Business Resiliency and Continuity
Organizations are facing a wide array of risks every day that threaten the viability of their business. Building business resilience and continuity is a critical function that all organizations need to integrate into their strategic plans.
Whether protecting against natural disasters or man-made risks such as cyber-attacks or acts of terrorism, having a carefully considered and effective business continuity plan can mean the difference between survival and failure when facing these types of events.
Risk Cooperative provides a measured and pragmatic approach to help organizations identify potential vulnerabilities and build up their overall business resiliency. Our approach is tailored to fit the organization’s needs and culture. Our team works as an extension of our client’s operations, providing full operational and implementation support.
Helps to assess an organizations overall business continuity risks, and financial exposure across the entire enterprise. Going beyond likelihood and severity, reviews incorporate correlations, interconnections and key relationships in the risk landscape.
Most enterprises are financially underhedged when it comes to complex risks, such as cyber threats, supply chain vulnerabilities, impacts of climate change and political risks. Quantifying precise measures of Value@risk can help contain these losses, while correctly framing resilience strategies.
Risk is not a static nor isolated object and yet most risk management frameworks attempt to confine risk to clean siloes. Agile Risk Control (ARC) offers all-hazard scenario planning and counterfactual analysis to help organizations see potential blind spots, run stress tests and strengthen against risk.
Running veritable fire drills, tabletop exercises and scenario-based stress tests can help sharpen organizational responses and decision making in the face of adversity.
The lack of transparency and oversight in supply chain management come with a cost for organizations of all sizes. Managing and mitigating supply chain and third-party risks means being able to quantify the economic and operational stakes, as well as the key relationships and dependencies. Our supply chain risk management analysis provides deep insights into the business impacts and implications on operating continuity.
Adding insult to a severely injured year, the waning days of 2020 saw a massive breach aimed at the U.S. government and other private businesses. Perhaps no entity experienced the greatest fallout than SolarWinds, an Austin-based company developing software that helps businesses manage their IT infrastructure.
Orion, network monitoring software developed by SolarWinds, became infected with malicious code which then infected approximately 18,000 SolarWinds customers. Several of the impacted companies include household names such as Intel, VMware, Deloitte, and Belkin.
Businesses of all sizes should revisit their cyber insurance policies in the aftermath of this widespread attack. While SolarWinds has the resources and sophistication to procure comprehensive Technology Errors & Omissions coverage (3rd party liability insurance covering their clients) and Cyber Liability coverage (1st party liability coverage protecting damage done directly to SolarWinds), it is important for all firms to understand how their own cyber coverage responds in the event a third party causes disruption to their systems.
Third party disruptions occur quite frequently; during the summer of 2019, ransomware targeted DDS Safe, a medical records backup solution used by hundreds of dental offices in the U.S. Through DDS Safe, hackers demanded ransom from these offices by deploying ransomware called REvil (Sodinokibi) and the software developers of DDS Safe elected to pay the hackers to obtain encryption keys for these dental offices. During that same summer, twenty-two municipalities in Texas were similarly hit with a ransomware attack via their outsourced IT services provider. Thankfully, no municipality paid the ransom because they either rebuilt their networks from scratch (which may have involved use of some taxpayer money) or accessed system backups.
In the case of the DDS Safe ransomware attack, many dental offices were down for days and could not treat patients, thereby forfeiting revenue. While DDS Safe’s cyber insurance policy paid for the encryption keys, an often overlooked impact of a cyber breach is the “indirect costs” involved. While operating a small business, every penny counts so missing days of revenue could threaten already razon thin margins. Thankfully, there is a solution.
Contingent Business Interruption
Contingent (or Dependent) Business Interruption provides coverage for a business in the event a third-party service provider, in many cases an outsourced IT service provider, experiences a breach or network outage which directly impacts that business. Many cyber insurance policies contain language including both a security failure, a failure caused by a cyber breach, and a system failure, an event caused by human error on the part of the third-party provider.
If the dental offices involved in the aforementioned DDS Safe ransomware attack had a robust cyber insurance policy containing contingent business interruption, they could file a claim to recoup some of the revenue lost during the period when their doors were closed. Sometimes, third-party software providers have business interruption coverage embedded in their Technology Errors & Omissions policy providing monetary relief for clients experiencing downtime due to a breach. Regardless, it is important for businesses to still carry contingent business interruption coverage to fill any gaps that may exist with the business interruption coverage provided by the software provider’s Technology Errors & Omissions policy.
By having contingent business interruption coverage, businesses can take the job of protecting their revenue streams into their own hands, rather than relying on the coverages provided by their third-party IT services provider.
Because foreign policy is climate policy, climate change is poised to upend the 21st century world order. It will redefine how we live and work, and change the systems of production, trade, economics, and finance. Yet, the world is woefully underprepared for climate change’s cascading impacts. COVID-19 has only underscored the inadequacy of our responses …
Because foreign policy is climate policy, climate change is poised to upend the 21st century world order. It will redefine how we live and work, and change the systems of production, trade, economics, and finance. Yet, the world is woefully underprepared for climate change’s cascading impacts. COVID-19 has only underscored the inadequacy of our responses to global crises and heightened the urgency of this call to action. 21st century diplomacy will have to raise climate ambition, shape the transformative systems change needed, and promote and facilitate new modes of multilateral collaboration.
To chart a new course forward, the Wilson Center and adelphi invited a diverse set of foreign policy leaders, analysts, and thematic experts from around the globe to elucidate the connections between climate change and broader foreign policy objectives. Global stability and prosperity depend on limiting the climate crisis and attenuating its impacts. Our success in meeting this challenge depends on unprecedented global collaboration, the achievements of which must become the North Star of diplomacy.
Risk Cooperative was honored to contribute to the Climate Change and Financial Stability section of this project. The article, co-authored by Andres Franzetti and Les Williams, is titled Leverage the Insurance Industry to Drive Climate-Proof Development speaks to opportunities for transformative change towards a decarbonized world that is both more prosperous and more equitable.
Read more about the project and contributions to other sections, including Climate Superpowers, Equity & Democracy, Multilateralism, the Geopolitics of Decarbonization, Mobility & Displacement, and Geoengineering. 21st Century Diplomacy
Dante Disparte, founder and chairman of Risk Cooperative, recently co-authored a book entitled Global Risk Agility And Decision Making. The book takes a lesson from the tragic Germanwings disaster: “Ironically, in protecting against a known risk, we can be exposed to entirely new forms of risk … fortified cockpit doors certainly made flying in commercial …
Dante Disparte, founder and chairman of Risk Cooperative, recently co-authored a book entitled Global Risk Agility And Decision Making. The book takes a lesson from the tragic Germanwings disaster: “Ironically, in protecting against a known risk, we can be exposed to entirely new forms of risk … fortified cockpit doors certainly made flying in commercial airplanes safer — or at least created the placebo effect of safety. However, in so doing, what seemed like an incredibly remote risk — being exposed to a suicidal airline pilot — manifested itself with great ease …”
Pacific Gas & Electric’s (PG&E) recent decision to cut power to 800,000 homes and businesses was a very difficult one for the utility. The actions taken stem from the record-setting 2018 Camp Fire caused by their malfunctioning equipment in the field.
The Camp Fire plunged PG& E into bankruptcy, and the utility’s mass outage seems to be taken out of an abundance of caution based on this past tragedy.
While nursing homes were evacuated; schools were left dark; and food, water and generators quickly disappeared from store shelves; the risk of a repeat Camp Fire was too great in the eyes of the utility. Other utilities in California, such as Southern California Edison and San Diego Gas & Electric, have considered pursuing this option as well, but PG&E is the only company in the nation conducting this operation on such a large scale.
On one hand, if PG&E did not conduct this exercise and their equipment accidentally sparked another wildfire, there would be a deafening outcry from the public. On the other, as is currently the case, PG&E cuts power on a large scale and hundreds of thousands are plunged into darkness. This is a classic Catch-22 scenario.
Part of the issue at hand is technical in nature. According to the San Francisco Chronicle there are tools available to prevent such a large blackout — one such method involves the use of devices allowing localized blackouts to avoid disruption on a massive scale.
PG&E does have this technology available in some parts of their grid, but it will take many months to deploy across its entire infrastructure. The situation is reminiscent to the Great Blackout of 2003, in which a tree branch in Northeast Ohio touching high voltage lines started a chain of unbroken events that resulted in the largest blackout in U.S. history, affecting approximately 50 million people.
One single point of failure in the power grid in Ohio that day is eerily similar to what Californians are facing; PG&E’s interconnected power grid needs more redundancy to prevent having to shutter operations on such a large scale.
Homes and businesses in California, and across the nation, can use this unprecedented planned blackout to revisit their own resiliency plans.
Are all backup generators functioning properly, and do homes and businesses have backup generators in the first place? Are flashlights fully charged and easily accessible? Are automobile gas tanks kept full on a consistent basis?
Businesses must revisit their own continuity plans, including analyzing insurance policies with their risk manager, especially because rolling blackouts are likely to occur in the future regardless of size and scope.
Business continuity plans go above and beyond simply preparing for planned blackouts. With climate change causing more calamities like severe storms and droughts, we must be prepared for all types of interruptions in our daily lives.
Better preparation will help keep Americans out of the dark.