Now that businesses are settled into the new year, it’s a good time to consider some of the top insurance and risk management challenges that contractors and other construction organizations should expect in 2019.

Auto Premiums Continue Upward Trajectory

Chances are good that businesses already have felt the impact of rising auto insurance premiums. Insurance carriers have been facing an increase in both frequency and severity of auto losses during the past several years, making commercial auto one of the worst performing property casualty insurance lines. As a result, underwriters have continued to increase rates and premiums to offset tighter margins, as well as reevaluate and often restrict their underwriting appetites.

According to Moody’s, commercial auto rates increased approximately 9.5 percent in 2018, on top of an approximately 7 percent increase in 2017. With an anticipated increase of another 4 to 5 percent in auto losses across the balance of 2019, carriers continue to tighten underwriting guidelines and requirements and are taking a much harder look at individual construction risks.

Fewer carriers are willing to write auto policies on a monoline basis, and accounts with a distressed loss history are having to seek options in the surplus lines market. Enhancing and strengthening fleet safety programs is critical to managing auto insurance premiums.

Excess Liability Pricing Rises While Capacity Shrinks

Excess liability carriers also are experiencing greater claims frequency, rising claims costs and higher loss ratios. While this has driven rate and premium increases, it has not been at the same level as rising auto insurance premiums. To limit their exposure and offset their losses, excess liability carriers in some states are starting to require that the primary auto liability policy carry a liability limit of $2 million, up from the traditional standard primary limit of $1 million.

Capacity presents another challenge. Many of the carriers that insure general contractors and subcontractors for excess liability are the same carriers that insure the wrap-up policies on large projects. It is not uncommon that a carrier providing a $50 million OCIP/CCIP policy also could be carrying a $25 million excess policy for the contractor’s offsite exposure. As a result, carriers are beginning to reduce the coverage limits they are willing to offer.

A contractor that traditionally may have placed a $10 million limit with one carrier may now find itself having to layer its program with multiple carriers to secure the same $10 million limit—adding complexity and difficulty to program structure, placement and management.

Cybersecurity: Not If, But When

Any business with an internet connection is a potential victim of a cyber attack, and construction contractors are no exception.

In fact, the construction industry has unique vulnerabilities that wouldn’t typically exist in other industries.

The construction sector possesses large amounts of confidential information that would be desirable to a hacker. Construction companies work with a lot of proprietary information related to bids, employees, project designs, materials pricing, profit/loss data and banking records.

The frequency of social engineering (i.e., cyber deceit) and cyber extortion continues to increase, and contractors should be having discussions about how to protect against and prevent such attacks that extend beyond purchasing cyber liability insurance coverage. When the risk management process is properly employed and insurance coverage is placed correctly, contractors can partner with the carrier and others to create incident response policies, communication protocols and third-party vendor management practices.

Cyber exposures extend beyond a firm’s own systems to those of third-party vendors. Consider two large general contractors that were the victims of a data breach. One contractor’s outside vendor preparing the company’s W-2 and 1095 tax forms reported suspicious activity on that vendor’s systems.

Employees of another company reported fraudulent tax filings being made in their names. Companies need to ensure they are contracting with reputable partners and that vendors have their own cybersecurity risk management programs in place.