While having an insurance policy in hand can offer a company the comfort of a reimbursement after a fire or an explosion destroys plant or equipment, it is no more than a drop in the bucket when a massive cyber attack threatens a company’s ability to continue as a going concern.
“I don’t even know how to begin to think about insuring the economic loss that would happen to the company for breach of customer data. It could literally change the long-term financial profile of the business” Kray Kibler, CFO and chief operating officer of Scrip Cos., tells CFO in “In the Trenches of the Cyber War.” (See bottom of this story for descriptions of the articles in this special report.)
Long before they even think about buying insurance, finance chiefs should immerse themselves in the details of their companies’ assets and develop a loss-control plan aimed at protecting them — and even get involved in executing that plan. In Kibler’s case, he and the other members of his finance team meet regularly in his office to construct a flow chart on his white board to plot out how data fraudsters breach the company’s payment systems. “That’s the kind of thing we have to do in the trenches, order by order, to mitigate this risk,” he says.
Another area in which finance chiefs would do well to get into the nitty-gritty of loss prevention is in managing their companies’ cars and trucks, according to Rich Bleser, a fleet safety specialist with Marsh Risk Consulting. One particular problem is rear-end collisions, the most preventable and most common type of auto-fleet mishap, with costs averaging more than $30,000 per incident, he writes. To keep employees safe and financial losses down, CFOs would do well to check into issues like driver credentials and fleet maintenance.
Unfortunately, though, senior executives at family-run companies large and small, are often content with a “siloed” approach to risk management that hurts their companies’ ability to control losses, authors Linda Bourn and Paul McKibbin contend.
Dividing up risks “by exposure type, by entity and by accountability of decision making, across families’ personal holdings, business and investment interests” makes it tough to gauge company-wide risk exposures and then plot out adequate loss control and insurance strategies, they say.
Tightening up your company’s defenses against potential losses demands both good strategy and the ability and willingness to dive down into the details, the report’s authors advise.