The Cyber Insurance Checkup Most Small Businesses Keep Skipping

Here’s a number worth sitting with: according to Munich Re’s Global Cyber Risk and Insurance Survey 2026, 9 out of 10 C-level managers globally believe their organizations are inadequately protected against cyber risks. Nine out of ten. These aren’t small operations run by people who don’t know better. They’re executives at companies across every industry, many of them already holding a cyber insurance policy.

Owning a policy and being protected are not the same thing.

The cyber insurance market in 2026 is experiencing a period of relative calm. Premiums have stabilized. Capacity is abundant. Reinsurance rates dropped sharply at the January 2026 renewal. For buyers, this looks like good news and in some ways it is, but stable pricing is creating a dangerous complacency among small and mid-sized businesses, most of whom haven’t revisited their cyber coverage since they first bought it. The underwriters have not been idle.

SMEs Are the Primary Target — Not an Afterthought

There is a persistent myth that cyber attackers are focused on large enterprises — that small businesses are too small to bother with. Munich Re’s claims data dismantles this directly: the majority of cyber incidents and claims in their portfolio affect micro-companies and SMEs. The reason is straightforward. Small businesses typically have weaker security controls, less sophisticated incident response, and far fewer resources to recover. They are not too small to target and they are easier to target.

Ransomware attack frequency increased by approximately 45% year over year in 2025, according to Munich Re data, and the trend has continued into 2026. Business interruption is the largest cost component of ransomware losses, accounting for 51% of total claim costs. For a small business, even a few days of downtime can be an existential event and many discover mid-claim that their policy has exclusions, sublimits, or waiting periods that weren’t clearly explained at purchase.

What Underwriters Are Quietly Raising the Bar On

The soft market is creating competition, but it’s also creating discipline. Insurers are increasingly requiring documented proof of:

Multi-factor authentication (MFA) across all user accounts and remote access points
Endpoint detection and response (EDR) tools — not just basic antivirus
Incident response plans — written, tested, and updated within the last 12 months
Vendor and third-party access controls — supply chain attacks are now a primary underwriting concern
Employee training cadence — annual training is being flagged as insufficient by some carriers

Businesses that cannot demonstrate these controls at renewal are being declined, repriced, or having coverage narrowed through endorsements that few policyholders read carefully. The market is soft today. It will not stay soft if ransomware frequency continues to accelerate.

The Annual Checkup Framework

A meaningful cyber insurance review is not just a call to your broker to confirm renewal. It should include four components.

Coverage Alignment:

Does your policy’s definition of a covered cyber event match the actual threat landscape in 2026? Business email compromise, deepfake-driven social engineering, and AI-accelerated phishing are now primary loss drivers. If your policy was written in 2022, it may not fully contemplate the current threat profile.

Limit Adequacy:

Review your coverage limits against current breach cost benchmarks — not the number that felt reasonable when you first bought the policy.

Exclusion Review:

Read the exclusions. War and nation-state exclusions have been broadened by many carriers. If your business has any international vendors or data exposure, this matters.

Controls Documentation:

Assemble the documentation that substantiates your security posture before renewal, not during. Underwriters reward businesses that can demonstrate their controls rather than simply claim them.

The window to do this work is now while pricing is cooperative and options are plentiful. Waiting until after a claim, or until the market firms, will cost significantly more in both time and premium.

Explore commercial insurance solutions and risk management tools through the Risk Synergy Portal to support your cyber preparedness planning. For current cyber threat data, visit Munich Re’s Cyber Hub. For small business cyber guidance, NCCI.com offers risk management resources across industries.

Ready to take a hard look at your cyber coverage? The team at Tooher-Ferraris has been helping businesses navigate complex insurance decisions since 1932. Contact us today to schedule a no-obligation consultation.

Employee Benefits

May 31, 2026

The Wellness Programs Actually Delivering Results for Employers in 2026

It’s Men’s Health Month, National Safety Month, and for many organizations, time for a mid-year benefits review. June has a way of bringing workforce wellbeing into focus, whether it’s part of your strategic plan or not.

That’s actually an opportunity. The conversation around employee wellness in 2026 is more sophisticated, data-driven, and closely tied to business performance than ever before. Employers achieving the strongest results aren’t simply offering wellness programs. They’re designing initiatives around proven strategies and evidence-based practices that improve employee health, engagement, productivity, and retention.

What the Data Is Telling Us

The National Safety Council, which marks its 30th anniversary of National Safety Month this June, frames workforce wellbeing as inseparable from safety culture. That framing matters. According to the CDC’s NIOSH Total Worker Health framework, organizations that integrate physical safety, mental health support, and preventive care into a unified approach consistently outperform those running siloed programs.

The Business Group on Health’s 2026 Employer Health Care Strategy Survey found that higher utilization of mental and behavioral health services is now one of the top drivers of health plan cost increases. Employers who are staying ahead of that curve are doing so by expanding access, not by limiting it.

Behavioral Health Integration: The Biggest Shift

The wellness programs delivering results in 2026 treat behavioral health as a core benefit, not an add-on. That means telehealth mental health access with realistic appointment availability, manager training to recognize and respond to burnout, and EAP vendors whose utilization rates are actually tracked and reviewed. Wellness and population health management programs designed with this in mind look very different from a gym discount and a biometric screening.

Employers who’ve moved in this direction are seeing downstream benefits in reduced absenteeism, better engagement scores, and lower long-term health costs. Behavioral health conditions left unaddressed are expensive. Early access and reduced stigma around seeking help are among the highest-ROI investments a benefits strategy can make.

Preventive Care Incentives That Actually Change Behavior

The most effective employer wellness programs in 2026 use incentive design thoughtfully. Participation-based incentives, tied to completing a health risk assessment, scheduling an annual physical, or engaging with a chronic condition management program, are outperforming outcome-based models in terms of employee acceptance and sustainable engagement.

For employers with self-funded or level-funded plans, the ROI case is direct. Every avoided ER visit, every early-caught chronic condition, every employee managing their diabetes effectively is a real dollar figure in the claims data. Data analytics and benchmarking tools now make it possible to connect wellness program participation to actual plan utilization trends giving HR leaders concrete evidence for program investment decisions.

Making It Work for a Mid-Size Workforce

You don’t need a Fortune 500 budget to build a wellness program that delivers results. Some of the most effective mid-size employer programs are built on three things: a behavioral health-forward EAP, a preventive care incentive tied to the health plan design, and a communication strategy that normalizes using the benefits available. Employee benefits strategy and consulting support helps employers design programs proportionate to their workforce size and budget without overbuilding or underdelivering.

This June, the conversation about wellness is worth having with intention. The employers investing in the right programs today are building healthier, more engaged workforces and managing costs better because of it.

Ready to build a wellness strategy that delivers real results? The team at Tooher-Ferraris has been helping businesses strengthen their benefits programs since 1932. Contact us today to schedule a no-obligation consultation.

External Sources: CDC NIOSH Total Worker Health | National Safety Council — National Safety Month

Business Insurance

May 30, 2026

7 Workers’ Comp Cost-Control Strategies Every Growing Contractor Should Know

Here’s a number worth knowing: the 2025 workers’ compensation combined ratio came in at 91%, according to NCCI’s 2026 State of the Line report — the twelfth consecutive year of underwriting profitability in the line. For contractors, that translates to one of the most stable WC markets in recent memory, with NCCI filing rate decreases in multiple states and most construction operators seeing flat-to-modest increases at renewal.

But stability isn’t the same as free. Your experience modification rate is being built right now, claim by claim, and whatever happens on your job sites this year will follow your program for the next three renewal cycles. The contractors who use a favorable market to tighten their cost-control disciplines are the ones who stay in good shape when the market eventually shifts. Here are seven strategies that make a measurable difference.

1. Understand Your Experience Mod and What’s Driving It

Your EMR isn’t just a number on your policy — it’s a direct function of your actual losses versus expected losses for employers of your size and class. Most contractors know their mod. Few have ever had someone walk them through exactly which claims are driving it. Request a detailed loss run from your carrier and review the open reserves on claims you may have considered closed. Unreserved or over-reserved claims inflate your mod even when the injury has resolved.

2. Build a Formal Return-to-Work Program

This is the single highest-ROI investment in workers’ comp cost control. According to OSHA research, injured workers who return to modified duty within the first two weeks of an injury have significantly lower total claim costs and faster full-recovery timelines than those who remain on full disability. A written RTW program with defined modified-duty job descriptions signals to carriers that you manage claims actively, not reactively.

3. Audit Your Payroll Classifications Regularly

Misclassification is more common than most contractors realize, and it runs in both directions. Workers classified under a higher-rated code than their actual duties warrant are generating unnecessary premium. As your business grows and roles evolve, annual classification audits with your broker can surface meaningful savings or protect you from an audit adjustment you didn’t see coming.

4. Prequalify Subcontractors on Insurance, Not Just Price

Every uninsured or underinsured subcontractor is a potential statutory employer exposure. If a sub’s worker is injured and their carrier denies the claim — or their limits are exhausted — your WC program may be the backstop. Prequalifying subs on their workers’ comp carrier, limits, and EMR before awarding work is a direct cost-control measure, not an administrative nicety.

5. Implement a Documented Safety Program — Not a Generic One

Carriers reward contractors with credible, site-specific safety documentation at renewal. A generic safety manual downloaded from the internet does not move the needle. A documented program with signed employee training records, incident investigation reports, corrective action logs, and toolbox talk attendance sheets demonstrates a culture of safety that underwriters can price. The NSC’s June National Safety Month framework, organized around continuous improvement, employee engagement, roadway safety, and wellbeing, is a useful structure for formalizing what many contractors already do informally.

6. Report Claims Immediately and Stay Involved

Late claim reporting is one of the most expensive mistakes in workers’ comp management. Claims reported within 24 hours have consistently lower ultimate costs than those reported days or weeks after an incident, because early intervention enables proper medical management and limits the window for claim escalation. Once a claim is reported, stay engaged — know the adjuster, understand the reserve, and confirm that a return-to-work plan is in motion.

7. Review Your Program With a Broker Who Knows Construction

Workers’ comp is not a commodity purchase. The difference between a broker who shops your program to the standard market and one who benchmarks your program against your peers, analyzes your mod trajectory, and structures a renewal narrative around your safety investments is substantial. For contractors managing complex risk profiles, captive insurance solutions may also be worth exploring as an alternative to the standard market. Learn more about how commercial insurance for contractors is structured to address the unique cost drivers in construction.

Ready to take control of your workers’ comp program before the next renewal? The team at Tooher-Ferraris has been helping construction businesses manage their risk and reduce their costs since 1932. Contact us today to schedule a no-obligation consultation.

Employee Benefits

May 29, 2026

The Real Reason Your Health Plan Costs Keep Climbing — And the One Lever Most HR Leaders Never Pull

Health costs are projected to rise 9.5% per employee in 2026, according to Aon’s annual health survey. Most employers find out what that means for their budget at renewal — sitting across from a carrier with a thick actuarial deck and very little room to negotiate. The employers who are navigating this environment well didn’t get lucky. They came to that table differently.

The conversation about rising costs tends to start and end with pharmacy, specifically GLP-1 weight-loss medications. And yes, pharmacy is a real pressure point. But focusing exclusively on one drug class misses the broader picture, and it puts HR leaders in a reactive posture when the data to be proactive has been available to them all along.

What’s Actually Driving the Increase

The 2026 Business Group on Health Employer Health Care Strategy Survey identified three compounding cost drivers: the rise of obesity treatments, increased cancer prevalence among plan populations, and higher utilization of mental and behavioral health services. These aren’t temporary spikes. They reflect shifts in workforce demographics and healthcare utilization patterns that will persist well beyond this renewal cycle.

High-cost claimants, individuals with claims exceeding $100,000 in a single plan year, are the single largest variable in a mid-size employer’s annual trend. A plan covering 150 employees can absorb routine utilization comfortably. One catastrophic claim from a cancer diagnosis or complex surgical event can move the renewal number by 15 to 20 percent on its own. For employers on fully insured plans, that exposure lands directly on their premium. For those on self-funded or level-funded arrangements, it flows through stop-loss which is why stop-loss structure and attachment points deserve as much attention as the plan design itself.

The Lever Most Employers Aren’t Pulling

Here’s what separates the employers who consistently achieve better renewal outcomes: they use their own claims data strategically, not reactively. Data analytics and benchmarking give HR leaders the ability to see — before renewal — where their claims dollars are going, which claimant segments are driving trend, how their plan performs against peer benchmarks, and where plan design changes could reduce unnecessary utilization without reducing the value of benefits to employees.

According to SHRM’s 2026 benefits research, employers who actively use claims analytics in their renewal strategy consistently outperform those who rely on carrier-provided summaries alone. The difference isn’t access to data. Most employers have more data than they realize. The difference is how that data is organized and brought into the conversation.

A well-run employee benefits strategy and consulting process starts with claims review four to six months before renewal, not four to six weeks. It maps high-cost claimant activity, flags pharmacy utilization patterns, benchmarks deductibles and cost-sharing against comparable employer groups and identifies whether current stop-loss attachment points still reflect the plan’s actual risk profile.

What This Looks Like in Practice

Employers who go into renewal with their claims data already organized aren’t just better negotiators, they’re making better decisions. They’re asking the right questions about network performance, evaluating whether their current carrier relationship is still the best fit, and building a benefits strategy that balances cost containment with the employee experience. The employee benefits services model at Tooher-Ferraris is built around exactly this kind of proactive, data-informed partnership.

The employers winning in 2026 aren’t reacting to the market. They’re shaping their outcomes ahead of it.

Ready to take a closer look at what your claims data is telling you? The team at Tooher-Ferraris has been helping businesses build stronger benefits strategies since 1932. Contact us today to schedule a no-obligation consultation.

External Sources: Aon 2026 Health Survey | Business Group on Health 2026 Employer Survey

Trusted By

Industry Leader Since

Serving Customers In