1-888-643-2217 Email ABEX
Keeping you updated

Monthly Archives: September 2015

A Word to the Wise About Construction Defects

Construction Worker-SUB-iStock_000001509502XSmallPossibly no two words strike more fear in the hearts of architects, engineers and contractors than “construction defect.” A claim for a construction defect can cost astronomical amounts to correct and defend. Additionally, it can also damage their reputation and negatively impact their future opportunities for work. It’s enough to break a business.

Construction Defect Risks

Today, their risk of becoming involved in a construction defect claim is greater than ever. New technology, materials and applications have changed the way commercial buildings, homes and condominiums are constructed.

Advances are enabling the design and construction of buildings that are more attractive and less costly. Yet, many of these advances have yet to be tested in real application over time, where problems may be uncovered that were never anticipated in the lab.

At the same time, new applications require new skills from contractors, who may overlook important requirements for installation or take shortcuts that cause devastating consequences. When problems occur, it’s hard to know the cause without investigation, and everyone on the project is forced to become involved. Often, whoever has the most money or the most to lose becomes the primary target for plaintiff lawyers. Essentially, you could be held responsible for others’ mistakes.

Let’s consider two of the most costly examples of construction defect: EIFS and FRT plywood.


Architects love using exterior insulation finishing systems (EIFS) in their design process. EIFS cladding systems resemble stucco, but are less costly to install and can be fashioned into a variety of architectural shapes, including soft curves and geometric designs. This unique flexibility makes EIFS treatments ideal for special elements such as porticos, archways and ornate overheads for windows, doors and decorative trim.

As with any exterior cladding, water can enter behind or around the system. Early applications often lacked drainage features that are more commonly used today. With no place to go, constant exposure to moisture can cause wood to rot and can cause damage to other materials within the building or home. Moisture-related problems can lead to an avalanche of individual and class action lawsuits by consumers.

For those using EIFS in their designs, strict adherence to guidelines for materials and methods of application is your best defence against a construction defect claim.

FRT Plywood

Back in the early 1990s, flame resistant plywood (FRT) was touted as an alternative to fire walls in multi-unit buildings. It appeared to be a revolutionary product and was quickly adopted by architects and builders, especially in the Northeast. However, high temperatures in attics caused early and unexpected deterioration of the material. Suppliers went bankrupt, and builders were left to face clients with major defects in their buildings, condominiums and homes.

For those using new building materials in their projects, it is important they do their research, examine their confidence in the manufacturer and the testing and consider their comfort level with the risk.

Types of Construction Defects

Generally, there are four categories of construction defects:

  1. Design deficiencies are typically related to building designs that do not meet code or perform to standard.
  2. Material deficiencies occur when use of inferior materials causes significant problems, such as when windows leak or fail to perform despite proper installation.
  3. Construction deficiencies are problems created by poor quality of workmanship.
  4. Subsurface deficiencies usually involve cracked foundations or other structural damage caused when soil is not properly compacted and prepared for adequate drainage.
  5. Disputes lie in the determination of fault and damages, and require the party responsible for the defect to remedy the situation.


Under the standard commercial general liability (CGL) policy, an insurance company has a duty to defend insureds for construction defect claims if any damages are potentially covered under the policy. Coverage for construction defects only exists if there is an “occurrence” under the policy.

If the court finds against the insured and they are a subcontractor, the policy will frequently pay for property damage caused by the occurrence. It does not, however, cover the costs to remedy the insured’s work—the faulty workmanship or material that led to the damage. In many cases, the cost to correct the construction defect will be greater than the actual property damages incurred. General contractors should keep in mind that the whole project is their work.

Architects and engineers will want to consider the additional protection of a professional liability policy. Professional liability provides coverage when a design does not function as anticipated or promised.

How Risk Can Be Managed

Many risks contractors, architects and engineers face are not typically covered by insurance. In addition to insurance, risk can be reduced in two ways.

Transferring Risk

Some of the risk can be transferred to a responsible third party. General contractors transfer risk to the subcontractors they use on a construction project through indemnification and hold harmless agreements as well as additional insured requirements in their construction contracts.

Indemnification and hold-harmless agreements are typically included in standard construction contracts. However, if the subcontractor lacks the financial resources to meet its obligations, the contractor still could be obligated for any construction defect claims. That’s why it is important for contractors to check the financials of their subcontractors and choose wisely. And never, under any circumstances, uninsured subcontractors should be used. They put contractors at great risk and could increase the cost of contractors’ own insurance.

Whenever hiring subcontractors, contractor should have them add contractor’s business to their liability policy as an additional insured. The contractor will be protected by the subcontractor’s policy for work the subcontractor does for the contractor, up to the policy limits. It’s a good idea to require liability limits of at least $1 million on the subcontractor’s policy.

Coverage should always be requested as for an additional insured on a primary basis. This way, the contractor can ensure that the subcontractor’s insurance responds first to a claim. (Contractor’s insurance becomes excess coverage and responds only if the judgment exceeds the subcontractor’s policy limits.) The contractor should be sure to specify the length of time they will be added to the policy for completed operations. Construction defects often come to light long after a job is completed. The contractor can verify coverage by requesting a copy of the certificate of insurance on an annual basis.

Risk Control

The best way to avoid a construction defect claim is through quality construction. Work should only be performed with architects, engineers and contractors who have good reputations and track records of good performance.  Work should be planned and performed  in the correct sequence and with proper supervision. Any and all plan changes should be documented. Organized records are critical to the contractor’s defence.

Relying on Construction Expertise

The legal landscape for the construction industry is complicated and always changing. In today’s legal climate, customers who are dissatisfied with work are increasingly resorting to litigation. The recommendations listed here are a starting point for understanding and avoiding construction defect claims. Gain professional guidance and recommendations by consulting your insurance broker  and your attorney.



© Zywave, Inc. All rights reserved.

Managing Cyber Security During a Merger or Acquisition

handshake-SDuring a merger or acquisition, insurance policies and finances need to be scrutinized and the future of employees addressed. Cyber security is often put on the back burner, which is unfortunate because this is a time when company data is at its most vulnerable.

Data transfers must proceed without a hitch, or else the companies risk damaging reputation, losing customers and hurting future sales. Additionally, legal responsibilities must be upheld before, during and after the data transfer process.

Use the following checklist to ensure you’ve covered all of your cyber security bases:

  1. Identify all data assets that will need to be transferred.
  2. Gather and merge all data standards, policies and processes from employees at both companies.
  3. Identify potential risks that could occur during data transfer.
  4. Prior to any data transfers, ensure data is backed up.
  5. Run background checks on any employee who will be involved in the data transfer process.
  6. Craft a business continuity plan to prepare for potential data loss or outages during the period when the transfer will be occurring.
  7. Assign a high-level person the job of overseeing all data transfers. They will have the task of dividing and conquering by assigning one person to each data asset that needs to be transferred.
  8. Legally transfer ownership of data assets as quickly and completely as reasonably possible.
  9. Host training sessions on new data standards, policies and processes.
  10. Update disaster recovery plans, business continuity plans and emergency plans to include newly acquired data assets.
  11. Update the risk profiles for newly acquired assets.

Preparing for Data Transfer

Planning for data transfer should begin as early in the merger or acquisition process as possible. It is wise to assign one person the task of overseeing all data transfers so that there is little room for miscommunication or error. That person can then delegate smaller tasks, such as identifying data assets, identifying potential risks during transfer and making sure the data transfer is in compliance with federal or provincial law, but the person in charge should be aware of the current status of all tasks at all times. This person should also manage the implementation of the interim business continuity plan so that daily operations are disturbed as little as possible.

Keep in mind that if the acquired company has already completed portions of the data transfer or consolidation tasks, you should review the work to ensure accuracy.

Consider relocating IT employees from the acquired company early so that they can help with the data transfer and risk identification process, as they will be more familiar with their data and systems. Sufficient time should be mapped out to allow any older data to be converted for use in newer software and programs.

Finally, ensure that your system configuration records are up to date prior to any data transfers or consolidations. This will help isolate any issues that might occur and allow for an effective fix.

Good Practices for Data Transfer

Even if your company is completely prepared for the data transfer, it’s still possible that issues will arise during the process. Here are some good practices your company can utilize to minimize these risks:

  • Try to avoid using any kind of removable media to transfer data from one place to another. If the only method you can use is removable media, then take extreme care to be sure all records are encrypted, especially if they involve personal information.
  • If you have any data that isn’t getting transferred, you should dispose of it safely and completely to ensure it cannot be stolen.
  • Do not try to move all data at one time. Set small goals to complete every day or week to prevent an overload on your system or large, messy mistakes.
  • Consider halting some of your company’s cyber services until all data has been switched over in order to protect the services from being adversely affected by the transfer. Another option would be to run a similar service until data has been transferred.
  • Increase protective monitoring systems to prepare for the possibility of a disgruntled employee. Mergers and acquisitions are scary, uncertain times for employees, whose roles are often modified or eliminated to accommodate a new company structure. Update all clearances and access capabilities for employees based on new roles and duties.

Safe and secure data transfer during a merger or acquisition is of utmost importance. Communication is crucial during this time and basic duties and responsibilities should be quickly laid out and assigned to employees before, during and after the transition. Data transfer is not just about preventing and managing a compromise or interruption to services; you also need to keep your customers’ and stakeholders’ needs in mind, and take their concerns into consideration. Most importantly, ensure your new and existing clients know that you’re keeping their data safe.



© Zywave, Inc. All rights reserved.

Spear Phishing: Targeted Cyber Crime

The word password hooked by fishing hook“Phishing,” a type of cyber attack in which a hacker disguises him- or herself as a trusted source online in order to acquire sensitive information, is a common scam that can put employees and businesses at risk. However, more resourceful criminals are resorting to a modified and more sophisticated technique called “spear phishing,” in which they use personal information to pose as colleagues or other sources specific to individuals or businesses. And, when attacks contain personal information, they are much more difficult to identify as malicious.

For businesses, the potential risk of spear phishing is monumental. The 2015 Internet Security Threat Report released by Symantec Corporation, a company that specializes in security software, states that, globally, 5 out of every 6 large employers were targeted in spear phishing attacks in 2014, and that there was an average of 73 spear phishing email attacks per day.

How to Protect Your Business

Though it is difficult to completely avoid the risk that spear phishing attacks pose, there are ways to prevent further damage to your business. For example:

  • Be cautious when you are asked to divulge personal information in an email. Even if it appears to be from a trusted source, it could be a hacker impersonating another person or group.
  • Only share personal information on secure websites or over the phone. When in a Web browser, you can ensure a website is secure when you see a lock icon in the URL bar, or when an “s” is present in the “https” of a URL. The “s” stands for “secure” at the end of the normal “http”.
  • Some spear phishing schemes use telephone numbers, so be sure to never share information over the phone unless you initiate the call to a trusted number.
  • Never click on links or open attachments from unknown sources. Even opening a file that seems familiar can give a spear phishing attacker access to personal information stored on your device.
  • Ensure that your company’s security software is up to date. Firewalls and anti-virus software can help protect against spear phishing attacks.
  • Encourage employees to think twice about what they post online. Spear phishing hackers often attain personal information through social media sites. Make sure that employees know how to keep this information private to protect their own security as well as that of your business.

Regularly check all online accounts and bank statements to ensure that no one has accessed them without authorization.


© Zywave, Inc. All rights reserved.

How Hackers Can Control Your Car

CYBER CRIMEFiat Chrysler Automobiles is recalling 1.4 million vehicles—not for a manufacturing flaw or a faulty part, but for a vulnerability to hacking. The company deemed the recall necessary after two software programmers demonstrated how easy it was to remotely tamper with a Jeep Cherokee’s radio, air conditioning, dashboard display, windshield wipers, brakes and transmission.

This hack is an example of what the security industry calls a zero-day exploit—a vulnerability in a piece of software that the vendor is unaware of. In the case of Fiat, hackers, through wireless access gained via the Internet, sent commands through the vehicle’s entertainment system, taking control of any number of vehicle functions. This could, in theory, be performed from a laptop across the country.

But this type of vulnerability isn’t limited to Fiat vehicles, as most auto companies produce models that are susceptible to breaches. Industry leaders like General Motors, Ford and Toyota are atop a long list of auto makers believed to be the most susceptible to hacking.

As vehicles become increasingly connected, the risk of hacking becomes more apparent and no longer limited to select models. By 2022, an estimated 82.5 million automobiles worldwide will be connected to the Internet.

Since the hack, Fiat has taken strides to prevent remote manipulation by distributing USB drives to vehicle owners that they may use to upgrade vehicle software and deter hackers—but that may not be enough. While automakers are aware of cyber risks and are even taking steps to prevent attacks, experts say that the auto industry is far behind when it comes to cyber security and that current solutions aren’t yet strong enough to thwart hackers.



© Zywave, Inc. All rights reserved.



Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn