Crisis as a Peril – A Disruptive Approach to Insuring Crisis
CRISIS AS A PERIL™ HOW DO YOU PREDICT.PLAN.PERFORM.®?
This article originally appeared as the cover feature of The Insurance Letter, April 2016 issue
What is the biggest risk your organization faces? If common exposures like fire, workplace violence, malpractice, or the myriad of other known vulnerabilities were the first thing to come to mind, think again. There is a far greater problem lurking. Crisis! Crisis as a peril. Crisis as the cause of the damage to your business, your brand, your company’s existence.
A crisis evolves from situations where the vulnerability or exposure is unknown, no plan or mitigation strategy exists, and therefore the response and communications are sub-optimal. In today’s technologically advanced world, the crisis environment feeds on itself due to texting, tweeting and other less than optimal methods of communication. Rumor and innuendo get repeated and become “truth.” The crisis becomes its own exposure threat. The crisis, like an explosion or an incidence of workplace violence, creates its own damage. The effects of a crisis can be instant and catastrophic, or chronic.
Once a company has gone through a crisis, the long term effects, if unrecognized and mismanaged, can have far-reaching effects. Often, issues like employee attrition due to loss of trust and morale go unnoticed until the problem is irreparable. Often, customers and clients develop a subconscious bias that makes them more susceptible to a competitor’s advances.
Harry Rhulen, CEO, Firestorm
Fire. Flood. Cyber. These are known risks. They are manageable, mitigatable, and controllable. Crisis, by its very nature, is wild. It thrives on a lack of structure, organization, and response. For example, the company has a fire and a crisis ensues. There is a workplace shooting, and a crisis ensues. Therein lies the opportunity; crisis has always been thought of as the after-effect of some other peril. This thought process is outdated and dangerous.
Individuals responsible for managing a risk must understand “Crisis as a Peril”™. Regardless of the cause, the damage done by the crisis can be far greater than other perils. The company can insure for fire, and the insurer will bring in resources and get the business rebuilt. Similarly, the company can ensure for cyber liability and the insurer will bring in experts of all kinds, including a “breach coach” to help manage the situation. So who helps when there’s a crisis?
When your organization conducted its formal vulnerability and threat analyses, many exposures were identified. These are the things you “know.” When you conducted your test exercise, the after-action hot wash highlighted some areas for improvement – things that were missed. These are the things you “know you didn’t know.”
All of the things you know and all of the things you know you didn’t know are manageable. You can update your emergency response, crisis management and business continuity plans. You can build a cyber response strategy that meets best practices. You can install a workplace violence prevention program that stops the gun from ever coming to work. Where planning often fails, is working on those things that you “don’t know that you don’t know.”
The biggest risk an organization faces is the unknown. The unknown is a demon that feeds on change. As the world around us changes, new and exciting opportunities are created, but so too are the vulnerabilities multiplied. What we “don’t know that we don’t know” grows every day.
In the 1980s and 90s, digital technology found its way into the workplace and the efficiency gains were astronomical. Back then, it was suggested that people would be able to work a four-day workweek as machines were doing so much. Little did we understand that the increase in productivity would increase the workload exponentially. This “technology rate of change revolution” has found its way into every aspect of our lives, but at what cost?
In the early days of our digital lives, computers were constrained by issues of storage, CPU power, size, heat buildup, and many other problems. Slowly but surely, the tech world has solved these problems, to the point where technological change is happening at a pace that – for the average person – is impossible to comprehend. This “rate of change” is one of the scariest exposure of all.
As technology changes the world around us, the things we know, become the “things we knew.” The list of things we don’t know grows every day, and the things we don’t even know to look for multiply as well. The “rate of change” is a major issue – one of which all risk managers must be aware.
Technology has changed the way people do everything. It is changing us on a fundamental level as humans. Perhaps, most importantly, it has changed the way we interact and communicate. In the business world, the first major change was when verbal, face-to-face communication gave way to the telephone. Then, in 1971, the first e-mail was sent. It took a while, but the efficiency of e-mail replaced the normal phone call. In recent years, text messaging has begun to replace e-mail for quick response.
Every change in technology comes with a cost, however. The efficiency of getting your message into 140 characters, and getting immediate response is overwhelming, but so much important interaction is lost. The new generation, the Millennials, who are our employees, our customers, and our clients all carry a smart device that has become an essential part of their being. They receive continuous information from the device and it is an extension of their brain. It is literally as if their brain had an external hard drive and publishing device. They expect instant update and response in every area.
This digitization of our communication process, both receiving and sending information, has fundamentally changed the human condition. The gap between the generations is growing at an increasing rate. This is one more contributor to the “rate of change.”
Did you know that your next car will probably have technology that has the ability to override driver input in what the car “sees” as unsafe conditions? The car you buy after that one, will drive itself. Are you aware that artificial intelligence has now gotten to the point where you can have a conversation with the computer and not realize that it is a computer? What about drones and robots? Are you up to speed?
So what does this all mean? What is the biggest risk your organization faces? It is the impact of the unknown. It is the “rate of change” that every day widens the gap between what is known and unknown. It is the crisis created by the thing which is lurking in the dark.
Like all demons, those lurking in the dark can be managed once exposed, but when and at what cost? Before ship owners started spreading risk, by contract, in Edward Lloyd’s coffeehouse in 1688, risks were borne by the individual. Since that time, insurance has become a tremendous tool for spreading the financial exposure and managing the vulnerabilities facing an organization. In today’s world, however, there is a new twist on an old problem.
Insurance policies are great for covering the exposures that we “know.” New coverages are designed for emerging risks every year. There have always been new risks and new policies, but now, the rate of change issue means that the insurance industry can’t keep up. There are too many unknown risks. What is the result? Crisis!
What if your company were the first to have a cyber breach? What if there were no insurance, no mitigation strategy, no resources? That is the problem with unknown exposures. It does not, however, need to be that way.
If the company views crisis as a peril, it can be planned for like any other. In fact, it can be insured.
Currently, the crisis management endorsements offered by many insurance companies are inadequate and ineffective. They treat crisis as the outcome of an insured peril. They have onerous triggers and provide little assistance. Bringing structure to the crisis management process changes the entire picture.
Viewing crisis as a peril allows companies to prepare. Crisis communications plans can be developed, exercises performed, people trained, etc. Insuring crisis as a peril will allow necessary resources to be brought to bear. A Crisis Coach® will be assigned and the overall event will be mitigated to the greatest extent possible. Companies in crisis need assistance and direction. Regardless of how well they plan and practice, having experienced crisis managers to coach them through will absolutely result in better outcomes, reducing the frequency and severity of loss.
Whether your company’s next crisis comes from known perils, drones, unmanned vehicles, twitter or whatever the new unknown is, you can prepare. Viewing crisis as a peril will allow you to develop plans, processes and procedures. Currently, there is a carrier working on a crisis specific policy, one that recognizes crisis as a peril. Once it is available, your organization will be able to purchase a policy which gives you the resources necessary to make good decisions, quickly, in the crisis environment. You will not have to meet the onerous requirements currently in place to have resources available to mitigate or eliminate your company’s exposures.
Your company may be the first to have a loss created by the newest unknown exposure, but you can and must prepare. View crisis as a peril and you’ll be able to see the unknown in a whole new way. You can shine a light in the dark corners.
“What should we do now?” “What should we say?”