As supply chains become ever more complex and companies become more global in scale, the risks of disruption and interruption are becoming more critical. The ability of your business to anticipate and prepare for such scenarios can go a long way toward determining your success in getting product to market in a timely manner, ultimately keeping your customers satisfied and your reputation intact.
The 2015 Allianz Risk Barometer, a survey of more than 500 corporate insurance experts and risk managers from 47 countries, revealed that concerns related to business interruption and supply chain risk, natural catastrophes, and fire and explosion continue to top annual rankings. However, cyber risks, which include cyber-rime, information technology (IT) failures, espionage and data breaches, along with political risks, moved up significantly.
Business Interruption and Supply Chain Risk
It’s no surprise that business interruption and supply chain risk are the threats that worry executives most. An unexpected disruption can sometimes take companies years to overcome, potentially impacting their balance sheet and/or damaging their reputation in the process.
The increased interconnectivity of the global economy manifests in increasingly more complex production processes with higher economic values. This heightens the implications for business interruptions and means potentially larger losses than in the past.
In today’s world, you’re not just dependent upon your internal suppliers, such as company-owned facilities making parts for your own manufacturing process, but you’re also reliant on external suppliers and vendors with whom you have less control. Procurement is seeking external suppliers who may provide critical parts for the lowest price, but these same suppliers may also be in parts of the world more prone to natural catastrophes or political unrest. These external suppliers may also have supply chain concerns of their own if they’re relying on other suppliers who are suffering from interruptions, creating a multiplier effect.
Businesses need to analyze their production processes in light of the various risks that can cause business interruption. Collaboration between different areas of the company—such as purchasing, logistics, product development and finance—is necessary to develop robust processes that can identify break points in the supply chain. Developed continuity plans need to reach a level within an organization where they can be most effective.
Many aspects of business interruption risk relate to the impact of non-physical damage events, such as product quality incidents, cyber-attacks, civil unrest, loss of talent and the impact of failure in service delivery by a supplier. Non-damage business interruption is becoming a much bigger issue as companies look to protect against a range of exposures, such as strikes, a government authority closing down an area linked to a disease outbreak or civil commotion. Coverage for this type of interruption is increasingly important in an environment in which there is greater time-critical dependence upon third parties, delivery of raw materials and components and a changing risk landscape not supported by traditional business interruption insurance.
Natural catastrophes, such as earthquakes, hurricanes, floods or tornadoes, continue to be foremost in the minds of many risk managers, ranking as the second biggest business risk. They can impact important facilities, critical parts of the world, or whole sectors or infrastructure, such as power suppliers. These events can have far-reaching effects, causing disruptions in areas across the globe that weren’t directly hit by the catastrophe. By establishing alternate suppliers in different regions, the risk of major losses due to natural catastrophes can be mitigated.
Fires and Explosions
Concerns about fires and explosions were the third most highly rated risk in the annual survey. This is a perennial concern given that there is constant risk with certain facilities, such as those without sprinklers and those that house ignition sources. While there are ways to mitigate this risk, these occurrences still happen and need to be addressed.
Changes in Legislation and Regulation
Risks associated with changes in legislation and regulation, considered the fourth biggest concern in the survey, primarily affect the financial industry. However, they can also have repercussions on the supply chain.
For example, an increase in concerns over pollution could result in the introduction of strict legislation in a short timeframe that could impact supply chain availability. Similarly, sanctions imposed by one country on another country could jeopardize the availability of critical supplies.
Cybercrime, IT Failures, Espionage and Data Breaches
The risk of cybercrime and IT failures increased substantially in the last few years, going from the 15th largest business risk concern in the 2013 survey to the fifth largest risk concern in 2015. The rapid rise in concern is well-founded, as a wave of recent data breaches at big-name companies, such as JPMorgan Chase, Home Depot and Target, raises questions about the private sector’s effectiveness in safeguarding important data such as credit card information and social security numbers.
Cyber-attacks are increasing, both in number and sophistication. According to Kaspersky Lab, a successful targeted attack could cost a company as much as $2.54 million, which includes direct losses, as well as expenses required after the incident, including the loss of business opportunities from a tarnished reputation, investments in services to prevent additional incidents, and security training for IT staff and employees.
Given that today’s supply chain relies on a complex network involving the movement of goods, services, funds and information across a range of parties worldwide, it’s vulnerable to cyber-attacks, disruptions and espionage. Companies should incorporate a security model that addresses the failures that can occur from end to end along the supply chain so the effect on customers is minimized.
Although awareness of cyber risks is increasing, the different impacts are still underestimated, often because identification and evaluation of threat scenarios is not easy. Inadequate budgets also leave companies unprepared to fully combat cyber risks.
The Importance of a Risk Management Process
Given the central role the supply chain plays in the ultimate financial success of a company, it makes sense to address the range of risks that can have an impact. However, despite the potential for considerable losses stemming from natural catastrophes, cyber-attacks and business interruption, it’s an area that’s often overlooked.
A formal risk management process can help control the risk of possible future events. It involves identifying the specific risks facing your supply chain, prioritizing them based on likelihood of outcome and potential loss, and creating mitigation plans for risks considered to be the highest priority. Given the ever-changing nature of the business environment, risk management should be an ongoing process.
Insurance companies can partner with businesses to minimize the financial effects of both daily supply chain risks and catastrophic disruptions once the loss occurs. They can also help companies find solutions to prevent day-to-day problems that result in losses, thereby avoiding the disruption and subsequent claim settlements.
Thomas Varney is the regional manager for Allianz Risk Consulting in North America.