serious, however.

Management liability coverage comes down to ensuring that the individuals in charge of running a privately held business are protected against the people-related financial risks of the organization. The professionals at Evergreen Insurance have the experience and perspective to guide a business to the proper coverage related to this topic. Contact us today to learn more.

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Credit insurance is designed to protect a business from non-payment of commercial debt. That means that if a customer does not pay because of bankruptcy or insolvency, or if it simply does not pay on time, a credit insurance policy will pay the business up to the insured credit limit.  This coverage helps protect a business’ capital, maintain its cash flow and secure its earnings while extending competitive credit terms and access to more attractive financing.

A credit insurance policy allows a business to feel secure in extending more credit to current customers, or to pursue new, larger customers that would have otherwise seemed too risky, opening the door to increased sales.  

Securing coverage of customer payments made to a business’ accounts receivable represents an important asset to any organization – one that warrants protection. Insurers can provide coverage to help business owners safeguard this critical asset, but need to understand the level of risk by asking such questions as:

• What does the business’ balance sheet look like regarding accounts receivable payments?  
• How many customers does the business serve, and how reliable are payments from those customers? 
• Is the business’ risk spread across multiple customers or concentrated in just a handful? 
• Does the business evaluate its customers’ economic status before extending credit? 

This protection is similar to questions regarding supply chain issues. Is the business diverse enough with its suppliers that it can survive delays in deliveries or financial problems among key suppliers? Directors and officers (D&O) liability insurance is also related, to protect individuals from personal losses if they are sued as a result of serving as a director or an officer of a business or other type of organization, including ramifications from customer credit- and payment-related issues.

The professionals at Evergreen understand these products and can speak the language of business owners looking for the best package of protection. Contact us to learn more.

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Health care costs continue on their seemingly unending rise. As a result, employers continue to look for ways to responsibly contain those costs. One tool – the dependent eligibility audit – offers a relatively easy way to do just that.

This audit does exactly what the name describes – it determines whether all dependents being carried on an employee’s coverage are in fact eligible to be there. Those who should no longer be covered include children who have reached the maximum age limit, divorced spouses, or ineligible friends, roommates, or relatives. Industry estimates state that between 3 and 12 percent of dependents currently being carried on employee policies should not be there.  Eliminating these ineligible individuals can represent a meaningful cost savings for the employer.

Ensuring that only eligible people are included on a health care plan protects employers from violating federal law, and can also impact tax penalties associated with covering ineligible dependents.

Some general guidelines when preparing for a dependent eligibility audit include:

• Communicate with employees about the upcoming audit, asking for their prompt and complete cooperation in providing any necessary documentation, and assuring that the process will be fair and open.
• Senior management, managers, and human resources representatives must support the audit and be prepared to answer any questions from employees.
• A period of amnesty should be announced, allowing employees to identify and remove any ineligible dependents without penalty.
• Following the amnesty period, employees will be asked to provide documents verifying a dependent status/relationship, and that such a relationship still exists. Examples may include: marriage certificates; domestic partner affidavits; legal documents establishing custody, guardianship, or foster care; birth certificates; tax forms; medical documentation of disability; and adoption papers.

If an employee is unable to verify a dependent relationship, the employer may impose penalties, terminate coverage under the plan, or seek reimbursement for the claims paid for ineligible dependents.

The Benefits team at Evergreen Insurance has information on dependent eligibility audits and other ways to ensure that your health care plans are cost-efficient and sufficient for your specific company’s needs.

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Whether you accept the idea of climate change or not, here are the facts, as reported by the National Oceanic and Atmospheric Administration (NOAA)’s National Centers for Environmental Information, in its recently updated 2024 Billion-Dollar Disaster Analysis*:

• The U.S. experienced 27 individual weather and climate disasters last year with at least $1 billion in damages, trailing only the record-setting 28 events analyzed in 2023. 
• The cost of these disasters came to approximately $182.7 billion. This figure is based on analysis through January 10, 2025, and may rise an additional several billion dollars, as new data become available. 
• This total places 2024 as the fourth-costliest on record, trailing 2017 ($395.9 billion), 2005 ($268.5 billion) and 2022 ($183.6 billion). 
• Adding the 27 events of 2024 to the record that begins in 1980, the U.S. has sustained 403 weather and climate disasters for which the individual damage costs reached or exceeded $1 billion. The cumulative cost for these 403 events exceeds $2.915 trillion.
• The 2024 disasters caused at least 568 direct or indirect fatalities, the eighth-highest for these billion-dollar disasters over the last 45 years (1980-2024).

Even in areas of the country that typically are spared from these types of events, policyholders are likely to see the effects begin to impact property insurance rates and coverage options in the future.

Are you prepared for a weather-related emergency? That preparation should include not only insurance-related questions, but also policies on employee safety, and ensuring the integrity of physical spaces, structures, and equipment, among other considerations.

Severe weather most likely is not going away or becoming less of a threat. Neither is the effect on people and property. It is wise to check your emergency preparations in case a natural disaster strikes your part of the world.

*https://www.climate.gov/news-features/blogs/beyond-data/2024-active-year-us-billion-dollar-weather-and-climate-disasters

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The cloud. That mysteriously vague destination we all have accepted as the repository of unimaginable amounts of digital information. You can send anything to the cloud, and we do.  But how safe is that information – especially vital information about identity, finances, purchasing habits, and so much more?

This can become an especially critical question for business owners, who by necessity accept, process, and share such vital information in the course of doing business.  Even businesses that do not work directly with healthcare, financial or other regulated data may find themselves exchanging identity information with third parties. For example, many businesses use an outsourced payroll reporting company, providing Social Security numbers and possibly additional information to that third party.   

Safeguarding the privacy of the information you share with third parties should become and remain a top priority. A key first step includes carefully and thoroughly vetting your vendors, to make sure that they are adequately protecting the data you are sharing with them. Here are some questions you may want to ask as part of that vetting process:

• Is the vendor, because of the data they possess or the business in which they are engaged, subject to any cyber security regulations, such as Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX) compliance, or New York State Department of Financial Services (NYDFS)?
• Does the vendor have a formal cyber security program with written policies, plans and procedures? If so, does that program follow a cyber security or auditing framework such as CIS, NIST, SOC or ISO? Does the program cover risk assessment, asset management, patch management, vulnerability management, and endpoint detection and response? Does the vendor have incident response, disaster recovery, and business continuity plans?
• Does the vendor provide cyber-security training to their employees? How often? What topics are covered? Does the vendor conduct phishing simulations to test employees’ ability to properly respond to phishing attacks?
• Does the vendor limit each employee’s access to IT resources to only what is required to do that employee’s job? Does the vendor encrypt data? At rest and in motion? Does the vendor require employees to use complex passwords? Does the vendor require multi-factor authentication for access to non-public data? Does the vendor require multi-factor authentication for remote access to IT resources?
• Has the vendor experienced a cyber security incident in the past 24 months? If so, can they describe the incident and what remediations have been made to prevent its recurrence? As a result of the incident, was a cyber insurance policy claim filed, or regulatory action taken?   

While vetting vendors is important, it’s equally essential to ensure that confidential customer information, like personal identification or private health records, is protected as you hold it for your business purposes. How would you answer the above questions if a client posed them to you?

Evergreen Insurance does not provide specific IT counsel or advice, but shares this message to help clients protect their business interests.

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

As more instances of severe weather and the resulting litigation occur, coupled with an ever-increasing rate of repair costs, an emerging issue has begun to impact commercial business owners as they work to secure insurance – the remaining service life and integrity of roofs.

According to the Insurance Information Institute (III), across the U.S. in 2023, insurers lost $79 billion due to natural catastrophes like storms, flooding, droughts, heat waves, and wildfires.  A heightened level of attention among insurance providers to the roofs of commercial buildings has been one result.

III states that if a roof is more than 20 years old when the owner applies for business insurance, most insurance companies will require an inspection, while other companies may decline coverage for this or a number of other factors.  Insurers can’t deny coverage concerning the roof if that roof is less than 15 years old, but if it’s more than that threshold, the owner can get an inspector to certify that the roof has at least five more years of service left.  With an acceptable roof certification, the insurer will likely provide coverage unless there are concerns with other elements of the property or the overall application.  

One option gaining attention features offering insurance that only covers the building’s actual cash value, rather than covering the replacement cost value offered in typical insurance policies.  Actual cash value factors in the cost of depreciation in the final payout, and may be less than the total cost to replace the roof.

Some insurers are reducing coverage for buildings that require costly upgrades, such as roof replacements, before they agree to issue a policy, according to III.  Some are pulling out of areas prone to severe weather entirely, like California and Florida in particular.  Mid-Atlantic states like Pennsylvania have not experienced the same levels of damaging weather or wildfires to date, but being aware of these trends is always a wise strategy.

Contact the professionals at Evergreen for more information.

Interesting how commitments can accumulate when you’re not looking, isn’t it?

You click on a subscription, you agree to get regular updates from a retailer, you cite a preference for a particular brand. And before you know it, funds have been deducted from your checking account, your email inbox gets choked with nuisance messages, and you can’t seem to escape online ads for something for which you are rapidly losing interest. An entire category of online apps has sprung up to help users wrangle these commitments to fit one’s current situation.

What began innocently can end up causing issues that can cost time, money, and patience. The same principle applies to insurance coverage, as a business enters into contracts with partners, suppliers, and vendors.

These agreements are recognized as necessary to conduct, expand, and protect a business’ interests. They make complete sense, and can serve a vital purpose. But caution must be taken when entering these arrangements, to make sure that the business’ insurance policies extend to the terms of any new contracts.

Terms and conditions of insurance coverages are written to specific situations – situations that may take on new wrinkles and specifics under new contractual agreements. The last thing any business owner needs or wants is to discover down the road that a partnership or other agreement under contract with another entity means an existing policy does not offer sufficient coverage.

Working with your insurance provider to conduct a contractual review represents an easy way to safeguard against getting caught in such a scenario.

Contracts and agreements accumulate over time. That’s smart business, typically. Just make sure that your insurance coverage keeps up with the terms of any new situation, to avoid costing you time, money, and patience.

Contact the professionals at Evergreen for more information.

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Artificial Intelligence, or AI, has become ubiquitous across all aspects of modern life, including every type of business. Its ability to access and process information from an unlimited pool of knowledge and existing documents is staggering, but so are the potential shortfalls.

Businesses large and small are wise to develop clear and consistent policies on using this technology. Some concerns that need to be considered include recognizing the uncertainty about who owns the AI-created content, as well as security and privacy concerns regarding proprietary or sensitive information.

An AI usage policy should also acknowledge that the accuracy of AI-generated content cannot be relied upon with any certainty, as it may be outdated, misleading or even fabricated.

Guidelines also could address reviewing AI-generated information for accuracy before relying on it for work purposes. If a reliable source cannot be found to verify the accuracy of AI-generated information, for example, a policy would determine whether that information should be used.

AI promises to change how we work. A well-researched, well-planned, and well-executed AI usage policy can help make sure that those changes remain positive and avoid the problems that otherwise may result.

While insurance isn’t a fix for improper use of AI, cyber insurance should be a part of any business’ overall data security plan. Contact Evergreen for ideas of how to best safeguard your business.

Copyright 2025 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

In case there was any doubt that identity theft remains one of the easiest and most lucrative ways to steal much more than an individual’s identity, consider these statistics:

According to the Identity Theft Research Center (ITRC) Annual Data Breach Report, 2023 had a record high number of data compromises in the U.S. in a single year. A 72 percentage point hike from the previous all-time high number of compromises set in 2021. At least 353 million individuals were impacted.

According to the FBI’s Internet Crime Report 2023, the bureau received 880,418 complaints of cyber-crime as reported by the public, a 10 percent increase from 2022. The potential total loss increased to $12.5 billion in 2023, up from $10.3 billion in 2022. California, Texas, and Florida had the highest number of cybercrime victims.

The Federal Trade Commission’s (FTC) Consumer Sentinel Network took in over 5.39 million reports in 2023, of which 48 percent were for fraud and 19 percent for identity theft. Credit card fraud accounted for 40.2 percent of identity thefts, followed by miscellaneous identity theft at 25.1 percent, which includes online shopping and payment account fraud, email and social media fraud, and other identity theft. Georgia, Florida, and Nevada had the most identity theft reports.

Cybersecurity tools exist to deflect and avoid falling victim to these attacks against your business and your employees.  Evergreen Insurance provides guidance to help establish safeguards against identity theft and other cybercrimes. Contact us today to learn more.

Copyright 2024 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.