Despite news reports about natural disasters and man-made calamities that seemingly occur every week, we find that many businesses have not contemplated the potential impact of these exposures.
Consequently, they may end up with a risk management program that ignores potential losses or an insurance program that does not provide adequate coverage limits. The impact of these shortcomings is especially regressive for small businesses, with studies1 suggesting that up to 60% fail following a significant loss. Based on my personal observations over a 30-year career, that figure becomes alarmingly higher if the business did not have a continuity plan.
Anecdotally, large companies with dedicated risk management departments are more likely to address business interruption exposures; still, many may not be adequately covered. The realities resulting from short- and long-term disruption of operations cannot be overstated. In addition to standard perils such as fire, lightning, or wind storm, businesses now need to be concerned with emerging trends such as cyber attacks and acts of terrorism. They all can take down a business.
Business interruption insurance is designed to replace lost net income as well as cover ongoing normal operating expenses. Extra expense coverage compensates for costs beyond lost business operations, such as overtime pay, expedited shipping, relocation, and other expenses that minimize downtime. Since business interruption coverage is triggered following direct damage by a covered peril, it is critical to confirm that your policy contemplates all exposures, including cyber and terrorism.
Traditionally, business interruption insurance protected companies that were unable to operate due to covered perils, such as fire and weather events. The insurance came into use decades ago and has not been fully updated to align with the realities of conducting operations globally and via the Internet.
Today, operations can come to a screeching halt if servers are taken down by a distributed denial of service (DDoS) attack or by any number of other ways that cyber criminals use to wreak havoc. Given the events in California, Paris and elsewhere, we also have to consider terrorist attacks that would prevent employees from accessing their workplace. Therefore, businesses should be concerned by exposures relating to supply chain logistics and acts of civil authority.
When evaluating your insurance coverage, consider:
- Business type. The business interruption policy for a restaurant, for example, will likely look very different from the policy of an online retailer. One may focus more on the more traditional exposures (fires or storm damage), while the other would cover cyber attacks and data breaches.
- Policy limits. Make sure the policy covers the right expenses and length of time it would take your business to get up and running. Most disasters, natural or man-made, will halt your operations for more than just a few days. An extreme example is the 9/11 terrorist attacks that forced businesses in the vicinity of the World Trade Center to cease operations because the entire area was blocked off.
- Financial impact. It’s important to understand total business expenses if an interruption occurs. Business interruption insurance is divided into business income coverage that would have been earned based on past financial performance, and extra expense coverage designed to take care of costs beyond normal operating expenses. Completing a business interruption worksheet will help you identify and quantify direct income exposures, including any contingent exposures existing in your supply chain logistics, as well as continuing expenses and potential extra expenses needed to mitigate a loss.
The realities of short- and long-term business interruption cannot be overstated.
In addition to understanding what your business interruption policy covers, it’s also important that your employees are prepared in the event that your operations cease temporarily. A business continuity plan outlines how to continue operations following a disaster.
It’s more important than ever for an organization to review exposures and determine if the appropriate insurance coverages and controls are in place. This process includes completing and updating your business interruption worksheet, which takes into consideration supply chain logistics. Every enterprise needs to establish an effective business continuity plan that includes the following:
- Identifying threats or risks
- Conducting a business impact analysis
- Adopting controls for prevention and mitigation
- Testing, exercising and improving the plan on an ongoing basis
It stands to reason that business interruption is now one of the most rapidly evolving issues facing risk managers. Addressing risks before they happen and ensuring your enterprise is protected can be an arduous task. But it may be the difference between surviving or closing up shop if something goes wrong.
1www.sba.com, “Four Ways to Safeguard and Protect Your Small Business Data”
- Determining Chip Card Liability Isn’t So Easy
- Retailers Still in the Cyber Attackers’ Bull’s Eye
- On-the-Job Healing: Stay-at-Work Programs Ease Injured Employees Back to Recovery
©2016 Corporate Synergies Group, LLC. No part of this material may be republished or distributed without prior written consent.