2023 February PIA New Jersey

Statements of fact and opinion in PIA Magazine are the responsibility of the authors alone and do not imply an opinion on the part of the officers or the members of the Professional Insurance Agents. Participation in PIA events, activities, and/or publications is available on a nondiscriminatory basis and does not reflect PIA endorsement of the products and/or services.

President and CEO Jeff Parmenter, CPCU, ARM; Executive Director Kelly K. Norris, CAE; Communications Director Katherine Morra; Editor-In-Chief Jaye Czupryna; Advertising Sales Executive Calley Rupp; Senior Magazine Designer Sue Jacobsen; Communications Department contributors: Athena Cancio, David Cayole, Patricia Corlett, Darel Cramer, Anne Dolfi and Lily Scoville. Postmaster: Send address changes to: Professional Insurance Agents Magazine, 25 Chamberlain St., Glenmont, NY 12077-0997.

“Professional Insurance Agents” (USPS 913-400) is published monthly by PIA Management Services Inc., except for a combined July/August issue. Professional Insurance Agents, 25 Chamberlain St., P.O. Box 997, Glenmont, NY 12077-0997; (518) 434-3111 or toll-free (800) 424-4244; email pia@pia. org; World Wide Web address: pia.org. Periodical postage paid at Glenmont, N.Y., and additional mailing offices.

©2023 Professional Insurance Agents. All rights reserved. No material within this publication may be reproduced—in whole or in part—without the express written consent of the publisher.

TOP 10 CYBER SECURITY TRENDS TO WATCH OUT FOR IN

PASSWORD TIPS TO PROTECT YOUR AGENCY & CLIENTS:

1.Rise of automotive hacking. The more smart devices that people use (connected through Wi-Fi and Bluetooth) the more opportunities hackers have to attack and take over these devices, or eavesdrop via microphones.

2.Potential of artificial intelligence. AI is being used to develop smart malware and attacks to bypass the latest security protocols in controlling data.

3.Mobile is the new target.

Mobile banking malware or attacks in 2019 increased by 50%. Other information on smartphones that can be highjacked: photos, financial transactions, emails and messages.

4.Cloud is potentially vulnerable. Cloud applications (e.g., Google or Microsoft) are well equipped with security on their end, users still need to be aware of erroneous errors, malicious software and phishing attacks.

LOGIN:

STRONG PASSWORDS TO USE:

» 16 characters long

» Include capital letters or lower case letters

» digits and punctuation marks

» DO NOT include personal information

WEAK PASSWORDS: DO NOT USE

» 123445

» password

» Social Security number

The average cyber claim payout is in the millions. Don’t take the risk.

Arm your agency with a cyber liability policy from PIA. Your agency depends on your computer system, confidential client information and website operation every day. PIA’s coverage gives you options ... protect your agency—and your livelihood— now.

5.Data breaches: Prime target. Remember: Any minor flaw or bug in your system browser or software can be exploited by hackers to access personal information. Keep all your systems current and updated.

6.IoT with 5G Network: The new era of technology and risks. 5G architecture is comparatively new and it requires a lot of research to find loopholes to make the system secure from external attack.

7.Automation and integration. The more systems that are automated the more safeguards that are needed to make sure that a system is secure.

8.Targeted ransomware.

Another important cyber security trend that can’t be ignored is targeted ransomware. Training your employees to be cautious about phishing attacks can help keep your agency more secure.

9.State-sponsored cyber warfare. The cyber fights between different countries will continue to be an issue in 2023. We should continue to see high-profile data breaches this year.

10. Insider threats.

AA data-breach report by Verizon stated that 34% of total attacks were directly or indirectly made by the employees.

‘See it in the Eyes’ ransomware attack, a case study

When the “See it in the Eyes” ransomware attack occurred in 2022, it took approximately 16 hours to detect it, and it involved the Phobos Ransomware, aka Eight Virus. The victim, a jewelry company was unable to open its business the next day following the attack. All its servers with it files, emails and databases were encrypted. Making matters worse, the backups for the applications and data also were encrypted, because they were not stored off-site, but on the same system as the business-critical files.

By the time a resolution had been reached, 71 days had passed, and it cost the owners of the store $35,000 to rebuild its entire digital presence, the virtual servers, and the applications that it used to processes in-store and e-commerce orders. An estimate of $285,000 was paid out in soft costs, and $25,000 was paid directly to the attackers to restore the data.

Many people believe that cyberattackers primarily target big corporations, because of the potential for a big monetary payout. This example refutes this thinking, because the targeted company was a small jewelry store, with only 30 employees. The company was targeted because its cyber security measures were inadequate (i.e., its backups were located on-site and on the same network as the primary data, and a networking misconfiguration).

Cybercriminals take great delight in attacking small businesses, because there are so many of them, and because many of them take cybersecurity too lightly. The truth is, no one is immune from cyberattacks, and every business that has any assets is subject to attack. In the case of the jewelry store, the one thing it did right was purchase cyber security insurance.

About the ransomware

The Phobos Ransomware, aka Eight Virus, is not new. It appends segments on to file names making them unrecognizable to any operating system. The appended segments include the file’s original name, your company ID (so they know who they attacked), an email address you can use to contact them, and the word “eight” (hence the virus name). Even if you could rename the file to make it recognizable, the encryption makes it unreadable. Currently, there are no effective decryption tools available to help with data recovery.

This ransomware was effective in disrupting the business, and in addition to the money paid to the attackers, and

the cost to rebuild the entire infrastructure, there was an additional soft cost of $285,000. This was the amount of money that had to be paid to employees during the 71 days the business was down, which the store was unable to bring in through earnings. Of course, the company was obliged to shut down during that entire period, because it had no inventory data to draw on, and no way to record sales.

Timeline of the attack

The attack occurred on Sunday, April 10, 2022, at 6:45 p.m., when the store was closed. The servers were unprotected and vulnerable to attack. The encryption was carried out overnight, and by Monday morning, the IT manager called to report a blue screen on the host virtual machine, which led her to think there was a problem with the operating system.

All workstations were affected, as well as the virtual host server and the network-attached server. By Monday afternoon, it was apparent that the jewelry store owners should contact their insurance company, as well as the FBI to begin an investigation. Recovery was started on Tuesday by the forensic company, which started to analyze the cause of the breach.

On Wednesday, a temporary email Microsoft Exchange was setup, so the store could have some communication with clients and business associates. However, it wasn’t until June 23 that the store had recovered to the point when it had a fully functioning system and could carry on business as usual.

However, during the 71-day recovery period, the business’s website suffered an attack, and it was significantly defaced. Clearly, the website lacked adequate protection from cyberattack, and it was just as vulnerable as the business’s host network. When the files were recovered, it was discovered that many emails had been corrupted and included malware, which could have launched a secondary attack. All these were successfully removed, and any further disaster was thwarted.

How did the ransomware enter the victim’s system?

An improperly configured firewall left a port open to attack, and this provided the entry point for the ransomware to penetrate the system. The firewall had been configured with security in mind, and some of the ports were changed to thwart a cyberattack. However, cyber(continued on page 6.)

FYI (continued from page 5.)

criminals will go through the entire port range until they find something that appears vulnerable, and that is what happened in this case.

No one is immune from a cyberattack. Committed criminals will keep working until they find a way to breach your system. The fact that saves most businesses is that cybercriminals haven’t heard about them yet, and they haven’t focused on carrying out attacks on those systems.

The lingering damage

Any business that is forced to close for over two months will suffer serious financial loss. In addition, any breach like this quickly becomes public knowledge and results in a loss of confidence in the business that was attacked. Casual observers may feel that the affected business lacks adequate security measures, and they are hesitant to do business with them. That loss of confidence translates to ongoing loss of business for a business because customers prefer to patronize more secure companies.

No one wants to have their personal data exposed to cybercriminals, because they fear that they could become the next victims.

Suppliers and vendors also are hesitant to resume business relationships, knowing that the business has suffered a major security breach, and that they could be indirectly affected by it.

Most businesses that are victims of an attack take a while before they fully recover, and regain the confidence of clients, vendors, and other business associates.

The cost of suffering a ransomware attack goes beyond the monetary amount the business is obliged to pay out, but can continue on into the future like a ripple effect.

Ransomware backup

The jewelry store attacked by the Phobos Ransomware could have avoided this heartache and financial damage by having adequate backups of data and virtual servers prepared. It doesn’t matter whether you have backups stored off-site or on the cloud, it’s just essential to have backups you can access if someone hijacks your businesscritical data and holds it for ransom.

If you still are using tape backups, keep in mind that damage can occur to the magnetic component of tapes over time, so they will need to be replaced at least annually. In addition, it will take longer to restore the data off the tapes.

And, cloud-based backups also can be breached if the vendor’s security is compromised. It’s good to remember that there is no security protection system that can give you complete protection against cyberattacks—so you should plan for multiple contingencies.

Don’t forget about insurance

Another good step to take to protect your agency is to acquire insurance against attack. In the event you are attacked, you’ll have to pay a higher premium afterward because you demonstrated that your security could be breached. However, the increased cost of premiums is well worth it, so you don’t end up bearing the entire

financial cost of damages yourself. [EDITOR’S NOTE: Don’t leave your own agency exposed to the aftermath of a data breach—PIA offers you access to a cyber liability policy for your agency. Get a quick quote today. Logon to: www. pia.org/quote/cyber.php.]

The jewelry store could have faced financial ruin if it hadn’t purchased cyber security insurance beforehand. It managed to avert total disaster because it didn’t have to pay all those costs mentioned in this article on its own. Whatever the cost of insurance, backups and security measures, it will be far less than what it would cost if your agency is obliged to close its doors forever.

Behar is president/CEO of 2Secure, a cyber security assessment company. Reach him at (646) 560-5083 or cyber@2secure. biz. You can download his book Digital War–The One Cybersecurity Strategy You Need to Implement Now to Secure Your Business for free at http://www.2secure. biz/. The book also is available on Amazon in paperback or Kindle versions at a discount.

Suppliers and vendors also are hesitant to resume business relationships, knowing that the business has suffered a major security breach, and that they could be indirectly affected by it.

Managing risks with cyber liability policies

On Sept. 8, 2022, Suffolk County, New York, learned a professional hacking group known as BlackCat had gained unauthorized access to over 20 agencies with the county. Everybody from the police forces, to social services, to emergency dispatchers were forced to figure out a way to continue providing services to the county without their computers, data, email or internet.1

For almost a month, the county could not even perform a title search, which halted real estate transactions. Shortly after the hack, nonpublic information accessed by the attackers turned up on the Dark Web, including everything from sheriff’s records, to county contracts, to personal information on county residents.

Prior to the attack, Suffolk County had invested in cybersecurity and conducted simulations specifically to prepare for such an event. Yet, the

county’s systems lacked safeguards— such as multi-factor authentication that have rapidly become standard for security purposes—and it remained exposed to an attack.

Cyber liability insurance policies will never fully protect a business from a cyberattack or cover all the subsequent costs of maintaining business operations. Yet in a rapidly changing area, they offer comprehensive risk management by proactively forcing businesses to rethink their security systems on a regular

basis in ways that can reduce the potential damage of an attack drastically and allow for continued business operations. Thinking about a cyber liability policy as a more comprehensive tool to protect a business could show an organization how to prepare to keep operating and minimize the damage done by a security breach.

The application as a risk manager

In the last decade, multi-factor authentication has gone from a rarity to a standard business practice. Cyber liability applications and policies reflect this shift. Applications reflect cyber security measures that range from expected practices to newer measures designed to protect against current attacks. Questions also involve system designs and data storage to reflect how these structures and decisions may impact the severity of a cyberattack and the aftermath. Beyond a cyberattack, these also may help with business recovery after a natural disaster (think off-site backups).

Cyber liability policies and the accompanying applications are living documents, updated frequently to reflect the rapid changes in the risks. As a result, the questions asked about a cyber security program and system design give strong indicators regarding what measures businesses should consider adopting. In a review of cyber liability policies, the RAND Corp. found that the questions may vary, but fall into four general categories: 1. organization; 2. technical; 3. policies and procedures; and 4. legal compliance.

These categories reflect the factors of a comprehensive data security system. Simply installing a firewall and requiring a password does not protect a computer system. Increasingly, human behavior leaves businesses susceptible to security breaches through phishing emails. Plus, it provides ways for a hacker to access an organization’s entire data system. Simply limiting access to critical systems may not prevent an attack, but it can reduce the damage done by containing it.

Unlike regulatory requirements, cyber liability applications are regularly updated to reflect recent attacks and changes to the recommended best practices. Understanding the application questions and their purpose can help an insured complete the forms and emphasizes why certain policies may be required. While many measures included on an application may not be required by the cyber liability carrier for that policy, that also could change rapidly as well.

Understand the limits

In a study of over 100 CFOs and senior financial executives, FM Global found that 45% of those surveyed executives thought their cyber liability policy would cover most of the related losses from a cyber security event, while 26% of respondents expected all losses to be covered.2 Yet, with the high cost of cyberattacks, insurers write policies to reduce and contain their own exposure. The coverage should be evaluated based on what’s covered, what’s excluded, and the applicable sublimits to ensure proper understanding of the policy and potential exposure following a loss.

Generally, coverage for first-party covered losses breaks coverage into four categories: 1. data compromise response; 2. identity recovery; 3. computer attack;

and 4. cyber extortion.3 When it comes to third-party coverage, the sublimits get broken down into compromised data, network security, and electronic media. While the lack of standardization makes it important to review each policy’s specific coverage terms, the evaluation of policies by the RAND Corp., found that there was not substantive variation in policy coverages. The variations came from the policy exclusions, which could create problems for policyholders. Cyber liability policies may exclude criminal, fraudulent, or dishonest acts. Physical harm also may be excluded despite also being a potential data breach. As cyberattacks become more complex, the exclusions may reflect the changes as insurers attempt to reduce their own exposures to increasingly expensive breaches.

The costs of a cyberattack

Beyond the challenge of understanding cyber liability policies is the cost. Underwriting cyberliability proves far more challenging for carriers due to the rapidly changing nature of the losses and lack of historical data. The costs of data breaches have been increasing, especially with the rise of ransomware attacks. From 2020 to 2021, the average cost of a security breach has risen 10% with those costs almost certain to increase in 2022.4 IBM Security estimates each piece of personal identifiable information stolen in a cyber security breach costs $180 alone.5 While insurance could cover some of the expenses, other costs associated with a security breach would be excluded or not covered by the standard policy. Some of the costs, especially those associated with lost business and reputational damage, may be

difficult to quantify much less try to make up with an insurance policy. This leads back to the questions on the application offering pointers to reducing the potential costs along with the risks. Businesses with more developed security systems updated frequently to respond to contemporary threats face reduced costs following a cyber security breach. System design and offline system backups can further reduce costs by containing a potential breach and protecting records. The sublimits within a cyber liability policy further emphasize the need to think of the potential costs when reviewing a data security system to balance out the proactive steps to protect a business from a cyberbreach and finding an available cyber liability policy to cover some costs.

Conclusion

Reviewing the cyberattack on Suffolk County strongly suggests an interconnected system that made it impossible to contain the damage. The aftermath also shows how crippling such an attack can be on an organization with the county unable to accept any online payments over two months after it took the computers offline.

Cyber liability insurance cannot stop a business from being attacked. However, independent agents who understand the role of updated requirements in policies and the extent of the policy’s sublimits and exclusions can help their clients understand how to manage these risks in a way that allows for an attack to have a minimal impact on their operations.

Irvine is PIA Northeast’s government affairs counsel.

1 The New York Times , 2022 (nyti.ms/3hxunQ5)

2 FM Global, 2019 (bit.ly/3HCbGWj)

3 Sasha Romanosky, Lillian Ablon, Andreas Kuehn, Therese Jones. “Content analysis of cyber insurance policies: how do carriers price cyber risk?” Journal of Cybersecurity. Volume 5, Issue 1. February 2019

4 IBM Security, 2021 (ibm.co/3WgjHUP)

5 Ibid.

Brooks Insurance Agency is proud to support Professional Insurance Agents (PIA)

Since its founding in 1991, Brooks Insurance Agency has successfully serviced the standard markets and brokered distressed and complex lines of business. We are here to help agents find the coverage their clients need.

We represent 80+ quality carriers, including several new and exciting markets, across the country. Plus, a broad array of products and services in admitted and non-admitted markets.

MARKET STRENGTHS AND EXPERTISE

• Broad market reach

• High-touch broker specialists

• Easy, online quoting process

• Collective approach to complex insurance needs

Visit our website at www.brooks-ins.com.

Brooks Group Insurance Agency, LLC NJ License 1575143

The solution: Is it them, or is it me?

In this rapidly changing economy, everyone is looking for a simple fix to deal with the uncertainty of our economic environment. It seems like few are happy with their situations. And, all but a few point their fingers at the changing economy and vibrant competitive environment as the source of their dismay.

The comments I overheard at one of my recent sales seminars were representative. One salesperson complained that his customers were shrinking and going out of business. Several complained about customers’ pressure to lower prices. Still others complained about desperate competitors’ feverish attempts to generate cash flow by discounting dramatically. And, of course, everyone is concerned about the lingering impact of the COVID-19 lockdown.

There must be a genetic inclination in humans to look outside ourselves and blame those things that are outside of our control for our situations. We lament the conditions outside of ourselves and cast ourselves as victims. If only someone else would fix it. Maybe the government will make everything good again.

Unfortunately, if our gaze is directed at them—those conditions in the market that have changed and are outside of our ability to control—we will never free ourselves from the constraints on our income and prosperity. We can’t do anything about them. The real secret to improving our conditions is to work on us.

As Author James Allen said: “Men are often interested in improving their circumstance, but are unwilling to improve themselves, they therefore remain bound.” What was true a hundred years ago is still true today. Salespeople, sales managers, and sales executives need to look inward—at themselves and their sales teams—for the solution to their problems.

Salespeople

It may have been OK a few years ago for salespeople to have their own style of selling, to never invest in their own improvement, and to make their living off their existing relationships. Today, all of these are obsolete ideas that must be changed. It’s time to look inward and work on yourself.

To effectively deal with the changing economy, salespeople must become more strategic and thoughtful about the investment of their sales time, and they must bring value both to the customer and to their employers in every sales call. They must view their jobs as professions, not just jobs, and become

serious about improving themselves. In many cases, salespeople will have to gain new skills in working from a home office and running sales calls via phone and video technology.

In a world where it is obvious that good salespeople sell more than mediocre salespeople, they must decide to become better salespeople. That means investing in their own improvement and striving to achieve higher levels of competency and thus, better results.

Those salespeople who survive and thrive in this climate will be those who understand the path to their prosperity lies not in the outside world, but in themselves.

Sales managers

Likewise, sales managers must stop coddling those salespeople who aren’t interested in—or committed to—continuous improvement and greater levels of productivity. They must be sensitive to those salespeople who will refuse to strive to add new skills, and they’ll need to hold them accountable for practical expectations of growth and development. They need to put in place practices and disciplines that call for quantifiable expectations on the part of their sales team, regular measurements, and greater thoughtfulness and strategic planning.

SALES

Email> Keep these addresses handy to reach PIA  electronically

General pia@pia.org

Conference conferences@pia.org

Design + Print design.print@pia.org

Education education@pia.org

Government & Industry Affairs govaffairs@pia.org

Industry Resource Center resourcecenter@pia.org

Member Services memberservices@pia.org

Publications publications@pia.org

Young Insurance Professionals yip@pia.org

They must demand continuous improvement and thoughtful efforts to increase market share.

Sales managers must look inward, understanding that their chances of success are dependent on them, not the market—understanding they can do it better, and doing it better brings better results.

They must examine their sales forces and use this window of opportunity to weed out those salespeople who have no interest in development, who don’t have the capability to succeed as a professional salesperson, and who aren’t committed to their own personal success. Now is the time to review the bottom third of their sales forces and aggressively seek to upgrade.

Sales executives

Chief executive officers and chief sales officers need to recognize that the current state of the economy, and the resulting impact on the attitudes and perspectives of employees, has delivered a once in a lifetime opportunity to make significant changes in the structure of the sales force.

Recall just a little over a year ago. Making wholesale changes in sales territories, account responsibilities, the role of the inside and outside salesperson, sales management practices, compensation plans, and expectations for continuous improvement, would have been met with resistance from most of the sales force. Today, most salespeople are willingly to cooperate, and they are acutely aware that they can be replaced if they don’t follow your lead. Those CEOs and CSOs who look inward and use this window of opportunity to streamline and rationalize their sales systems will increase their productivity and lay the groundwork for disproportional growth when the economy shifts

The world is full of victims who lament their condition and blame their fate on sources outside of their control. Leaders accept their responsibility to look inward and improve themselves.

Kahle is one of the world’s leading sales authorities. He’s written 12 books, presented in 47 states and 11 countries, and he has helped enrich tens of thousands of salespeople and transform hundreds of sales organizations. Sign up for his free weekly Ezine (www.thesalesresourcecenter.com/dkezinesubscribe). His book, How to Sell Anything to Anyone Anytime , has been recognized by three international entities as “one of the five best English language business books.” Check out his The Good Book on Business

THINK UFG for simple insurance solutions

Simple solutions for complex times® is more than just our tagline at UFG Insurance.

We’ve made it our mission to create simple solutions for doing business with us, which begins with providing trusted insurance protection and service that exceeds expectations.

For a carrier committed to making insurance simple, think UFG. After all, insurance can be complicated and we all deserve simple solutions in these complex times.

ufginsurance.com/services

Simple solutions for complex times INSURANCE

WHAT MATTERS

Insurance agents know cybersecurity is important. After all, the average cost of a critical infrastructure breach is up to $4.35 million1—a number that climbs every year. Much of this cost is attributed to lost business—a loss of money in fixing the problem itself, but also the real possibility of a loss of future revenue, too. You can’t afford to be caught off guard.

Cyber concerns for insurance agents are twofold. You’ll need to safeguard your own data and systems to protect your agency from data theft, hacks, loss of reputation, and liability. You also serve as an important resource to your clients, and you can provide them with valuable information about how to mitigate their risk.

As a trusted partner for your clients, you should be able to provide basic suggestions about the most salient points of cyber security protection. As many of your clients may be on a limited budget or have only a basic understanding of the importance of cybersecurity, you should have some basic metrics in mind when broaching the topic and be able to rank the IT protocols that are most important to them.

What should you recommend your clients focus on? Some basics of cyber security protections include multi-factor authentication, vulnerability scanning, penetration testing and user security awareness training.

Multi-factor authentication for all

Multi-factor authentication is a must in today’s world. It adds an extra layer of security by requiring, as it implies, more than one method of authentication. This can include many combinations of the following: something you know (e.g., a password or code), something you have (e.g., like a keycard), or something unchangeable about you (e.g., a fingerprint or other biometric scan).

As you’re likely aware, passwords should be changed regularly. Experts suggest you should alter them at least quarterly to best protect your sensitive information.2 Passphrases are also a strong way to better protect your credentials. Your dog’s name and your favorite sports team are pretty easy for hackers to learn via social engineering, but they’ll be hard pressed to guess your password when it’s a running phrase like, “Iliketacotuesdaysandthrowbackthursdays.”

Whichever approach an organization decides to take, be sure that all members of the team are doing the same thing. Your system is only as safe as its weakest link. Properly educating your staff on the preventative measures you require is a critical part of cybersecurity best practices.

You also should recommend to your clients that they change their passwords regularly and/or use passphrases. This is true both for their accounts that have nothing to do with you (e.g., their LinkedIn or email profiles) and the login to their payment portal or insurance document account through your agency.

Keeping yourself aware of cybersecurity best practices helps you and benefits your clientele. You can be a strong advocate to protect your customers—both as someone in the know and as a party with a vested interest. After all, if they don’t change the password for their login on your portal, a breach of their system could lead to a breach of yours.

Keycards may be less relevant for many insurance agents and their clients, but be sure your staff knows not to share swipe cards or other methods of entering the building with others. This will both keep you safe and lower your liability in the event of an incident. By knowing who is coming and going and when, you can better secure both your staff members’ well-being and the data your systems contain.

Biometric passwords are likely the way of the future, with companies like Apple,3 and possibly Google and Microsoft, planning to switch to passkeys that rely on face or fingerprint recognition as the gateway to logging in. At the present time, this prevents most phishing and hacking scams from being effective. However, you should stay up to date on trends, as attacks will become more sophisticated over time. Still, if you have the option to select biometric passwords, they are a good alternative to traditional ones—both for internal systems and for client-facing portals. Multi-factor authentication most commonly involves a password and a code sent in real-time to an email or phone number. It also may involve a biometric login plus a code or a password. This dual level of protection always is better than just one. The stronger each element is within the MFA, the better.

Testing insurance agents, clients

Penetration testing also is an important part of IT for insurance agents and their clients. This assessment simulates a hacker attack to test the security of a system. By doing this, you can find weaknesses in your system and then take steps to fix them before a real attack happens. Agents should have their managed services provider or IT team conduct periodic penetration testing to verify the security of their systems. This is a critical step toward protecting the sensitive client data that you may have in your electronic files.

Not familiar with MSPs? In essence, they provide IT support and preventative services to businesses. They can help with a variety of tasks, including providing access to the latest secu-

rity patches and software updates, monitoring systems for signs of intrusion and malware activity, and providing guidance on best practices for cybersecurity. Working with an MSP can help insurance agents to stay protected from cyber security threats. Your MSP can handle penetration testing on your behalf.

You also can express to your clients the importance of conducting a penetration test on their own systems. Particularly, if you are sharing data back and forth electronically with your clients. This is important for two reasons: 1. it protects them, and 2. a more robust security effort on their part ultimately safeguards your system against a hacker, too. If they are infiltrated and they have shared portals to your system, you are more likely to suffer a breach.

Why agents are vulnerable?

There are a few reasons why insurance agents may be more vulnerable to cyber security threats compared to other professionals. First, insurance agents often deal with sensitive client information. This includes things like Social Security numbers, credit card information, and medical records. If this information falls into the wrong hands, it could be used for identity theft or fraud. Agents may be targeted specifically by hackers because of the type of information to which they have access.

Another reason why insurance agents may be more vulnerable to cyber security threats is because they often work with clients remotely. This means that they may not have the same level of security as someone who works in an office. If working from home, some agents may lack access to the same type of firewalls

and antivirus software that could be in place in a brick-and-mortar office, which can leave them open to attacks.

Finally, agents may be targeted by hackers to disrupt the operation of their parent insurance company and demand large ransoms. A breach in your system could open the door to hackers accessing data or systems of the insurance companies with which you do business.

Protect yourself and your clients

There are a few additional steps that insurance agents can take to protect themselves from cyber security threats. You also can recommend these steps to your clients.

Make sure that your systems are up to date with the latest security patches. You also should install and use antivirus and antimalware software. If you aren’t sure how to approach this task, consult your IT department or your managed service provider.

Insurance agents also should be careful about the type of information they share online. You should avoid sharing sensitive client information or company information on social media or in emails. If you do need to share this type of information, encrypt it before sending it.

Proper storage and transmission of information is imperative. If clients need to send sensitive information to insurance agents, they should encrypt it before sending it. This can help to protect the information from being intercepted by hackers. Customers also can use a secure file sharing service to send files to insurance agents. Typically, this type of service will encrypt the files before they are sent.

Insurance agents should store customer information in a secure database. They also should encrypt this information to help protect it from being accessed by unauthorized individuals. Insurance agents should have a process in place for regularly backing up this information. This will help to ensure that it can be recovered if it is lost or corrupted.

Finally, insurance agents should consider investing in cyber insurance. This type of insurance can help to cover the costs of damages that occur because of a cyberattack. It can help to cover the costs of recovery if sensitive client information is stolen. You might recommend cyber security insurance to your clients, and, in some cases, you may be able to sell it to them as part of their insurance portfolio with you.

Cyber security insurance is a growing industry as the pace of breaches increases rapidly and the cost of those attacks continues to snowball. In fact, by 2025 the global cyber insurance market is expected to be $20 billion. Insurance clients opting for this coverage4 rose from 26% in 2016 to 47% in 2020. This could be due in part to the fact that the costs of cyberattacks nearly doubled between 2016 and 2019 in the United States.

To have cyber insurance coverage, note that you will have to abide by certain rules. Insurance companies expect their customers to have safeguards in place like strong firewalls and encryption protocols, multi-factor authentication, software update schedules, regular assessment and repair of vulnerabilities,

best-practice handling and storage of sensitive data, and secure financial transactions.

This is another reason to encourage your clients to follow cyber best practices: They likely won’t be eligible for cyber insurance coverage if they do not. Though today cyber security insurance is just a suggestion, in the future, it could become a standard part of a business insurance policy.  Protecting your digital assets and your reputation, plus reducing your liability, are enough reason to tighten up your cyber security strategy. However, getting ahead of the curve for when cyber security insurance becomes a necessary standard is a strong reason, too.

Cybersecurity is an important issue for insurance agents and their clients. By taking steps to protect themselves from cyber security threats, they can help to keep their clients’ information safe as well.

Phillips is a skilled cyber security manager with years of experience helping organizations simplify the complexities of cybersecurity. He is passionate about developing actionable strategies that demystify the inherent intricacies of technology for organizations located across the country. He is a channel manager with Cyberstone Security—a niche cyber security consulting firm that helps organizations develop and enhance their information security programs, reduce risk, and achieve compliance with state and federal information security regulations, through services such as vulnerability assessments and penetration testing.

1 Upguard, 2022 (bit.ly/3j0LVoc)

2 McAfee, 2022 (bit.ly/3Fntwtg)

3 CNET, 2022 (cnet.co/3BBLvv0)

4 GAO, 2022 (bit.ly/3j3I2Pt)

Cyber security challenges and remote workers

Trends and best practices

According to our research, collaboration platforms used in the insurance industry have increased the likelihood of hackers targeting their users. Consequently, these organizations should focus on protecting their remote workforces from cyberattacks. This can be accomplished in several ways, including training remote employees and implementing cyber security policies.

A recent survey indicates that one-fourth of employees are concerned about cybersecurity when working from home. Many people receive spam and fraudulent emails because of phishing and scams. It is unfortunate that many of them do not take adequate precautions against these threats.

It is common for the insurance industry to utilize cloudbased software programs—including NowCerts, Jenesis, and Applied Epic Software—to exchange insurance information and data, administer insurance policies and benefits, track licenses and documents, manage commissions, manage tasks, manage claims, generate reports, and provide self-service certificates. When managed by experienced IT professionals in the workplace, the information usually is safe. However, it is when home-based workers access sensitive data, without the proper security

protocols in place, that there can be problems. This type of exposed information poses a formidable threat to the insurance industry as well as to the insured. Insurance agencies may be vulnerable to ransomware attacks if they have the slightest vulnerability, which usually results from a home-based login.

Although ransomware’s future cannot be predicted, there are several trends that will shape the threat landscape in the years to come. Soon, ransomware attacks are likely to increase dramatically. By utilizing this model, small-time cybercriminals can carry out ransomware attacks that can climb to large-scale operations.

Over the past three years, ransomware attack demands have increased by more than 100%. Part of the reason for this is the increasing success of ransomware attacks, as well as the fact that more companies are paying up to recover their data. For instance, health care organizations have experienced some of the highest demands since a disruption could result in the loss of lives. Both Telecom Argentina and Light SA reportedly have experienced ransoms of more than $14 million—and these demands are expected to continue to rise.

A cyberattack on Shoprite Group, a South African supermarket chain, also has occurred recently. The RansomHouse ransomware gang published screenshots of the stolen information on its Telegram channel and boasted of its attack on the company. The attack also affected other companies, including the American Dental Association and Deutsche Windtechnik.

Why this is such a big problem

There are several factors that contribute to these high-level attacks that may originate with employees who are working remotely.

Software programs used by workers operating from home may not be protected by firewalls. Home computers are increasingly being attacked by cybercriminals. Most home computers do not have a firewall, which makes them vulnerable to hackers. Hackers who discover such vulnerabilities wait for an opportunity to exploit them.

It is possible to pose a serious security risk with a poorly implemented remote access solution. It is inevitable that faulty configurations will arise from the deployment of remote infrastructure under time pressure. Cyberattacks and infringements are likely to increase dramatically as a result. Additionally, remote employees may not be as vigilant at protecting sensitive data as they may be when they are in the office (e.g., they may leave their computers unlocked or paper documents laying on their desks). Thus, unsecured devices usually are attacked within a short period of time.

There are many businesses that use remote-working methods to increase their efficiency, but the problems do not end there. It is common for employees to lack the necessary tools to protect their data—making them more susceptible to cyberattacks. Additionally, there is a risk that malware will be transmitted through email.

Hundreds of studies and millions of data points have been analyzed by the Alliance for Connected Work. Commuting costs are higher than those associated with working in a traditional office—despite employees’ willingness to accept pay cuts and reduced benefits when working from home. Despite the costs associated with virtual-work options, employers who offer this option report a higher quality candidate pool. Remote workers are being targeted by cybercriminals, resulting in a 238% increase in cyberattacks.

Risks associated with ransomware attacks in cloud computing. Cloud computing is at risk of ransomware attacks. In addition to encrypting files, these malicious programs can encrypt entire servers owned by cloud-service providers. All cloud users will be affected by this change. Fortunately, ransomware attacks can be mitigated. Installing next-generation antivirus that automatically updates your operating system is one option. It is possible to implement web filtering to block infected websites. IT professionals also can provide technical assistance. Implementation of a disaster recovery plan is another method of protecting your cloud data from ransomware attacks.

Using least-privilege access to your cloud resources is one of the most effective ways to minimize the risk of ransomware attacks. It will prevent fraudsters from gaining access to your system, and it will minimize the impact of shockwaves when they do gain access. The idea of replicating buckets is a smart idea,

since it creates a backup in the event that your original data is corrupted or stolen. However, it is worth noting that replicating buckets may be expensive and may increase the attack surface. To prevent your data from being compromised, it is essential to balance these considerations with best practices.

To prevent ransomware from damaging your data, it is essential to take steps to isolate systems as soon as they appear on your network. The most effective way to protect your data is to ensure it is secure on your endpoints and to sync it to the cloud. There are several cloud back-up solutions suitable for this purpose. Do your research to determine the best system for your agency’s needs.

Best practices

As you establish and fine turn your agency’s remote work policy and procedures, there are some best practices that you should keep in mind: You can protect your software, hardware, and data systems by hiring a cyber security firm. Even though these risks exist, most organizations have implemented cyber security measures for their homebased employees. Trends indicate that a good number of employees feel more productive at home. However, some employees feel that they have had decreased productivity since they started remote work. There are many advantages associated with working from home, but there also are some challenges, such as limited IT tools, privacy concerns, and interruptions to family life.

To avoid regulatory fines, risk management of systems, internal controls, expert analysis, and implementation are necessary. Managing cyber security risk is

an important responsibility for virtually every insurance agency. As the world becomes increasingly digital, cyber security issues are driving increased regulatory and legal pressure on companies.

Likely changes in the future

With the growing importance of cyber risk management, the Securities and Exchange Commission has issued several recent proposals. These proposals focus on improving the disclosures of public companies about cybersecurity. They are designed to make information about cyber risk more consistent and to address some of the significant issues that public companies have had to deal with. The SEC is proposing new rules that would require public companies to disclose cyber security incidents in a more timely fashion. These rules also would require public companies to disclose details about their cyber security strategy and risk management policies.

This proposal follows several SEC enforcement actions against public companies. The proposed rules would require public companies to disclose cyber security incidents in four business days. The SEC seeks to standardize cyber security disclosures, and believes that investors could benefit from this type of consistent disclosure.

It also is proposed that public companies disclose their board members’ cyber security experience. These requirements may encourage public companies to seek out directors with greater cyber security knowledge. However, some corporate governance professionals have suggested

that highlighting board members’ cyber security expertise could increase the risk of shareholder litigation.

Evans is the founder of USPA Nationwide Security, a protective firm operating on six continents providing close protection, fire watch and cybersecurity. After retiring in 2021, He began collaborating with USPA’s research and development team, developing its cybersecurity section (bit.ly/3uLo3Ym) as well as its autonomous drones and artificial intelligence training division.

The PIA Retirement Plan gives clients lower prices, extensive services, and less responsibility. With PIA Retirement Plan and TAG Resources you can stay on top of your business, knowing that the day-to-day responsibilities of your 401(k) plan are being looked after.

Social engineering risk mitigation for cyber loss

You may be familiar with the concepts of social engineering and creating a human firewall in the context of information security. For those who don’t know, social engineering is defined as the use of deception to manipulate individuals into performing actions or divulging confidential or personal information that may be used for fraudulent purposes. A human firewall refers to the awareness level that all users must have to ensure that they provide an effective layer of security.

Employee behavior can have a big impact on information security for organizations. If those with legitimate access to your network can be manipulated into revealing their passwords or allowing unauthorized people to use their computers, all your information security tools may be worthless. What follows are some pre-loss, risk management ideas to help prevent unauthorized intrusions into your agency systems.

Reduce the likelihood of social engineering fraud

Many social engineers do not even possess a high level of technical skill. It is their people skills—their charm, trickery or intimidation— that get them where they are not supposed to be by convincing legitimate employees to disclose information that compromises the security of data, computer systems and

networks. To prevent this, remember that the human firewall’s best weapon is common sense. How you can help:

• Provide security awareness training to ensure all staff members are aware of potential threats and can recognize social engineering attempts.

• Use strong passwords or passphrases and implement multi-factor authentication wherever possible.

• Dispose of nonpublic information properly by shredding it and do not leave nonpublic information unattended.

• Develop an incident response plan and test it periodically to ensure everyone knows how to respond to incidents and report them immediately to minimize any potential damage.

• Ensure you have a comprehensive set of information security policies and methods to ensure that everyone is following them consistently.

Key elements in security policies to mitigate social engineering risks include the following:

• Possess strong password policies (e.g., no generic accounts, all activity must be able to be traced to an individual, no sharing of accounts, penalties for violations, etc.).

• Data classification should clearly outline the information that is considered nonpublic (i.e., personally identifiable information, private information, protected health information, etc.).

• Build in device and software controls to regulate what users can and cannot do or install on their equipment and restrictions that they are used for work purposes only. Do not mix business with pleasure.

• Install antimalware to ensure that a comprehensive solution is implemented to detect and block any malicious activity.

• Implement access controls for periodic (at least bi-annually) review of access to all systems. Keep evidence of the review and approval of the current access list by a senior manager.

• Monitor the actions of employees to validate that tasks performed are for work purposes and to detect abnormal activity.

• Employ data loss prevention tools to detect exfiltration of nonpublic information from your systems.

• Focus on physical security to ensure only authorized personnel have access to areas containing nonpublic information.

• Require that computers be locked by users when they are left unattended. Do not rely on systematic locking mechanisms.

• Execute a risk assessment at least annually to evaluate the effectiveness of security controls and to understand any gaps.

• Perform a cybersecurity-focused risk assessment for all third-party service providers at least annually to ensure they also have implemented effective information security procedures.

To prevent a possible social engineering incident, employees should think about or ask themselves to stop and think:

• Did you request this information?

• Are you expecting this request?

• Do you know the person requesting this information or asking you to act?

• Are you the right person to provide this information?

• Is there a specific business reason you would be asked for this information?

• Are you being asked for personal information?

• Does the request seem overly urgent or rely on your goodwill and genuine desire to be helpful to others?

There are instances when it is better to not be curious. Don’t open an attachment because it looks enticing or promises a benefit to you. Just delete it. Likewise:

• Never divulge personal information via phone or unsecured websites.

• Never click on links, download files, or open attachments from unknown senders.

• Be particularly aware of phone vishing as this tactic is becoming more popular.

• Beware of pop-ups and never enter personal information in one.

Remember, if it sounds too good to be true, it probably is. Nothing is free in the cyberworld. If you sign up for a free coupon, free newsletter, social-media site, realize that all your information is being used and sold in the cyberworld.

Your most important asset is your people. That also is true when it comes to cybersecurity in your agency. Educate them. Train them. Remind them to use their common sense. If it sounds phishy—it probably is.

Social engineering terms to know

Phishing: An email, instant message, comment, or text message that appears to come from a legitimate company, bank, school, or other institution, typically sent to several users.

Spear phishing: A phishing attempt that is targeted to a specific user or group. Vishing or voice phishing: The use of a phone (cell or landline) to attempt to gather personal or financial information from the target.

Smishing: A text message to a cell phone to get the user to click on a link or reply by texting a random phone number or truncated number (e.g., 44567).

Pretexting: An attacker pretends to legitimately need personal or financial data to confirm the identity of the recipient.

Baiting: A pop-up or download request meant to get your attention to trick you into clicking on it. Some examples may be a free popular movie, song, item to purchase, free item, or monetary incentive. The victim is prompted to log in, which typically grants remote access to the hacker or opens access to your computer that the hacker will use later.

Scareware: Tricking the victim into thinking the computer is infected with malware or that he or she has inadvertently downloaded illegal or malicious content. The attacker offers to help the victim fix the computer when the victim grants access to it.

Rogue: Malware that poses as security software to trick the victim into paying for the fake removal of malware.

Water holing: When an attacker attempts to compromise a specific group of people by infecting websites the group is known to visit to gain network access.

Diversion theft: When attackers try to trick a delivery company into going to the wrong location and try to intercept the delivery.

Tailgating: When someone attempts to slip into a building behind a user, who has a valid area-entry badge.

Quid pro quo: When an attacker pretends to provide something in exchange for the target information or assistance. A hacker may call a selection of random numbers within an organization and pretend to be calling back from a legitimate tech support group.

Honey trap: When an attacker pretends to be a desirable person to interact with online or a person trying to establish a fake online relationship intended to gather sensitive information through that relationship.

Utica National Insurance Group and Utica National are trade names for Utica Mutual Insurance Company, its affiliates and subsidiaries. Home Office: New Hartford, NY 13413. This information is provided solely as an insurance risk management tool. Utica Mutual Insurance Company and the other member insurance companies of the Utica National Insurance Group (“Utica National”) are not providing legal advice, or any other professional services. Utica National shall have no liability to any person or entity with respect to any loss or damages alleged to have been caused, directly or indirectly, by the use of the information provided. You are encouraged to consult an attorney or other professional for advice on these issues. © 2023 Utica Mutual Insurance Company

Have a question? Ask PIA at resourcecenter@pia.org

Contingent liability, bike accidents

and more

Contingent liability for uninsured contractors injured on the job

Q. What would happen if a subcontractor’s employee is injured on the job and it is discovered that the subcontractor’s policy is not in force? The general contractor’s policy would pay the subcontractor’s employee the workers’ compensation benefits. Can the employee of the subcontractor sue the general contractor for negligence and collect, or is he or she barred by statute because the general contractor now becomes the employer?

A. The New Jersey Workers’ Compensation Act (specifically, Section 34:15-40–Liability of a third party) does not give anyone but the employer immunity from civil suit. It appears that unless the statutes specifically afford immunity (as in Connecticut), the general contractor should not expect to be immune. In fact, in Boehm v. Witte [95 N.J. Super. 359 (1967)], the Superior Court decided that the Workers’ Compensation Law does not bar “an injured employee of an uninsured subcontractor who has received a compensation award from the general contractor pursuant to R.S. 34:15-79 from making a third-party claim against such general contractor.”

Nevertheless, the general contractor does have a right of action against the subcontractor employer for recovery of the workers’ compensation benefits paid.—Dan Corbin, CPCU, CIC, LUTC

‘Response to emergency’ surcharge exemption rule

Q. What’s the rule exempting accidents involving emergency workers from surcharges?

A. If an accident occurs under the following circumstances, it is not considered an “at-fault” occurrence: the accident occurred as a result of operation of any motor vehicle in response to an emergency if the operator at the time of the accident was responding to the call to duty as a paid or volunteer member of any police or fire department, first-aid squad or any law-enforcement agency [N.J.A.C. 11:3-34.3].—Bradford J. Lachut, Esq.

Coverage for bike accidents

Q. My insured’s car was hit and damaged by a bicyclist. To which policy— household auto or homeowners—should my insured look to recover for

the damage caused by the bicyclist’s negligence?

A. The bicyclist’s homeowners policy. The personal auto policy insures autos and trailers for property damage liability, but excludes vehicles having less than four wheels (e.g., a motorcycle or bicycle).

The homeowners policy only excludes the operation of “motorized” vehicles, so coverage will apply to the use of a bicycle.—Dan Corbin, CPCU, CIC, LUTC

Loss of use after power outage

Q. If a homeowner loses power for a period of time—say two weeks—can he or she claim additional living expenses even though no property on the premises was damaged by the windstorm?

A. Unfortunately, there is no coverage under the ISO Homeowners Policy for additional living expenses unless the windstorm damage has occurred on the property.

To trigger coverage for loss of power, the damage to utilities or equipment delivering that power would need to occur on the “residence premises.” Dan Corbin, CPCU, CIC, LUTC

PIANJ 2022-2023 Board of Directors

OFFICERS

President

Thomas Wilkens McGowan Risk Specialists

234 Industrial Way W., Bldg. B, Ste 201 Eatontown, NJ 07724-4244 (732) 450-9730 twilkens@mcgowanrisk.com

President-elect

Connie Mahoney

Mark Anthony Associates 615 Sherwood Parkway PO Box 1068 Mountainside, NJ 07092-0068 (908) 654-9500 cmahoney@maainsurance.com

Vice President

Andrew Harris Jr., CIC, AAI Liberty Insurance Associates Inc. 525 State Route 33 Millstone Township, NJ 08535-8103 (732) 792-7000 andrewharris@lianet.com

Vice President

Roger C. Butler, CIC Barclay Group

202 Broad St. Riverton, NJ 08077-1303 (856) 829-1594 rbutler@barclayinsurance.com

Treasurer

Beth Frederickson, CPIA Voluntary Risk Managers dba bethellenfrederickson LLC

19 Davenport Road Montville, NJ 07045-9184 (973) 652-8272 beth_frederickson@us.aflac.com

Secretary

Aaron Levine, CIC LG Insurance Agency PO Box 3202 Long Branch, NJ 07740-3202 (877) 288-7169 aaron@lginsuranceinc.com

Immediate Past President

Michael DeStasio Jr., TRIP AssuredPartners of NJ 20 Commerce Dr., Ste. 303 Cranford, NJ 07016-5868 (732) 574-8000 mike.destasio@assuredpartners.com

PIA NATIONAL DIRECTOR

Paul Monacelli, CIC, CPIA Veterans Insurance Agency Inc.

18 Knights Bridge Dr. Randolph, NJ 07869-4633

(973) 805-3555 paul@adpmanagementsvc.com

DIRECTORS

Lydia Bashwiner, Esq., CWCP, NJWCP Otterstedt Insurance Agency Inc. 540 Sylvan Ave. Englewood Cliffs, NJ 07632-3022 (201) 227-1800 lbashwiner@otterstedt.com

Michael Beckerman, CPCU Beckerman & Company 430 Lake Ave. Colonia, NJ 07067-1131 (732) 499-9200 mbeckerman@beckermanco.com

Yossi Bolanos Yossi United Insurance Agency LLC 1010 Clifton Ave., Ste. 208 Clifton, NJ 07013-3528 (973) 773-9200 ybolanos@yossiunitedinsurance.com

Alyssa Delaney Agency Network Exchange LLC 3759 US Highway 1, Ste. 200 Monmouth Junction, NJ 08852-2430 (732) 960-2035 adelaney@ane-agents.com

Maria N. Escalona, CPIA Jimcor Agencies Inc. 60 Craig Road Montvale, NJ 07645-1709 (201) 573-8200 mescalona@jimcor.com

Lisa Hamm, CIC Clyde Paul Agency 803 Springfield Ave., Ste. 2 Summit, NJ 07901-5110 (201) 991-7598

lhamm@clydepaul.com

William J. McMahon III, CIC, CWCA

McMahon Agency Inc. PO Box 239 Ocean City, NJ 08226-0239 (609) 399-0060 billm@mcmahonagency.com

Christopher J. Powell Hardenbergh Insurance Group 8000 Sagemore Dr., Ste. 8101 PO Box 8000 Marlton, NJ 08053-8099 (856) 890-7106 cpowell@hig.net

Dan Tague N2G Worldwide 111 Town Square Place Jersey City, NJ 07310-1755 (732) 556-7649 daniel.tague@N2G.com

Logan True, CRIS The True Agency LLC 4 Valley View Dr. Mendham, NJ 07945-3109 (908) 295-3277 logan@trueagencyllc.com

Casey Yarger, CIC, CRM Robert Petri & Daughter 258 Ryders Lane PO Box 820 Milltown, NJ 08850-0820 (732) 545-4540 cyarger@petriinsurance.com

ACTIVE

PAST PRESIDENTS

Anthony F. Bavaro, CIC, CRM Liberty Insurance Assocs. Inc. 525 State Route 33 Millstone Township, NJ 08535-8103 (732) 792-7000 abavaro@lianet.com

Louis Beckerman, CIC, CPCU Beckerman & Company 430 Lake Ave. Colonia, NJ 07067-1131 (732) 499-9200 lbeckerman@beckermanco.com

Bruce Blum, CPIA, TRA Blum & Walsh Group Inc. c/o TE Freuler Agency Inc. 270 Davidson Ave., Ste. 101 Somerset, NJ 08873-4158 (732) 246-1330 bblum@tefreuler.com

Rip Bush, CPIA Keer & Heyer Inc. 1001 Richmond Ave. Point Pleasant Beach, NJ 08742-3047 (732) 892-7700 rip@keerandheyer.com

Charles J. Caruso, CIC, CPIA Herbert L. Jamison & Co. LLC 20 Commerce Drive Cranford, NJ 07016-3612 (973) 669-2311 ccaruso@jamisongroup.com

Donna M. Cunningham, CPIA ADP Partners Insurance Agency Inc. 4 Sutton Place Florham Park, NJ 07932-2143 (973) 845-8700 donna@adppartnersinsurance.com

Andrew C. Harris, CIC, CPCU, ARM, CRM, AIS Liberty Insurance Assocs. Inc. 525 State Route 33 Millstone Township, NJ 08535-8103 (732) 792-7000 aharris@lianet.com

Donald F. LaPenna Jr. AssuredPartners of NJ 20 Commerce Dr., Bsmt. 2 Cranford, NJ 07016-5868 (732) 574-8000 donald.lapenna@assuredpartners.com

John A. Latimer, Esq. Barclay Group 202 Broad St. Riverton, NJ 08077-1303 (856) 829-1594 jalatimer@barclayinsurance.com

Steven C. Radespiel Insurance Center of No. Jersey 33 Crestwood Pl. PO Box 399 Hillsdale, NJ 07642-0399 (201) 525-1100 sradespiel@icnj.com

Keith A. Savino, CPIA Broadfield Group 68 Main St. Warwick, NY 10990-1329 (201) 512-4242 keiths@broadfieldinsurance.com

Stephen P. Tague, CPIA SFN Services Inc. T/A American Insurance Services Agency 22 Robert St. Rockaway, NJ 07866-2725 (973) 479-9493 bairdkiltsteve@optonline.net

William R. Vowteras Fraser Brothers Group LLC 811 Amboy Ave. PO Box 2128 Edison, NJ 08818-2128 (732) 738-7400 bill@fraserbrothers.com