Retail Stores/Business and Personal Services

This business segment deals with those engaged in selling goods (commonly referred to as Stores, such as clothing stores and electronics stores) and those businesses that provide both business and personal services (such as lawyers and nail salons). This is the most generic, abundant and simplest class of commercial risks, and is therefore a great starting point for our Industry Segment presentations.

Exposures in General

General Liability

Premises: For most risks in this category, a premise is the primary GL exposure. The most common causes of injury are from slips, trips and falls. For all risks, attention to good housekeeping is essential, such as maintaining clear and clean isles and making sure that outside parking and walks are safe. Of particular importance is keeping floors dry during rainy weather, and keeping all walks clear of snow and ice in the wintertime.

Products: This exposure is minor for most businesses in this category, except those that actually work on insured products, such as bicycle stores. Stores that sell refurbishes items, such as appliance stores, also have products exposures. If that is the case, proper training and quality control are important.

Operations: Some classes, such as furniture stores, appliance stores and flooring stores may provide delivery and installation. In those cases, Operations and Completed Operations exposures consist of damage to homeowner’s property and improperly installed products. Properly trained delivery and installation crews are essential. For those businesses that hire independent contractors to do the installation work, it is important to verify that the contractor carries General Liability insurance, and that the business which hires them is listed as an Additional Insured on the contractor’s policy.

Property

Most retail stores do not carry products or conduct on-premises activities that would be pose a particular property loss threat to the premises. Some specialty stores, such as furniture stores, may have operations that require particular loss control attention, such as staining. Varnishes and stains can be highly flammable, and proper precautions should be taken, such as storing all flammables in approved metal storage containers, and disposing of rags in approved metal waste receptacles. Service risks, such as barber shops/beauticians, nail salons, and shoe repair businesses will typically use flammable agents in their operations. Care must be taken to properly store these items in accordance with National Fire Prevention Association (NFPA) standards. In addition, both retail and service businesses havecontents that are highly combustible and would present a heavy fire load. This is of particular concern in older buildings that are not sprinklered. In general, older buildings (2o plus years) need to have had updates within the past 5 years or so. Roofs are the most important update (to preventing water leaks and ensuing losses). For buildings over 30 years, plumbing, electrical and heating/AC systems also need to be updated. Although the absence of sprinklers is not an automatic rejection, the carrier will look more closely at other fire protection factors, such as Property Protection Class and distance to nearest fire department, as well as the specific operations of the business.

Other common property exposures are routinely addressed in each carrier’s property forms, including any attached property enhancement forms. Many offer customizes enhancements for specific types of businesses.

Employee Dishonesty (theft) is an exposure for all businesses with employees. It can be addressed by adding Employee Dishonesty coverage. With most carries, this is either an option during rating or is automatically included with policy enhancements.

Bailee Coverage: For those risks who take possession of customers property in order to service it (such as dry cleaners, shoe repairers, tailors and jewelry repairers) coverage is needed for property of others, which is typically very limited under the Commercial Property Policy. A Bailee policy provides coverage for damage to customer’s goods for which the insured is legally liable. There is also a form that pays for damage whether or not the business owner is liable, which provides a greater sense of business goodwill.

Automobile

For most retail and service operations, auto exposures are incidental only. However, businesses that deliver or do installation will have a true Business Auto exposure, so the type and age of vehicles, maintenance program, and driver selection/screening programs will be evaluated by the carrier.

Workers Compensation

Any business with employees has workers compensation and employers’ liability exposures. A single claim without this coverage could potentially force a small business into bankruptcy. Although economic times are tough right now, it is extremely unwise for any business to operate without Workers Comp coverage. Over 73% of claims against employers today are from their own employees, so going uninsured on Workers Comp is seriously courting financial disaster.

Employment Practices Liability

Similar to Workers Comp coverage, EPLI is a must for all businesses with employees. It protects against exposures facing all employers, such as wrongful termination, discrimination, or suits alleging inequality in pay. This coverage is often offered as an option in the quote process, and usually involves a nominal minimum premium. With some carriers, the insured has free phone access to EPLI counselors who will give them advice and direction. If the insured follows the expert’s instructions, and a claim ensues, the deductible is waived.

It is tempting for employers to overlook this coverage or to see it as “fluff” in the proposal. However, as is true with Workers Comp exposures, just the defense costs associated with one claim can ruin a business

Cyber Liability

Any business that utilizes electronic payment methods is at risk of cyber liability, such as data breach. Most states require precise notification and protection action by a business when there is reasonable evidence that a breach might have occurred, even if no actual breach occurred. These notification costs, as well as third party liability claims, can add up quickly. This is another of the “essential” auxiliary coverages that should be added to Retail and Service risks. Most carriers offer this as an option in the rating process, and minimum premiums start at $500. Coverages vary by carrier, but the primary covered exposures are:

  • Unauthorized Disclosure of Private Information
  • Actions arising from the violation of any applicable privacy law, internal privacy policy, or security breach notification law
  • Includes costs to notify others and costs to comply with applicable laws
  • Regulatory Expenses
  • Costs to notify others if there is reason to believe that a data breach or compromise of private information has occurred
  • Costs to comply with any applicable privacy law beyond notification
  • Network Damage
  • Damage to information on the insured’s Network
  • Includes insured’s information that others rely on
  • Others’ information on the Network
  • Network interruption to third parties
  • Theft or unauthorized disclosure on information on the Network
  • Ensuing damage or disruption to another’s Network
  • Includes damage due to viruses

Minimal Risk controls that must be in place include:

• Anti-virus

  • Employ anti-virus software on all computing devices
  • Automatically update anti-virus software at least daily
  • Automatically scan and filter e-mail attachments and downloads before opening files

• Automatically receive virus and threat notifications from the United States Computer Emergency Readiness Team (US-CERT),

SANS Institute or a similar provider

• Securely configure firewalls other than a default configuration

(Most of the above can be accomplished through the use of Commercially available products such as those offered by Norton or McAfee)

Insured’s With Internal Networks:

• Configure networks using multiple firewalls (or equivalent) to separate back-office operations from Internet-facing operations

• Promulgate a security policy to all employees and contractors

• Have a tested disaster recovery plan that includes recovery from data center disasters

• Have a tested security incident response plan that addresses both direct (e.g., hacking) and indirect (e.g., virus) attacksupon network

• Back up network data and configuration files daily

• Store back-up files in a protected location

• Allow remote access to network only if it is via a VPN or equivalent system

• Monitor network platform vendors at least daily for availability of security patches and upgrades

• Test and install security patches and upgrades within 30 days of availability, preferably within seven days

• Always lock server rooms or otherwise limit access to authorized personnel