Identify risks, prepare a plan
Preparation is key to any successful response to a business interruption. Enterprise leaders need first to identify the risks that the organisation may be susceptible to, and their probability, as this forms the foundation for mitigation strategies. An enterprise-wide, regularly reviewed risk register will help articulate potential threats to business as usual (BAU) operation.
Armed with that insight, businesses can start to develop processes to deal with a business interruption, to train staff and put in place communications mechanisms that would be triggered by an interruption in BAU. Critically, a business should also test those preparations in advance using a carefully crafted scenario, allowing a soft fail to take place if the plan is flawed in order to learn from mistakes and finesse response processes, so that when a real event takes place the recovery will be more effective and happen faster.
Working with an experienced third-party specialist to assess risks and prepare response strategies can be particularly useful as it ensures access to industry expertise and best practice insights. It also reduces the risk of vested interests within an organisation compromising its response to a business interruption.
Once in place, the plan should be tested annually and revised as required, with careful consideration of any regulatory or legislative changes that may have come into effect over the intervening 12 months that could potentially impact the efficacy of the response plan.
Quantifying impact
In order to restore BAU as swiftly as possible organisations need a clear understanding of specific exposures, the probability of occurrence, and the quantum of the impact that an interruption might have.
This helps sharpen the focus of the response plan and also scales the insurance coverage required to allow the business to effectively manage the situation and resume BAU quickly.
As part of the advance preparation companies should review current insurance policies, particularly industrial special risks policies and property insurance policies, and any cover for loss of revenue. Are those policies tailored in a way that responds to the period of loss? Do they feature accurately declared values of loss of revenues or profit? Does the business have effective cyber insurance and what coverage does that provide – not just in terms of financial loss coverage, but access to expert support to assist with remediation and recovery?
In short; assess whether the insurance program is fit for purpose, specifically in terms of delivering business interruption support, are the values and indemnity periods appropriate?
In the event of a significant business interruption, and potentially massive loss it is important to understand how the policy is going to respond and that it offers full replacement for physical items lost or damaged as well as mitigating or securing recompense for loss of revenue as a result of the disruption.
Not only does this mature approach help deliver enterprise peace of mind, but in the current insurance environment, provide you with strong evidence to underwriters of your businesses’ ability to respond to a non-BAU event. A number of insurers are providing strong recommendations that response plans be developed and tested. Whether or not there are business continuity plans or crisis management plans in place can impact on pricing, and even whether the insurer is willing to underwrite that policy.
How can you prepare your business?
Aon recommends companies:
- Identify risks and analyse your existing insurance policies and international program solutions
- Evaluate your unique risk profile, assess the probability of risk events occurring, and quantify potential loss from interruption to BAU
- Apply concrete measures and procedures for managing risks through targeted use of quantification, risk financing, and change management
- Control different risk measures at every phase, and embed effective and sustainable risk management practices across the business
- Use the risk assessment to determine appropriate limits of risk transfer and eliminate under-insurance, or the need to fund business interruption claims from internal capital. Similarly eliminate over insurance and excess premiums
- Share with insurance brokers and underwriters details of your response plan in order to ensure the best price and extent of cover.
[1] https://www.smh.com.au/business/companies/cyber-attack-will-bring-the-company-down-landmark-white-future-hangs-in-the-balance-20190605-p51ura.html
Print