Despite the onslaught of natural disasters and cyber incidents seen in the past year, many global multinationals don’t necessarily have plans in place should they have to deal with a major hit from a storm or hacker, according to one expert.
“At least 50% of companies have a limited to no grip on the business implications of a cyberattack on their day-to-day operations. They’re thinking about it as an IT problem,” explained David Nolan, CEO and founder of Fusion Risk Management, a provider of business continuity and risk management solutions. “They’re not thinking about it as a business problem.”
Take Facebook, said Nolan. If companies were good at having foresight about potential crises, the social media giant’s leaders would’ve been able to predict the fallout of providing such widespread access to its users’ data. And when it comes to nat cats, organizations are still using spreadsheets and static documents that don’t lend themselves well to maintaining and incorporating accurate forecasting and analytics, said Nolan.
“There’s a lot of forgiveness in this world for acts of god and cyberattacks because everybody has to face them, but I don’t think there’s a lot of tolerance for people being unprepared and not having given it significant thought,” he said.
Just as corporations will want to stay on top of what’s new in technology and find ways to incorporate tools to cut down on costs and increase efficiency, understanding what’s cutting edge in risk management and business continuity planning is likewise crucial to preventing losses and protecting a company’s reputation.
“We’re the ones protecting the brand equity – the things that are essentially uninsurable – while the insurance companies are covering their part of that,” explained Nolan. “Ours is a management system for managing these risks to avoid them or to be able to respond effectively in the event that one of them happens.”
Fusion thinks about business continuity and resilience using four scenarios: workplace disruption, workforce disruption, supply disruption or a technology disruption. Acts of terrorism or volcanic eruptions and any kind of catastrophe in between could result in one of these situations.
Companies should be thinking about what happens if they lose a key asset or location, and what operations would be impacted as well as how that loss would materially affect their ability to deliver products and services, according to the CEO. Fusion can help simulate that potential fallout and when a risk becomes reality, provide answers on how to manage it instantaneously.
“If an executive is trying to deal with a crisis, we’re going to know exactly what happened, we’re going to know what the direct damages are, we’re going to know what the collateral damages are, we’re going to know what our resources are, we’re going to know what our expectations should be because we will have simulated an actual response,” said Nolan.
One example of a Fusion client that dealt with a problem and was able to avoid major losses was a business in Florida that was preparing for the approaching hurricane, which could’ve come across the Gulf, the west coast of the state or the east coast and hit the Carolinas.
“They were able to model those scenarios in advance and before the hurricane hit, they were able to make adjustments in where their products were shipped,” said Nolan. “They adjusted their logistic operations and they essentially kept all of the supply assets outside of the impact zones, and essentially avoided any disruption because they didn’t continue to move product or supplies or even people inside an area that was potentially going to get hit.”
Fusion works with some of the largest companies in the world and counts around 80 Fortune 500 firms among its clientele, along with many companies as small as 500 employees or less. The team has seen firsthand how important having a plan in place, besides just property and casualty insurance or business interruption coverage, is to a company’s brand.
“Those things don’t protect the covenant of trust that an organization has with their customers, and so that’s where we come in,” said Nolan. “How do we protect the brand and how do we protect the covenant of trust that an organization has?”