As health care costs continue to climb and risks of losing customer information to cyber attacks grow, there is some relief coming to wine-related businesses that want to be indemnified against these headaches.

In health insurance, at a time when average increases for plans coming up for 2018 renewal are 11 percent nationally, Woodruff Sawyer & Co. in early August worked out underwriting with Anthem Blue Cross of California that won’t bring any increases for the eight plans in the brokerage’s 5-year-old Wine Industry Employee Benefits Collective program, according to Jim Settles, Woodruff Sawyer’s North Bay employee benefits practice leader.

“There is a lot of turmoil in the health care business,” Settles said. “We do not expect Congress to get a lot done. Many carriers are concerned with the risks they’re taking in the state exchanges and whether they will be reimbursed for that risk. So many are getting very conservative with their renewals.”

The growing complexities and uncertainties of health insurance is bringing vintners, growers and their vendors to the table to analyze their 2018 much costs sooner in the year, Settles said.

“We’re already about three-quarters done with analyses for Dec. 1 and Jan. 1 renewals,” Settles said. “It’s good for them to make decisions well ahead of the crush.”

Around the same time there’s a hustle among growers to get winegrapes off the vines and vintners to work their art at the crushpad and in the cellar, decisions for 2018 health plans are getting locked in during enrollment periods.

“Cost of health insurance is definitely an issue for smaller wineries like ours,” said Shandra Knego, chief financial and operating officer for Gundlach Bundschu and Bartholomew Park wineries in Sonoma Valley.

The wine company has been experiencing double-digit health-insurance cost increases annually and last year was facing a 45 percent increase under its Anthem Blue Shield plan. To lower costs, coverage that paired a high-deductible plan with health savings accounts was tried, but it didn’t meet the needs of employees, Knego said.

Though the company hasn’t cut the percentage of health benefits it provides, it has switched to managed health-maintenance organization plans offered by Western Health Advantage and Kaiser Permanente.

Plans in Woodruff Sawyer’s collective are underwritten based on seven risk tiers. The plans are fully insured and priced to beat pricing from the 100-winery benchmarking report the firm prepares on health coverage in the business. Other lower-cost plans the firm offers include level-funded and self-funded programs and more use of health savings accounts with high-deductible plans, such as some offered via the collective.

There are currently about a dozen vintners purchasing plans via the collective, but many also offer Kaiser Permanente plans, Settles said. Eight companies are considering plans from the collective because of the no-increase 2018 pricing, he said.


Commercial general liability policies have offered additional coverage related to security of digital information for several years. But in the past few, the insurance industry has introduced products that are better-suited to small businesses, according to Ken Keeney, senior vice president in Wells Fargo Insurance Services’ Petaluma office. Cyber liability coverage is now often referred to as indemnification for mishaps with networks, media, privacy, etc.

“Instead of data loss, we’re seeing more interest from our clients in protection of business continuity, getting back up and running after a security event of some kind,” Keeney said.

That includes being able to still accept payments by cards and other methods, while the original problem is worked out.

A new wrinkle in business continuity during such attacks is cyber extortion, Keeney said. One pernicious form of that is malicious software that digitally holds data hostage and brings operations to a halt. That kind of malware is often called ransomware.

“A lot of the managing the risk on this is having a business-continuity plan in place, but if some kind of breach occurs, many companies are not aware of whom they should call,” Keeney said.

Carriers that offer such coverage may have a network of services available to respond.

Many have a “breach coach” in the claims department to direct the business to proper resources to get back into operation. Some carriers also provide some basic continuity planning.

Those that offer such policies include Philadelphia Insurance Companies, Travelers Insurance, Beazley, which manages certain Lloyd’s syndicates, and Chubb. According to an Aug. 1 report from the Beazley Breach Response program, accidental disclosures of sensitive information by employees or a third-party vendor made up 30 percent of the 1,330 incident claims to the carrier in the first half of this year, but hacking and malware made of 32 percent of the breaches.

Still reverberating for the wine business is the April 2015 breach of winery-customer information by Calistoga-based Missing Link Networks, provider of eCellar management software. That company quickly tightened its approach to data security, and President Paul Thienes since then has been an clarion for vintners to close the spigots on security leaks.

Most recently, Thienes presented an eight-step plan for the industry to protect consumer data, speaking at the Wine Industry Technology Symposium on June 13 in Sonoma.

In addition to getting cyber liability coverage, Thienes urges companies to work with a bank to get the compliant with PCI standards for electronic transactions, making sure all vendors are PCI-compliant and strictly controlling who has access to sensitive information.

“The reason this would get a winery’s attention is they likely have customers on their direct-to-consumer sales list from multiple states, and every state has its own set of legal requirements for notification and certain documentation,” Keeney said. “Being able to manage that would be difficult. That’s why a lot of wineries secure that coverage.”

Because of such threats, the Gundlach Bundschu wine company has moved all its credit-card data to a third party, so it’s not accessible on the corporate network, and all transactions are handled via the kind of encrypted-token method Thienes has been advocating, Knego said.

“Evaluating the risks of any event which could result in a disruption of our business is also something we weigh every year when meeting with our insurance broker,” she said. “We’re definitely interested in evaluating the policies that provide notification services.”

Jeff Quackenbush (jquackenbush@busjrnl.com, 707-521-4256) covers the wine business and commercial construction and real estate.