Category Archives: Disaster Recovery

Immediate Vault Immediate Access

A TechRisk/RiskTech Reading List from Risk Management Magazine

Posted on by

Last week, the RIMS TechRisk/RiskTech virtual event featured two days of education content on some of the biggest challenges and opportunities in modern risk management, focusing extensively on cyberrisk as well as risktech—the latest technology tools and techniques for managing risk. As the presentations made clear, technology introduces some of the greatest risks to organizations, but also some of the most promising innovations to introduce or enhance risk management.

“We all know that, ‘As fast as a business develops a strategy to protect their organization’s digital assets, cyber predators have already figured out their next move,’” said Patrick Sterling, vice president of legendary people and risk management at Texas Roadhouse Restaurants and 2022 president of RIMS. “So, risk professionals must do what risk professionals do best: We must adapt. And we must adapt quickly.”

“We can’t forget about the risks that preceded this pandemic, and top on that list stands technology,” Sterling added in his address during the event. “Cyber gets a bad rap—when we talk about risk, we must remember risk can lead to positive outcomes. While greater dependency on technology has opened the door to more threats, it also allows us to improve processes, keep employees safe, boost efficiencies and engage our customers in a whole new way.”

As a RIMS virtual event, the content from TechRisk/RiskTech will be available for attendees or new registrants to view on-demand for the next 60 days, and you can check out the sessions here.

Following the TechRisk/RiskTech event and last Friday’s international Data Privacy Day, risk professionals who want to learn more about cyberrisk and risktech topics can also check out a wealth of related articles from Risk Management Magazine. Whether you would like to keep up the education after attending TechRisk/Risktech or just want to catch up on topics like cyberrisk, ransomware, cyber insurance, risktech, artificial intelligence, the internet of things and connected devices, and other technology that can help manage risk, here’s a roundup of recent Risk Management articles on cyberrisk and risktech:

Tech Risk (Cyberrisk):

Risktech:

Tornadoes Devastate Midwest and Southern States

Posted on by

Last week, a series of tornadoes ripped across the Midwest and Southern United States, killing dozens and crippling infrastructure in Arkansas, Illinois, Indiana, Kentucky, Mississippi, Missouri, Ohio and Tennessee. While Karen Clark & Company has estimated that the insured loss from the tornado outbreak will be about $3 billion, and credit rating agency Fitch predicted that losses would total $5 billion, Dr. Joel N. Myers, AccuWeather founder and CEO, estimated that the tornadoes are expected to cost about $18 billion in total damage and economic loss. Mark Friedlander, director of corporate communications at The Insurance Information Institute, said, “Based on preliminary assessments of the extensive property damage we are seeing across multiple states, this weekend’s tornado outbreak has the potential to be the costliest on record in the U.S.”

As of Monday, 88 deaths across the region had been confirmed, but over 100 people are also missing, which means the death count may be higher. The cyclones killed more than 70 people in Kentucky, the hardest-hit state, leaving thousands homeless and knocking out power for more than 25,000 in the western region of the state. Additionally, 10,000 Kentucky homes and businesses reported being without water, and another 17,000 were under boil-water advisories, according to the Kentucky Division of Emergency Management.

Across the entire affected region, 750,000 customers were left without electricity. These outages have complicated search and rescue efforts, as rescue workers excavated destroyed buildings, searching for people who are still missing. In Mayfield, Kentucky, for example, the city’s main fire station and multiple police stations were inoperable, and the city was scrambling to find new ways to field emergency calls.

Also in Mayfield, at least eight people died at a Mayfield Consumer Products scented candle factory after workers reportedly pleaded with supervisors to let them leave the building after warning sirens sounded and an initial twister had passed with little damage, only to be threatened with firing if they did not continue working. Over 100 workers were trapped inside the building after the next tornado leveled it. Several survivors have already filed a lawsuit against the company, citing “flagrant indifference” to worker safety, and that the company “knew or should have known about the expected tornado and the danger of serious bodily injuries and death to its employees if its employees were required to remain at its place of business during the pendency of the expected tornado.”

Another tornado struck an Amazon warehouse in Edwardsville, Illinois, killing six people and injuring another. Amazon claims that it took all necessary precautions, but family members of victims have alleged that the company prioritized productivity over worker safety by not heeding tornado warnings and not adequately preparing employees for emergency weather safety responses. Amazon pledged to help workers and their families affected by the tragedy by donating $1 million to the Edwardsville Community Foundation, a charitable trust that benefits regional communities. OSHA is reportedly investigating the Amazon warehouse, and Kentucky state regulators are investigating the Mayfield Consumer Products event.

While an Amazon spokesperson noted that the company’s warehouse was up to code, Illinois governor J.B. Pritzker also promised an investigation into whether building codes needed to be updated, “given serious change in climate that we are seeing across the country.” Scientists say that climate change may have changed normal weather patterns and led to these tornadoes’ increased intensity and reach, with record warm temperatures across the region potentially exacerbating the disaster.

Businesses and risk professionals should prepare now for more frequent and intense weather events. The following recent Risk Management articles may help:

RIMS Risk Forum India 2021: Building Resilience As COVID, Cyberrisk Top Business Risks

Posted on by

An increasingly key theme year over year, resilience is at the root of the latest Excellence in Risk Management India report from Marsh and RIMS—and the RIMS Risk Forum India 2021 virtual event, where the report was officially released today. In the second year of the COVID-19 pandemic, risk professionals in India reported acute short- and long-term concerns about the interconnected risks of COVID-19 cases, global economic recession, and surging cyberrisks amid shifts in work arrangements.

In addition to the death of more than 5 million people in India, the pandemic has taken a considerable economic toll on the region. “According to the Organization for Economic Co-operation and Development (OECD), India’s economy contracted by close to 8% in 2020, while the world’s economy contracted by 3.5%,” the report noted. “Despite the OECD’s projections for economic expansion—both in India and globally—in 2021 and 2022, the potential for a prolonged global recession remains a concern for organizations in India.

buy fildena online orthomich.com/img/blog/jpg/fildena.html no prescription pharmacy

Previously one of the top risks for India-based risk professionals before COVID-19, cyberrisk has also increased significantly with the pandemic and the shift to remote work. “The shift to a remote workforce necessitated by sweeping lockdowns to stem the spread of the pandemic is widely seen as having increased cyberrisk,” Marsh and RIMS noted. “The Indian Computer Emergency Response Team (CERT-In) data indicated that cyberattacks in India rose by 300% in 2020, according to news reports. And cyber risk remained elevated in 2021, with more than 600,000 cybersecurity incidents reported in the first six months of the year alone, according to CERT.”

The continuing pandemic, resulting fallout, and ever-growing cyberrisk have presented the biggest risks for organizations in India in 2021, and the survey indicates that local risk professionals expect these to dominate the agenda for businesses in the year to come.

Despite the considerable concern, few respondents said their company is fully prepared for the continued fallout from COVID-19 or future pandemics. Asked to rate their organization’s preparedness from 1 to 5 (not prepared to fully prepared, respectively), the majority of India-based risk professionals ranked their organization a 3, and only 10% said they are fully prepared. While cyberrisk has been a top threat for longer, preparation is not much better for the threat—only a quarter of Indian companies said they are fully prepared for a cyberattack. This is particularly concerning as “some extent of remote work is expected to remain, leading to concerns of increased cyberattacks due to unsecured home networks,” Marsh said in a press release.

According to the report, this underscores the imperative to develop robust risk management strategies for both current and emerging risks and to focus on building resilience. Marsh identified four “common behaviors among companies that are on the path to becoming more resilient”: anticipating risk, connecting risk management to business strategy, avoiding gaps in the perception of preparedness, and measuring relevant data. Marsh and RIMS explained these further, defining key pillars that have set successful businesses apart, and potentially also offering considerations for other organizations to develop more mature risk management programs:

  • Anticipation: Resilient companies expect the unexpected. They have crisis management plans in place, but they also dig deeper, look farther ahead. Consider that during the pandemic even organizations with thorough business continuity plans struggled. Why? Many of them didn’t fully anticipate the widespread, long-lasting damage a pandemic could create.
  • Integration: Another key behavior among resilient organizations is to fully integrate risk management with operations and strategy. Doing so increases the ability to develop effective responses. Most organizations do not connect resilience planning with their long-term investment strategy. Those that do make the connection are on the path to better mitigating financial exposure, reputational damage, business interruption, and other losses.
    buy solosec online orthomich.com/img/blog/jpg/solosec.html no prescription pharmacy


  • Preparedness: On the journey to resilience, it’s important to develop an accurate perception of an organization’s preparedness. A false sense of security can halt an organization in its tracks. Companies often overestimate how quickly and effectively they will be able to respond to and recover from a given risk.
    buy antabuse online orthomich.com/img/blog/jpg/antabuse.html no prescription pharmacy

  • Measurement: There is no shortage of data and analytics in today’s business environment. But consistently applying metrics can be a stumbling block. Many companies fail to conduct a high rate of modeling and forecasting even on risks they see as important. And among the companies that do so, most only model in select areas.

Marsh and RIMS recommended that organizations in India focus on resilience heading into 2022 and beyond. “Resilience means being able to absorb the impact from a range of emerging risks and depends in large part on having robust risk management strategies in place,” the report explained. “This includes anticipating risk, connecting risk management to business strategy, ensuring your organization’s perception of preparedness doesn’t lead to a false sense of security, and measuring relevant data.”

Respondents largely indicated that their organization planned to increase investment in risk management, with 55% saying they expect increased resources, 27% expecting investment to stay the same, and only 4% expecting a decrease. This could be a critical differentiator in navigating COVID-19 recovery and other emerging risks in 2022. Indeed, 42% cited budget at the most critical barrier to understanding the impact of emerging risks on risk management.

Among the takeaways from the report, Marsh and RIMS urged organizations to invest in preparedness. “Look beyond pandemic as you develop a risk management strategy that is prepared to respond to any number of emerging risks,” the report said. “For example, shifting work patterns have intensified an already escalating cyber risk landscape that calls for a range of responses, from scenario planning to financial quantification.”

In addition to a panel on the Excellence in Risk Management India report, the RIMS Risk Forum India 2021 virtual event includes a number of sessions that address resilience challenges and opportunities for risk professionals in India. The program includes keynote addresses by Ajay Srinivasan, chief executive officer at Aditya Birla Capital Limited (ABCL), and Dr. Soumya Kanti Ghosh, group chief economic advisor at the State Bank of India, as well as education sessions like “Cyber Risk Management: A Priority for a Resilient Economy,” “Climate Risk and Your Path to Resilience,” “What COVID-19 Has Taught Us About ESG Risks and Why Risk Management Needs to Change,” and “Breaking the Chain: How Understanding Business Interruption Exposures Can Mean Supply Chain Resilience.”

The RIMS Risk Forum India 2021 virtual event continues tomorrow, December 4, and sessions will also be available for on-demand viewing for the next 60 days. Registration can be found here: https://www.rims.org/events/rf/india-forum-2021

Should You Revisit Insured Property Value Estimates?

Posted on by

One of the first steps in obtaining commercial property insurance is to determine the value of the property being insured. The reported property value will drive premium amounts and, importantly, represents the property loss exposure.

Some commonly used property valuation methods include: obtaining an appraisal from a third-party firm; utilizing fixed-asset records adjusted for cost inflation; or using a simple benchmarking factor, such as dollars per square foot. In some cases, utilizing a simplified valuation approach can provide a reasonable value estimate with minimal effort. On the other hand, performing an appraisal (which insurers typically consider the “gold standard”) can provide much-needed accuracy and thoroughness, but will require a greater commitment of time and resources. 

At times, elevating the accuracy of a property value estimate can provide significant advantages during the insurance placement process. The key for risk managers, brokers and insurers is to recognize situations in which an accurate and comprehensive property valuation is critical. Consider these eight factors in the context of the insured property to see if a deep dive into the value estimate is necessary:  

  1. Size of exposure and riskiness of operation
    When property exposures are immense or operations are inherently risky, a thorough estimation process should be conducted every three to five years. Refineries and chemical processing plants with billion-dollar exposures and high-risk operations are a prime example—the stakes are too high to rely on cursory valuation methods over the long term.
  2. Changes in costs  
    Over time, some property costs will change more than others. These fluctuations are primarily driven by changes in technology, capability, and material and labor costs. As of this writing, there have been significant increases in commodity prices such as steel and lumber, which are driving up the costs of new property and equipment. When property is subject to a rapidly changing cost environment, this complexity needs to be carefully considered within the estimation method.  
  3. Complexity and scope of property 
    Global operations and complex properties often require a thorough analysis to be performed periodically. There is simply too much detail and nuance to use an abbreviated estimating approach for an extended period without introducing the possibility of significant error. Many global firms establish a multi-year process in which a comprehensive analysis is performed on a portion of properties each year.  
  4. Type of capital expenditures 
    A company’s capital expenditures typically represent either new asset additions or improvements to existing assets. Accounting for new assets is a straightforward process of addition. However, capital expenditures that represent improvements in condition may not translate directly into increasing replacement value for insurance purposes. This is a frequent occurrence within heavy industrial and processing operations and can result in an overestimation of value if not properly analyzed.  
  5. Major changes to business or operations 
    Major changes within a business, such as reconfiguring a manufacturing facility, adding production capacity, acquiring new businesses, consolidating operations, or relocating an operation, are likely to result in changes to the property and assets. Making a diligent effort to assess these circumstances in detail will help establish an accurate property value that can be used going forward.  
  6. Insurance market conditions 
    As of this writing, the property insurance market has experienced substantial price increases for three consecutive years. When insurance prices are high, developing an accurate estimate of property value will provide assurance that the coverage is neither more nor less than necessary. Developing reliable and accurate value estimates can also be a key differentiator for insureds when engaging with insurers in a difficult market.  
  7. Recent losses reveal inaccurate value estimates 
    Insurers will seriously question the validity of reported property values if a recent property loss reveals large inaccuracies in reported value estimates. In this case, performing a comprehensive valuation of the insured property is the best course of action.  
  8. Adjusting value estimates over time 
    Many companies adjust value estimates from the prior year to account for cost inflation. The accuracy of this approach will diminish over time. For typical commercial properties, conducting a comprehensive valuation every five to eight years can help recalibrate value estimates.  

Correctly valuing insurable property is one of the most critical inputs for managing property risk. While a shorthand valuation estimate may suffice in some circumstances, it is not a perfect solution to every situation. Sometimes there is no substitute for a thorough and diligent value estimate. Striking the right balance between valuation accuracy and effort requires knowing when an estimate is good enough and when it is not.