Beyond the Pandemic: How to Build Resilience for 3 Key Business Risks
Being resilient means bouncing back quickly from adversity. Traditionally, insurance has been a cornerstone of economic resilience. When businesses suffer losses, insurance policies kick in to recoup them, restoring organizations to their original state.
But most risk managers know that achieving true resilience is not that simple. Relying on insurance to return your organization to its pre-loss state is a reactive strategy that takes coverage for granted.
If this year has taught us anything, it’s that being caught off guard can have financial impact on organizations beyond what insurance can cover.
Insurance cannot, for example, claw back market share lost while a company works to recover from devastating flood damage, restore shareholder confidence after a cyber attack, or regain customer loyalty after a sustained period of business interruption.
“True resilience requires looking ahead, mapping risks as they emerge and evolve, and proactively building (and practicing) response plans so the company is ready for the unexpected. Fast and full recovery always favors the prepared,” said Carmelina Borsellino, vice president and chief engineer, FM Global.
While it’s easy to become distracted by the COVID-19 pandemic, it’s important to prioritize risk mitigation for all business risks — they will still be here when the pandemic is over.
Here are some of the key business risks to keep on risk managers’ radars and how to shift focus beyond recovery toward long-term resilience.
3 Critical Risks to Watch
1) Financial Effects of a Changing Climate
For several years, shareholders have put pressure on public companies to disclose the financial threats posed by a warming planet and its many ripple effects. More frequent and severe events like floods and fires can cause everything from property damage to supply chain disruption, which over the long term can lead to loss of market share and diminished stock price.
The Carbon Disclosure Project (CDP), which solicits and analyzes this data, reportedly collected more than 7,000 responses in 2018. From a small subset of those submitted disclosures, the CDP estimated that these companies would incur roughly $1 trillion in costs related to climate change — mostly within the next five years — if they failed to take proactive steps to mitigate exposures.
In an FM Global survey of CEOs and CFOs of the world’s largest companies, 77% said their organizations were not fully prepared for the impact of a changing climate, even though 76% acknowledged that their companies were exposed to climate risk (i.e., threats like floods, wildfires and drought). Likewise, a whopping 82% believed their companies had somewhat to no control over the adverse impact of climate risk on their business.
However, there is plenty business leaders can do to address the adverse financial impact of climate risk including advance preparation and business continuity planning.
2) Cyber Breach’s Blow to Brand Value
System failures and breaches of private data could result in business interruption losses and expenses related to recovery and implementing better protection measures.
“A longer-term impact, however, could be the loss of consumer and shareholder trust, which could translate to loss of market share and diminished stock value,” Borsellino said.
According to a 2019 analysis of major data breaches by cyber security firm Bitglass, publicly traded companies suffered an average 7.5% dip in stock values and a mean market cap loss of $5.4 billion per company following a major data breach.
The study focused on three major breaches — Yahoo in 2016, Equifax in 2017 and Marriott in 2019. Yahoo and Marriott saw their stock price rebound after an average of 46 days. Equifax has yet to return to its pre-breach value.
Risk managers can proactively reduce the long-term financial implications of a data breach by approaching this risk the same way they approach such risks as natural hazards. The first step is to identify the potential for immediate impact – what specifically could be interrupted, and what specifically could be the consequences? From this starting point, actions can be taken to target any existing exposures.
Just like you might upgrade an automatic sprinkler system to better protect against fire or install tougher roofing materials to protect against hail or windstorms, a risk mitigation plan could be developed to tighten network gaps, increase enterprise resiliency and alleviate many of the negative outcomes that can result from a cyber attack.
3) Brittle Supply Chains In an Interconnected and Unpredictable World
Supply chain disruption wrought by COVID-19 revealed the fragility of the current supply chain model — characterized by an emphasis on speed and cost-efficiency that seeks to minimize inventory and instead relies on rapid, frequent deliveries.
Today, a large portion of those deliveries originate from one place — China. According to Deloitte, more than 200 of the Fortune Global 500 firms have a presence in Wuhan. When the pandemic shut down that province, numerous areas of the global economy hiccupped.
While the pandemic may have thrown the vulnerability of global supply chains into the limelight, it won’t be the last worldwide event to slow them down.
“Our global economy has created a global web of risk. Natural catastrophes, political or social unrest or economic fallout on the other side of the planet could still have trickle-down effects on your suppliers and even your customers,” Borsellino said.
Complex as global supply chains may be, tools exist to help risk managers examine exposures associated with each supplier or distributor, which may then guide decisions around switching or selecting additional contingency partners.
How to Build a Resilient Organization
A risk mitigation strategy that enables a prompt and organized response to any hazard revolves around two key components: people and resources.
“The first thing an organization should do is designate who will perform certain tasks in the event of a catastrophic event,” Borsellino said.
There should, for example, be one person designated to lead emergency response — a person capable of keeping a cool head, communicating effectively and making decisions quickly.
In the event this person cannot perform their duties, there should also be a designated back-up. Specific tasks like contacting emergency services, cutting power, locking doors or disseminating updates to staff can also be assigned to managers.
“The chain of authority should be made known to all employees. This will ensure consistent information and a coordinated response,” Borsellino said.
One person or team should also be designated to lead the assessment of available resources and execution of contingency plans. This could include salvage operations, reaching out to local contractors or suppliers for quick access to backup equipment and/or repair services, and evaluating impact to lower-tier suppliers.
Especially in the case of a cyber security breach, it may be necessary to engage public relations experts to handle an organization’s communications with customers, shareholders and regulators.
“Following these steps can position your organization to act quickly, minimize losses, and switch into recovery mode more quickly. Ultimately, this can mitigate the long-term damage from catastrophic events that insurance can’t cover,” Borsellino continued.
Take Advantage of All Available Tools
Plenty of resources exist to help risk managers build resilient risk mitigation strategies.
The FM Global Resilience Index, for example, allows business to evaluate countries’ exposures to key risks specific to their nation’s business environment in comparison to other countries, which can be helpful in determining such things as where to site a new facility or to source materials in your supply chain.
The Resilience Index can provide a more granular look at country-inherent exposures that could affect suppliers, key customers and other partners around the world, which can help business executives make more informed strategic decisions.
The Index tracks five-year country trends in three categories: economic risk, which represents political and macroeconomic influences on resilience; supply chain risk, which encompasses control of corruption, quality of infrastructure, corporate governance and supply chain visibility; and overall risk quality, which broadly examines property exposure to fire, natural hazards and cyber risks.
All of these factors are aggregated into a single country ranking, giving users a quick and easy way to evaluate the resilience of any given country to disruptive events.
Addressing broad threats like climate risk, cyber attacks and global supply chain disruption may seem overwhelming, especially in the middle of a pandemic, but taking a data-driven approach can help with decision-making and bring clarity and direction.
It’s easy to be distracted by the disruption of COVID-19, but true resilience requires looking beyond short-term recovery to mitigate an array of interconnected risks.
To learn more, visit https://www.fmglobal.com.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with FM Global. The editorial staff of Risk & Insurance had no role in its preparation.