Amid catastrophic events such as political strikes, cyber-attacks or natural disasters, business interruption scenarios are evolving rapidly.
In fact, the risk of business interruption is rated at number four on the list of top 10 risks according to Aon’s Global Risk Management survey.
“Business interruption insurance is designed to compensate the business for the financial impact of the interruption or interference as a result of the insured suffering physical damage to the insured property or other key external events, for example damage at a key customer or a supplier’s depot, or own operations that prevents the normal business operations from continuing and generating revenue,” explains Tony Webster of Aon South Africa.
Aon’s global risk management survey identifies three trends that are elevating the necessity for business interruption insurance:
* Man-made disruptions such as political protests and labour strikes are making headlines regularly. They cripple business and government operations, as well as transportation infrastructure. As a result, organisations with operations or critical suppliers that are affected by it face a threat to the continuity of their businesses.
* More and more organisations rely on digital technology to improve operational efficiency and manage their supply chains. They are, however, becoming more vulnerable to cyber-attacks which have emerged as a major cause of business interruption.
* Apart from man-made disruptions, natural disasters also inflict hefty damages globally. In its 2018 annual report, Aon’s Impact Forecasting team documented 394 natural catastrophes. Of those, 42 were billion-dollar events. As a result, 2017 and 2018 were the costliest back-to-back years on record for economic losses ($653 billion) solely due to weather-related events.
“South Africa finds itself in a dynamic situation where all three these trends are impacting business financially,” Webster point out.
“Firstly, climate change has created volatile weather systems, leading to more severe rainstorms, drought and wildfires.
“Secondly, emerging incidents such as cyber-attacks and internal data breaches are occurring more regularly, and while these disruptions may not cause any physical damage, they result in similar, if not greater, financial losses.
“Thirdly, South Africa’s business sector is bearing the brunt of political unrest and service delivery strikes,” he adds. “The dynamic interplay of these risks is often underpinned by a complex supply chain that brings its own set of risks to the table.”
This complexity often serves as a barrier when trying to determine the level of built-in resilience an organisation has and attempting to design appropriate risk financing and mitigating programmes. In some cases, existing insurance protections may not even meet the business’s changing needs.
“Risk managers should take a much broader view of risk, both traditional and emerging ones, and address it in a coordinated and holistic way,” Webster says. “Being prepared enables companies to keep operating or at least minimise the losses during natural disasters, cyber or terrorist attacks or reputational crisis.
“While insurance can cover some of the property and operational losses, it cannot make up for the loss of market share, reputational damage, decline in investor confidence, or a decline in the share price caused by an interruption.
“Therefore, a fortified and robust business continuity plan will boost a company’s resilience in the event of a business interruption event.”
Aon recommends the following in planning a BI strategy:
* Identify risks and analyse existing insurance policies; and matching those with international programme solutions.
* Evaluate a company’s overall risk picture and the probability of risk events actually occurring in order to calculate the amount of potential loss.
* Applying concrete measures and procedures to manage risks by implementing constructive risk engineering, risk financing and change management solutions.
* Control different risk measures at every phase and put effective and sustainable risk management on a firm footing.
“Continuity plans should always be ongoing works of improvement and constant risk mitigation. Everyone in the business should be asking what the worst-case scenario could be, and as a business, how to respond to it,” Webster concludes.