According to the international disaster database EM-DAT, over the past century, the number of natural disasters reported, the number of people affected by them and the cost of damage all increased significantly. As we build more and more infrastructure, and weave singular dependencies into our business networks, we increase risk—whether or not disasters happen more frequently. This pattern is continuing to play out, and unfortunately, our ability to incorporate resilience did not keep pace with growth and development, resulting in a higher cost of damage when disasters strike.
In 2000, lightning during thunderstorms caused a small fire in Philips’ chip factory in Albuquerque. The fire was put out within 10 minutes. Ericsson, a Swedish telecom company 4,000 miles away, depended on the factory as the sole source of many radio frequency chips. Because of this dependency, inefficient response, and extensive damage to the factory’s inventory from smoke and the sprinkler system, Ericsson experienced a production loss of $400 million and a share price loss of 14 percent—all due to a 10-minute fire.
Planning for Risk Needs to Catch Up
In 2013, only one in six small businesses had business continuity plans in place. This is a staggering figure considering that disasters already cost governments and businesses $2.5 trillion so far this century, resulting in disappointed customers, unnecessary downtime, property damage, loss of revenue, or in the worst scenario, loss of life.
By definition, disasters are rare, but have severe consequences. A Deloitte study found that many of the greatest market losses could be attributed to events that were deemed extremely improbable and which companies failed to consider in their risk strategies. Taking a chance that “it won’t happen to me” is not an effective or reliable risk management strategy.
As environmental risk becomes more prevalent and impactful, businesses can no longer ignore the importance of preparation. They must establish, test, and continuously update effective risk management and business continuity plans in order to minimize disruption from uncontrollable events.
Because weather-related disasters can occur in any season, it’s important for enterprise risk managers to develop and maintain an environmental risk plan year-round. Though some companies focus their risk strategies on tropical storms, other weather events can be impactful as well. Studies show that, annually, the United States has an average of four catastrophic winter storms and more than 1,200 tornadoes, generating a range of costly emergencies from communication failures to property damage to power outages.
Just one event can have catastrophic effects. For example, an EF5 tornado near Moore, Okla. in the spring of 2013 killed 24, injured 377, and leveled schools and homes, causing an estimated $1.5 to $2 billion in damages. A well-developed and tested environmental risk plan can help enterprises establish alternate measures, prevent loss, and avoid shutting down or slowing down operations when possible.
Beyond the Plan
Part of an environmental risk plan is establishing protocols around when to activate the plan—i.e., at what point does a potential or impending disaster require actions, such as communicating with stakeholders, closing facilities, rerouting supplies or evacuating. Without a plan that clarifies key action points, managers may react rashly and take unnecessary measures when there is no real risk—in other words, they end up crying wolf.
Therefore, it’s important to have a definitive, accurate and quantifiable method of determining when an impending risk calls for action, and which steps need to be implemented, so that it’s easy to make the right judgment calls.
Technology Can Help
There are tools that, when woven into an environmental risk plan, can help enterprises manage and react to uncontrollable events in a timely and effective manner. A consistent, real-time measurement of risk that considers multiple environmental data inputs can help managers compare and quantify levels of risk, and define corresponding actions. If the risk score is weighted by asset-specific values like manufacturing revenue produced by a facility or population served by a hospital, it can also help managers prioritize response.
Such a score can be used as a normative benchmark, with different levels of risk fueling different actions. For example, an environmental risk plan may dictate that management be informed when a certain facility’s risk score is 10 (out of 25), an official warning issued to employees at 15 and facilities closed at 20. By applying gradations to risk, the score provides a higher resolution view of risk rather than simply in or out of an impact zone. Thus, it eliminates the guesswork on when to take action, and helps managers prioritize the locations or assets experiencing the greatest risk. A risk index can also be analyzed over time to understand and evaluate risk on a seasonal or historical basis.
Automation can help certain elements of an environmental risk plan. Managers can use emerging technologies to set up thresholds and trigger automated alerts when a location reaches a certain risk level. This eliminates the need for an employee to monitor risk events continuously and notify team members manually. Thus, it helps reduce dependencies and single points of failure, and improves response times.
Becoming a Leader in Risk Management
As businesses become more complex (and therefore risky), the risk management industry is evolving and establishing normative practices. The Risk and Insurance Management Society, Inc. (RIMS) created the Risk Maturity Model for enterprise risk management, which can be used to evaluate an enterprise’s risk competency based on seven key factors, ranging from the organization’s risk culture and degree of executive buy-in for risk management practices to business resiliency and sustainability.
Risk managers can use the RIMS Risk Maturity Model to track their organization’s progress in achieving objectives as they transition away from reacting to risk on an ad hoc basis and become leaders in risk management.
As businesses adopt risk management practices, more technologies that quantify risks and help managers proactively respond to threats will surface, and damages from inclement weather and other external events will be minimized overall.