Events that can trigger potential crises for businesses and other organizations are becoming more frequent, severe, and diverse. Crises can arise from both natural catastrophes and human-driven events, including workplace violence, terrorism, civil unrest, and cyberattacks. Potential impacts to organizations can also vary, from physical damage and bodily injury to operational disruptions and reputational harm.
Insurance coverage can provide valuable support in the aftermath of these events. Effective crisis management planning and incident response, however, are also essential to preventing or limiting injuries, operational disruptions, and additional costs.
Planning, preparedness, and responsiveness
Among other areas, incident response and crisis management plans should identify:
The team members who should be involved in responding to an event. Individual participants could vary depending on the nature of an organization and/or a specific event, but various functions should be represented on incident response and crisis management teams. Plans should also clearly articulate individual roles and responsibilities.
Third-party resources that can be engaged before, during, and after a crisis event. Organizations should evaluate and secure key vendors — which may include restoration consultants, forensic accountants, mental health professionals, communications advisors, negotiation specialists, and outside counsel, among others — before an event so they can engage their services in an event’s immediate aftermath, when time may be a factor. Many insurance policies will reimburse insureds for using these services during and after a loss event; some also allow for their engagement before a loss.
Critical dependencies that could be affected by various types of events. What single points of failure exist in a company’s supply or value chain? What alternative suppliers or manual solutions can fulfill essential needs in the event of a disruption? If a crucial location is rendered inoperable, is there sufficient redundancy?
Plans should be regularly updated — at the very least, annually, but ideally more frequently. Material changes to businesses — for example, mergers and acquisitions, new product launches, and the closure of core facilities — can present important opportunities to review and update plans.
Working with outside crisis specialists
Businesses should consider engaging experienced specialists to help them build and maintain robust incident response and crisis management plans. Such services may be covered under various forms of insurance, depending on policy language.
Among other things, outside consultants can work with organizations to:
Assess and prioritize key risks for organizations based on the nature of their operations, including their industry, geographic footprint, and more.
Create and regularly update written crisis management plans that establish clear policies and procedures for crisis response teams across organizations.
Facilitate regular scenario testing and tabletop exercises, through which organizations can identify potential gaps in plans — for example, possible outcomes or action steps they previously had not considered.
Train workforces to better communicate internally and externally during and after a crisis event.
Provide support for crisis response team members and senior leaders during a crisis.
These efforts can help ensure that key stakeholders understand their roles and responsibilities and that organizations respond quickly and efficiently when a crisis strikes. This can help accelerate recovery, limit impacts on people and property, and, ultimately, reduce costs.
Insurance considerations
It’s vital that organizations understand — before a crisis arises — which forms of insurance may respond. Depending on the nature of a specific event, several commonly purchased insurance policies could be triggered, including property and business interruption, workers’ compensation, general liability, directors and officers liability, and cyber insurance.
Organizations, in consultation with their insurance brokers, may also wish to consider several nontraditional forms of insurance coverage that could respond to various events. These include:
Terrorism insurance. Government-backed schemes in many countries offer terrorism insurance. In the U.S., for example, organizations can purchase property terrorism coverage via the federal Terrorism Risk Insurance Program. This coverage, however, will only respond in specific circumstances — namely, to acts of terrorism committed on U.S. soil that are certified by the Treasury Department and result in losses of $5 million or more. Independently, organizations can purchase stand-alone property terrorism insurance globally, which can respond to smaller and less costly events, does not require government certification, and can offer broader terms and conditions.
Active assailant insurance. Active assailant policies can respond to acts by perpetrators using weapons with the intention to kill or cause physical injury, regardless of whether there is a political motive. These policies incorporate elements of casualty, property, and crisis response, providing coverage for bodily injury, physical damage, business interruption, loss of earnings, and legal liability for insureds. Policies also provide reimbursement for various pre- and post-event mitigation costs.
Keyperson insurance. This provides coverage for loss of life, permanent disability, and failed contractual agreements due to the death or illness of key people on which an organization is highly dependent. This can protect insureds against the cost of losing a key executive, the loss of cash following a critical illness, potential early loan repayment, and issues that could arise during mergers and acquisitions.
Stalking insurance. This coverage is triggered by repeated and persistent harassment of an insured person or intrusion into their privacy. It can cover the fees and expenses for advice from named response providers and, where necessary, the costs of temporary additional security.
Threat insurance. This covers individuals and organizations against threats to kill, injure, or harm insured persons; cause physical property damage; disseminate proprietary information; and imply that insured persons, insured organizations, or their property are at risk. Policies provide access to named response consultants, who can assess whether a threat is credible and advise what steps to take. The cost of temporary additional security can be covered up to the indemnity period.
Contingent business interruption insurance. This covers business interruption losses due to physical damage incurred by key suppliers and others an insured relies on. Typically, this physical damage must be of the same type as what is covered by an insured’s property and business interruption policy.
Support from senior leaders is crucial
C-suite executive involvement in crisis preparedness is crucial. It’s especially important that leadership is involved in tabletop exercises; although they can require significant time and other resources, senior leadership involvement can help confirm whether a plan will work when needed.
The result is less uncertainty, a better understanding of individual roles and responsibilities, and greater preparedness when a crisis strikes.
