Calming Influence

2013 was an unusually bad year in Canada: the flood in southern Alberta, the train explosion in Lac-Mégantic, Quebec and the ice storm in Toronto and southern Ontario.

Aside from the loss of life, such major events can cause significant damage to large swaths of properties and businesses. The repercussions can be felt for months afterwards, affecting customers, suppliers and the marketplace in general.

These three events alone resulted in insured losses of $1.7 billion, $683 million and $200 million, respectively. And they were just three of the approximately 300 natural and environmental disasters that took place around the world last year.

Major natural and environmental events are not the only threat to the financial, operational and reputational health of an organization, of course. Economic, political and technical crises are also growing in severity and frequency.

Financial crime and cyber attacks, for example, are an increasing threat across industry and the public sectors.

In 2013, more than 700 companies suffered from at least one type of financial fraud, notes Kroll’s Global Fraud Report, 2013-2014, a survey released in October that involved 901 senior executives around the world from a wide range of industries. For its part, Ponemon Institute’s survey, Exposing the Cybersecurity Cracks: A Global Perspective, found that cyber crime affected more than a third (36%) of polled Canadian businesses.

A minor crisis, such as a fire in a warehouse, crop up all the time; it is part of doing business. But a major crisis is a moment of truth that tests the readiness, resilience and character of a business – or even of a community, city or country.

Good preparation can make the difference between surviving a crisis or not. And the right insurance coverage is a key component of the survival plan.

WHAT COULD POSSIBLY GO WRONG?

Major disasters can have multiple financial and operational impacts on a company. These include lost revenue, fines and loss of supply chain. A company can mitigate both property damage and temporary loss of profit-making through insurance, but a commercial insurance policy alone may not cover the entire impact.

Consider this scenario: A major flood washes over a town. A local manufacturer gets its operations up and running again after a short delay, and does not anticipate a financial hit because its property and temporary business interruption is covered by its commercial insurance.

However, because of the damage caused by the flood over a wide area, the manufacturer finds it cannot source materials or ship goods to its national distributors, at least for a while.

How will it continue operations without alternative locations, partners or suppliers in place? Did the owners ever consider diversifying suppliers and partners, or were higher premiums worth the trade-off?

If the company manages to survive until all the businesses and infrastructure upon which it depends are functioning again, would it be motivated to do a better job of preparing for the next disaster it faces?

Beyond property and operations, reputation cannot be insured, but it can be adversely affected by major events – and that can have repercussions with shareholders. In fact, Exploring Strategic Risk, a survey of 300 C-level executives, board members and specialized risk executives in five major industries – conducted by Forbes Insights on behalf of Deloitte – found reputation is the top strategic risk facing companies today.

Preparation and response is particularly vital, as it can determine the extent and duration of reputational damage. Consider the way two companies responded to major crises involving loss of life and how each has fared: Maple Leaf Foods’ listeria outbreak and Montreal, Maine and Atlantic Railway’s runaway train explosion in Lac-Mégantic.

Hits to reputation, however, may take many other forms. An increasingly likely scenario is this: Criminals hack into a retail company’s data systems and take large amounts of customer and payment data, putting the privacy and financial information of customers at grave risk of both identity theft and financial theft.

Home Depot is the most recent example, with a breach of its payment data systems at its stores in Canada and the United States jeopardizing the credit and debit card information of 56 million people. The company acknowledged the breach and offered a year of free credit monitoring to all affected customers.

PLAN FOR THE WORST

From fatal factory fires overseas to severe winter storms, stolen credit-card data and damaged passenger baggage, the list of crises that have befallen companies, institutions and government agencies over the years seems to be growing longer every decade. And, still, many organizations fail to plan adequately for such major events.

How could a business get started? Mitigating the impact of a crisis involves monitoring, preparation and rehearsal well before such an event transpires. There are three parts to an effective strategy:

• Readiness. Do not wait until a crisis hits to start planning, and that includes choosing the right coverage. Start by identifying the most likely crises (for example, due to physical location, industry, etc.) and the key people to tap from among the stakeholder groups. Prepare for multiple scenarios and rehearse the implementation of crisis plans, which are the most effective ways to get ready. Monitor for early signs of an impending event to stay on top of developments – or even avert potential disaster.

• Response. Respond within minutes, not hours or days. Teams on the ground need to take control, lead with flexibility, make decisions based on incomplete information, communicate with internal and external constituents, and inspire confidence. Every decision made during a major crisis can affect stakeholder value: reputational risks destroy value more quickly than operational risks. The worst response is to ignore or downplay a major threat; the best is to get out in front.

• Recovery. The crisis work continues after the immediate threat has subsided. The way a company captures and manages data, logs decisions, manages finances, handles insurance claims and meets legal requirements can determine how well it recovers.

Returning to normal need not be the best a company can plan for. A business can, in fact, emerge stronger by looking for the opportunities that almost every crisis creates. And it is not a question of if a crisis happens, but when.

Canada will likely continue to experience severe weather events, which can create significant crises for cities and their infrastructure. Cyber crime will likely only increase as everyone becomes more and more dependent on technology in both their professional and personal lives.

Businesses can mitigate insurance losses by ensuring they are aware of the necessity of planning for crises. Potential financial loss resulting from business interruptions, lawsuits and brand attacks on social media, for example, can be better controlled if they are following a good strategy put in place well before an event – and, in some cases, rapid response and some innovative thinking could avert a crisis altogether.

As the old saying goes, an ounce of prevention is worth a pound of cure.