Disaster Planning: An Insurance Risk Management Overview

Directors have a lot on their plate. The oversight of enterprise risk management may not be the most fun part of the job, but it's certainly part of the job.

2017 was another year full of natural disasters and cyber breaches. From Hurricanes Harvey, Irma, Jose, and Maria to the WannaCry and Petya ransomware attacks and the Equifax breach, events like these have directors wondering how to ensure that their businesses are better prepared for unusual but potentially catastrophic events. Insurance is, of course, typically a major part of a company's risk management plan.

I'm delighted to have co-authored an article with my friend Lane Finch, partner at Swift Currie, on the topic of planning for disasters for the Association of Corporate Counsel (ACC).

"Planning for Disasters" (which you can download on the ACC website or here on the Woodruff Sawyer website) offers a systematic approach for how businesses can prepare for hazards using both preventative measures and insurance coverage. The article provides a useful overview for directors who may not have a background in insurance and risk management.

Disaster Risk Management: The Basics

Let's look at some of the basics when it comes to preparing for a disaster from an insurance perspective …

Property Insurance

The typical property policy will cover damage from fire, windstorms, hail, civil unrest, and explosions. Commercial policies will typically contain three basic types of coverage:

1. Property damage coverage for physical loss
2. Business income coverage for loss of profit and unavoidable expenses
3. Expense coverage for the policyholder's additional costs

Unfortunately, flood is typically excluded from a property insurance policy, but flood insurance can be purchased (with significant limits) to cover things like water damage from hurricanes.

Business Interruption Planning

Business interruption preparedness consists of two major steps:

1. A plan to minimize the interruption of business due to disaster
2. Insure for the things that cannot be avoided

On the insurance front, business interruption insurance protects against prospective earnings and lost profits when your business is directly impacted by a disaster.

Contingent business interruption coverage can help with losses that are not the result of direct physical damage but were nevertheless experienced, for example, if the company's supply chain was disrupted by a disaster.

There are nuances to each type of policy, and the ACC article goes into more depth on what to watch for.

Cyber Coverage

Every company that uses technology or stores information is at risk for a cyber event—which is to say, all companies today. As with business interruption planning, cyber risk management starts with planning for how a company will respond to a cyber attack. Insurance is a part of that response plan.

Cyber policies today include coverage for things like:

• Network security liability
• Privacy liability
• Regulatory investigation defense
• Crisis management expenses
• Cyber extortion
• Network business interruption
• Data asset protection

Cyber insurance is a robust topic all on its own. My colleague Lauri Floresca's blog, the Cyber Notebook, provides a useful resource in this regard, including her 101 overview of cyber liability insurance.

For a more in-depth look into the basics of disaster planning for your business, download the article, "Planning for Disasters," on ACCDocket.com.