Ten Ways an Employer Can Reduce Their Chances of Being Sued for Discrimination

Estelle Kokales McGrath is a shareholder in the Professional Liability Department in the Pittsburgh office of Marshall Dennehey Warner Coleman & Goggin. She primarily concentrates her practice in the areas of employment law, public entity/civil rights, real estate, and insurance agent errors & omissions litigation in both the state and federal courts of Pennsylvania and West Virginia. She may be reached at ekmcgrath@mdwcg.com.



As a result of the pandemic, employers continue to face unique challenges as many of their employees continue to work from home. Employers are also facing economic realities, which are resulting in layoffs or elimination of positions.  Since the start of the pandemic, there has been an uptick in charges and complaints alleging employment discrimination.  It is now common for an employee to allege that they had only positive performance reviews and that the adverse employment decision was pretext for discrimination.  These ten tips can help employers reduce their chances of being sued for discrimination claims.

  1. Keeping an open line of communication with your employees and supervisors is key to ensure that they know what is expected of them.  With all of the different avenues available today (Skype, Zoom, Microsoft Teams, email, phone, text), it is easier than ever to communicate with others at the press of a button.  Although it is human nature for most people to avoid conflict, it is critical that an employer discuss performance issues with their employees as the situation unfolds versus waiting for an annual review.  An employee cannot fix a performance issue if unaware of the problem.
  1. Follow Your Policies. Policies mean nothing if you do not follow them.  For instance, if you have a progressive discipline policy, then it should be followed.  Let’s say the policy provides that a first infraction results in an oral warning; a second results in a written warning; and the third results in a suspension.   If the employer automatically terminates the employee without providing an oral or written warning, that employee will likely argue that the employer failed to provide them with the first two warnings in violation of their policies, and likely that their termination was instead the result of discrimination, i.e. age, disability, race, gender.
  1. Document Everything. A critical component for all employers is to document, document and document.  Contemporaneous documentation is always best practice. Supervisors and managers should be directed to keep documentation in each employee’s personnel file.  For example, if the employer has a discussion or meeting with an employee about job performance issues, policy violations or a request for an accommodation, that should be documented including date of when the document is being drafted, the author of that document and details of the meeting.
  1. Keep Organized Personnel Files. While this sounds basic, it is important for employers to keep organized personnel files of each employee including hiring records, performance reviews, disciplinary actions and job descriptions.  The Americans with Disability Act requires that employers keep medical records separate from personnel files including medical information related to a disability-related inquiry, a medical examination, leave, reasonable accommodations and workers’ compensation claims.  The medical record files are to be treated as confidential.
  1. Be Consistent. Employers should be consistent in the way they apply their policies.  For instance, if a manager writes up an employee for being late, then all employees should be written up for being late.  Applying your policies consistently with all employees will help reduce the claim of unequal treatment.
  1. Provide Employees with Explanations. Employees tend to jump to conclusions that they were discriminated against when employers fail to provide them with an explanation for the adverse employment action.  By providing the employee with contemporaneous, written documentation confirming the reason for the adverse employment decision (suspension, termination, etc.), it leaves no room for speculation about the employer’s rationale behind such decision.
  1. Train Your Employees. Employers should require that their employees be provided with discrimination training so that they understand what their policies entail.  Your supervisors and managers will be expected to enforce your policies.  Thus, employers should also require that their supervisors and managers be trained on how to enforce said policies.
  1. Acknowledgments for Personnel File. All discrimination policies should be documented with the employee’s signature acknowledging said policies.  Further, all training certificates should be kept in the personnel file, which will evidence the employee’s knowledge of the discrimination policies.
  1. Schedule Meetings With Your Supervisors and Managers. Even though we are all bombarded with meetings these days, it is critical to stay in touch with your supervisors and managers.  Scheduling weekly or monthly meetings is a great way to stay in touch and ensure that they are communicating with their personnel about their duties and responsibilities, in addition to continuing to document any performance issues.
  1. Hire Counsel. Before making any adverse employment decision (i.e. demotion, suspension, termination, layoff), contact a local employment attorney to discuss how to best proceed to reduce the chances of a discrimination claim. Such action can help to mitigate what could become a costly claim and eventual lawsuit.

Ransomware in 2021: Three Trends Cyber Insurers are Seeing Now

Lauren Winchester is Vice President of Smart Breach Response for Corvus Insurance. In this role, Lauren guides policyholders of all sizes through cyber security incidents, ensuring efficient coordination of counsel, digital forensics firms, and other key incident response resources. She also manages Corvus’s risk mitigation services, such as tabletop exercises and incident response planning, that are designed to minimize the frequency and severity of data breaches. Lauren has handled over 1,000 cybersecurity incidents for organizations in healthcare, financial services, higher education, retail, professional services and more.

The nation-state hack of SolarWinds, thought to be an act of espionage, has stolen the cybersecurity headlines so far in 2021. But if your work involves cyber liability we don’t have to explain that it’s ransomware that remains the major story from the perspective of those in the trenches. This particular category of malware may not be responsible for the majority of claims filed under cyber liability policies, but the eye-popping figures associated with these claims means they are the focus of any insurer offering coverage for cyber events. (According to broker Lockton, in 2020 ransomware caused 15% of claims, but 95% of the amounts paid.)

As has always been the case with cybersecurity and cyber insurance coverage, the only constant is change. What presented the most concern to underwriters regarding ransomware in 2019 is not the same as it is now. Staying ahead on the trends can help underwriters, brokers and policyholders to make critical adjustments to coverage, risk mitigation steps and claims management. The following are three of the major trends in ransomware in 2021.

Rising demands, rising costs – but perhaps a break in the clouds

Growth in total numbers of reported ransomware attacks has thankfully not kept up the torrid pace observed in 2019. But costs have exploded. As NetDiligence found, in 2019 overall costs of a ransomware attack increased 57% — more if business interruption costs are added. The growth in cost was driven in no small part by the ransom demands themselves, as the average ransom grew by a whopping 276% (3.75x) to reach $175,000.

The latest data, going up through the last quarter of 2020, showed that this trend continued through most of the year, finally tapering off in the last quarter. A report from Coveware put the average ransom payment at $154,108 for Q4 2020, a significant 34% drop from the previous quarter, but still much higher than figures reported throughout previous year (Coveware’s data, different from NetDiligence, found average ransom to be less than $100,000 at the end of 2019).

It’s too early to say that one quarter redefines a more than two year trend, but it’s an encouraging sign that the average ransom payment may not continue to grow inexorably. In the meantime, the major story remains that the dollar figures we’re dealing with from ransomware operators are in a much different ballpark than they were just a couple of years ago. Corvus regularly sees demands in the 7 figure range, and 8 figure demands are unfortunately not uncommon.

Amid this gold rush of criminal ransom activity, the focus is increasingly on the largest ransoms — the ones really driving up the average, which sometimes reach into seven figures. These are amounts that would have made for the ransomware story of the year just recently. It’s rumored that Foxconn, the electronics giant, received a demand for $34 million in November 2020 — and that’s hardly the only eight-figure demand fueling the rumor mill.

With these figures, fewer of the victims are choosing to pay up, taking the risk of starting from scratch with whatever unencrypted data or backups that managed to avoid attack. In answer, some ransomware groups may start to pull demands back to earth; others however, instead turn to other tactics to leverage their demands, which leads us to the next trend: exfiltration.


You’ll recognize the names from headlines if you follow cybersecurity: Ryuk, Sodinokibi, Maze. These were three of the most active strains of ransomware in 2020, whose operators have successfully stolen data from victims as a way to increase leverage in the ransom negotiation. (Maze later shut down as its operators moved on to using derivatives of the original software).

In some cases, attackers have been able to make money by auctioning off stolen data, even when they were thwarted in their attempt to get a ransom from the victim. Others have gone “back to the well” to get a second ransom by threatening to release sensitive data. A troubling new trend of using this exfiltrated data to contact customers or employees directly is starting to be reported (see next section). Exfiltration was used by roughly half of all ransomware attacks in 2020, according to Coveware.

While first experimented by a handful of ransomware actors, most notably the Maze group, the success of the tactic has led to others taking it up. Emisoft reports that at least 17 ransomware groups were observed using exfiltration (or at least threatening it) by the end of 2020. Nearly 30% of Corvus ransomware claims in 2020 involved a threat of data exfiltration.

Responding to situations where data was exfiltrated has created another layer of complexity in breach response, so, as ever, the selection of experienced teams or coaches in managing response is critical.


Typically a ransom demand is communicated through the screen of a hijacked device — thus the only people who know the specifics of the demand are employees of the victim organization, and then perhaps only select employees. But we are seeing a new trend in the way that threat actors leverage their ransom demands: by going straight to broader groups of employees of the organization or their customers to create an environment of urgency and perhaps even panic among affected groups.

By involving customers, or the employees of the organization, the threat actors hope to effectively recruit an army of individuals afraid of their data being publicized or experiencing fraud to further pressure a victim organization to comply with their demand. Messages sent by attackers even include calls to action, such as: “Call or write to this store and ask to protect your privacy!” The threat actors attempt to paint companies as irresponsible to their customers for not meeting their demands and potentially putting personal data at risk.

This data that enables this kind of tactic is normally sourced from attacks where unencrypted data is exfiltrated (stolen) from a company’s network. That data then becomes a tool extortionists use to broaden the scope of their attack. BleepingComputer reported on ransomware actor “Clop,” who used the tactic of directly emailing customers at a bank, a maternity store, and a manufacturer of jets. In the case of the jet manufacturer, Bombardier, Clop threatened to go to journalists first — but Bombardier had already been public about the hack. That’s when the threat actor decided to escalate the situation, and emailed customers directly.

We’re likely to continue to see a push and pull between attack trends and defenses. As more companies work to mitigate the impacts of ransomware by implementing IT security measures that limit how attackers can move within their systems, attackers are coming up with novel ways to increase leverage with whatever encryption or exfiltration they can accomplish.

Why technology is about to revolutionize the specialty commercial insurance market

Jonathan Sherling is the Head of Financial Institutions at Corvus Insurance. He has extensive experience working as a senior leader in professional lines, from commercial management liability to financial institution products. At Corvus, he leads the team working to broaden its portfolio of Smart Commercial Insurance products to include Smart FI Insurance. He is based in the New York City office.


It’s impossible to ignore how software has changed our world in the past decade — we now use ride-hailing apps for transportation, turn to streaming services for limitless entertainment, and track our food deliveries through third-party apps. Companies are pioneering new and evolving technologies as well as infrastructure to remain competitive. If they don’t, they fall behind — Blockbuster and cab companies can attest to the struggles of staying afloat once they’re competing against software-focused, industry disruptors. The marketplace envisioned by Marc Andreesen when he wrote that “software is eating the world” back in 2011 is becoming evident in every part of our working and personal lives.

There are exceptions, however. Notably reluctant to evolve, most commercial insurers have shrugged off technological disruption, and remain behind the curve of incumbent businesses in other industries who are in some cases already several years into wholesale digital transformations.

The lagging pace in our industry is not for a lack of inspiration from closely-related fields. The past decade has seen the explosive growth of “Fintech”, with enormous investments in the banking and finance sectors. And within insurance there’s been significant tech investment in personal lines: at the time of writing, Lemonade has a greater market cap than The Hanover, Kemper, RLI and other household names. Hippo, Metromile and Root are notable additions to the insurtech push in this market. These success stories in banking, finance, and personal lines insurance have proven overwhelmingly that venture-backed, technology-driven businesses can penetrate highly regulated industries.

So why did commercial insurance get left behind? Let’s explore what has happened in other industries as a lens to see where opportunities lay ahead.

When Insurance and Finance Parted Ways

While the majority of the insurance industry remained stagnant from a technology perspective in the 1990s, we saw a dramatic shift in the functionality of tools employed in the banking sector during that time. Banks capitalized on software to enhance efficiency, while markets progressed to fully electronic trading. With the digitalization of portfolio management, as well as software simulations of trading positions and adverse events, the financial industry was able to redefine how it worked. The birth of “fintech” shortly followed, particularly in consumer-facing markets. We are now starting to see the marriage of fintech and traditional models as recently evidenced by companies like SoFi.

It’s notable that within fintech the businesses that have seen the most success are those that have acknowledged and embraced regulation. While there is some history of those within the fintech industry to be blind to regulation — with a mantra of “we are not financial institutions” — those that have instead blurred the lines and coordinated with banks and regulators have been able to work collaboratively to create regulations specific to their offerings. It was long believed, both in finance and insurance, that if something was complicated enough, it was immune from the disruptions of the tech world. We can see that is no longer the case, especially if the tech is making complex processes easier.

Meanwhile, insurers in specialty commercial did little to invest in new technology to aid better risk analysis, risk selection, mitigation, modeling, stress testing and event simulation. Today, many insurers are not capitalizing on technology for underwriting, and some lines in specialty insurance continue to utilize processes that are completely manual. Looking at the success of Lemonade and others, we can assume that software and the use of data science for analytics and decision making will not be long in coming for specialty insurance.

One notable exception to this long-brewing dynamic is worth mentioning. Cyber-focused insurtechs have pioneered the use of public-facing security information about insureds to inform underwriting, risk selection and pricing while also providing security recommendations to aid with risk mitigation. As models like those used by tech-enabled MGA’s continue to build sophistication by leveraging an increasing number of data sources, the marginal benefit to the combined ratio via lower loss and expense ratios will become increasingly evident. Traditional insurers will be hard-pressed to ignore these advancements when their businesses are held up to the light against the competition.

Tech, Meet Insurance

Insurtechs have seen success with new underwriting models and techniques driven by predictive modelling and harnessing real-time data. This allows them to view risk in an entirely new way, often more effectively. There’s no reason this approach must remain limited to lines like Cyber Liability.

D&O, for example, has decades of actuarial data and experience. Underwriters are drawn to measuring company solvency, sector exposure, the competitive landscape and so on. The underwriting information available to measure those metrics (in the case of private companies) is sometimes one or two years old, and may not be reflective of the current risk that company carries. Insurtechs are establishing new underwriting models and techniques that can harness real-time data, apply predictive modelling to that data and view the risk in a new paradigm.

Skeptics will assert that using different models to assess risk outside the existing framework is only worthwhile if it outperforms the existing framework it seeks to replace. That is a fair position; but we are well past the point in technological progress where the ability to harness data to better predict underwriting losses over time is in question. If such models haven’t been successfully demonstrated in real-world underwriting for a particular product, the question now is not if, but when, they will. Fintechs and insurtechs may have taken on simpler or more data-rich targets first, but with the concept now proven, there’s a playbook for more ambitious applications.

Even if one remains doubtful that technology will overhaul existing underwriting frameworks, there are a number of ways to harness data science while working within them. For example, insurers can use machine learning to digest material, such as the priorities document and subsequent updates or trends in SEC enforcement, as they are released, and automatically apply that logic to their underwriting model. A product manager now has more time to spend elsewhere: educating, drafting language, reviewing referrals and simulating the impact of hypothetical adjustments to underwriting appetite on the current or historical portfolio.

Although the technology described would surely allow overwhelmed underwriters and product managers to shift their focus beyond data gathering, data entry, and basic analysis to the more technical aspects of their roles — negotiating and executing complex transactions — the benefits extend beyond time efficiency. As the algorithms become more sophisticated, underwriting managers are able to better position their portfolios and aid product development. The utilization of data can help identify products, coverage sectors, attachment strategies and pricing elasticity — all of which can be simulated to establish the optimums in a predictive manner.

D&O, Ready for Tech

Traditional carriers risk being left behind as startups in specialty commercial insurance enhance the use of AI and data-science based tech to overhaul the underwriting process. At Corvus, we’ve seen how specialty insurance and technology work collaboratively and cohesively to provide brokers with actionable information that assist with risk management. We use data to provide our distribution partners and clients feedback on their risk, exposures and transparency into our underwriting assumptions.

In other industries, we’ve witnessed how working with the rise of technology and software has enabled companies to innovate and succeed. We’ve also seen how a resistance to our evolving insurance marketplace has been commonplace (and still is) for many carriers. But if we look back at the evolution of fintech — where many startups are now collaborating with the banks themselves — we can see how the integration of technology and intricate processes is the future.

For more information on what Corvus has to offer in these areas, please visit our website.