Potential for hurricanes and storm surges, the possibilities of wildfires and sinkholes, and an extensive coastline make Florida rank as the state with the highest risk of property damage from natural hazards, according to a new analysis by CoreLogic. Second on the list is Rhode Island, with Michigan coming in with the lowest ranking for risk.

The analysis was derived from the Hazard Risk Score (HRS), a new analytics tool that gathers data on multiple natural hazard risks and combines the data into a single score ranging from 0 to 100. The score indicates risk exposure at the individual property and location level, CoreLogic said. In calculating an overall score, the probability of an event and the frequency of past events are significant contributing factors to determine risk levels associated with individual hazards, along with each hazard’s risk contribution to total loss.

“Florida’s high level of risk is driven by the potential for hurricane winds and storm surge damage along its extensive Atlantic and Gulf coastline, as well as the added potential for sinkholes, flooding and wildfires. Michigan alternatively ranks low for most natural hazard risks, other than flooding,” Howard Botts, Ph.D., vice president and chief scientist for CoreLogic Spatial Solutions, said in a statement.

HRS measures risk concentration and pinpoints the riskiest places in the country. “This insight is critical in conducting comparative risk management nationwide and fully understanding exposure to potential natural hazard damage,” Botts said.

The tool can be used to improve decision-making and enhance business operations, including:

• Business continuity and disaster recovery planning

• Analyzing risks associated with properties

• Measuring savings of mitigation compared to the potential damage of a hazard

• Evaluating natural hazard levels of distribution and supplier networks

• Recognizing if underinsured or uninsured properties could be at risk of default

• Adverse selection avoidance and identification of good risk properties.





Home Depot Data Breach

On Monday, Home Depot confirmed that a breach of its payment data systems may have exposed customer card data across the United States and Canada. The breach appears to have begun in April, allowing hackers to steal an untold amount of shopper information including credit card numbers.

The home improvement giant disclosed on Sept. 2 that it was investigating reports of “unusual activity” and, a week later, determined that any customers who used a card in the U.S. or Canada is at risk, though the breach does not appear to impact shoppers online or at retail stores in Mexico. In an official statement, the company assured that no one would be held responsible for fraudulent charges and offered free identity protection services, including credit monitoring, to anyone who has shopped at one of its locations since April.

As with the massive Target data breach, the Home Depot news was first broken by cybersecurity journalist Brian Krebs. The data went up for sale on rescator. So, the same underground store that sold credit card information from the Target and P.F. Chang’s breaches, and may have been stolen by the same group of hackers. Krebs reported, “In what can only be interpreted as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards ‘American Sanctions.’ Stolen cards issued by European banks that were used in compromised U.S. store locations are being sold under a new batch of cards labeled ‘European Sanctions.’”

Given the five-month duration, this breach may be many times larger than the Target attack, which exposed 40 million credit and debit cards and the personal data of 70 million customers in three weeks. The Target breach led to the resignation of its CEO and cost the company almost $150 million in the second quarter alone, according to the New York Times. In fact, the toll may reach ever higher. “I don’t see how they’re getting out of this for under a billion, over time,” John Kindervag, the vice president and principal analyst with Forrester Research, told the Times, adding, “$150 million in a quarter seems almost like a bargain.” Beyond the company itself, Javelin Strategy and Research reported at the time that total damage to banks and retailers could surpass $18 billion, and consumers could be liable for more than $4 billion in uncovered losses and other costs.

One of the most promising ways to increase point-of-sale security is through the adaptation of EMV chip technology, as discussed in the March issue of Risk Management. In Europe, 81% of cards have EMV chips, and countries that have adopted the technology saw sharp declines in credit card fraud. In England, for example, the amount of fraud per transaction has dropped 57% since 2002, while it has risen almost 70% in the United States over the same period, according to consulting firm Celent. As part of its breach response, Home Depot announced plans to escalate adoption of EMV, installing “chip and PIN” checkout terminals throughout its U.S. stores by the end of the year. Target made a similar move in April, saying that it will issue its branded REDcard credit, debit and co-branded credit cards with MasterCard chip technology beginning next year.


Something’s rotten in the global supply chain—figuratively and literally, as Shanghai’s Dragon TV revealed in July about a major supplier of meat for the iconic restaurant brands KFC, Pizza Hut and McDonald’s. In recent years various supply chains brought to market, through respected public companies, adulterated products such as drug-infused toxic chickens and horsemeat posing as beef, as well as dangerous products such as salmonella-laced peanut butter and melamine-fortified pet food.

In addition to the restaurant, food retail and agribusiness sectors, problems originating in their supply chains have adversely affected the automotive, electronics, pharmaceutical and toy sectors. GM, for example, is now dealing with what appears to be a 10-year long supply chain problem that compromised product safety. The immediate costs of all this supply chain rot may include business interruption, product recalls and third-party liability claims, but strategic costs may extend to reputational harm, too. With the rise of investor activism, the worst recent additional costs may be the personal reputations of corporate directors and officers.

Three reasons explain the rising costs of supply chain issues. Stakeholders expect that companies know how the products they offer are made, by whom, and with what raw materials. These expectations are not limited to “conscientious capitalists” or NGOs. The Dodd-Frank Wall Street Reform and Consumer Protection Act, for example, requires companies to disclose annually how they test for whether any minerals originating in the Democratic Republic of the Congo or an adjoining country are incorporated in products.

Another fact is that, as companies continue to grow around the world in an increasingly complex sourcing, manufacturing and distribution environment, insurers and their reinsurers are balking at accepting risk. A representative of Zurich, a major insurer of the global supply chain, explained that reinsurers were demanding more transparency into locations as a going-forward condition for blanket limits.

Then, intolerance for errors is growing. Stakeholders, many of whom now have near-instant awareness of errors and a front-row seat to global crises, are becoming less forgiving of companies being blindsided. Only a short window of time now separates an adverse event from the onset of what the Financial Times once described as “the pile on of litigators, regulators, and…bloggers.” Enter now also activist investors. Despite ample public contrition, Target’s board sacked its CEO only 18 weeks after a supplier provided credit card scanners whose security had been compromised—a sacking that did not prevent activist investors from calling for a sacking of the board. And only 10 weeks after Duke Energy’s coal ash spill and its public contrition, activist investors demanded the heads of four Duke Energy directors.

The court of public opinion where liability insurance offers no solace has become the primary battleground, making directors and officers especially vulnerable. One investor told the New York Times his opening gambit with the C-suite: “We can make you famous, and not for the reason you want to be famous.” Rarely will a company’s C-suite suffer public opprobrium silently like Rolls-Royce’s after a catastrophic engine failure exposed a systemic safety issue in their supply chain. The company went radio silent for 10 weeks until it isolated and repaired the problem, whereupon the firm emerged publicly to announce a new large engine order. They used the third-party endorsement of a respected customer to help reassure stakeholders and restore their reputation.

It is high time that companies acquire visibility into their supply chains, and demand from them responsible behavior appropriate for the notably higher 21st century norms. They can begin by evaluating the effectiveness of field audits that evidence compliance. Although that approach is industry-standard, it is expensive and disruptive to their suppliers and expensive to administer. For the overwhelming majority of suppliers and vendors that are in compliance, these audits interfere with their operations and strain the supplier/company relationships. For the few that are non-compliant, infrequent audits are poor policing tools. When audits fail to uncover deviations, and a negative event occurs, social critics have unfairly accused companies of ineffective oversight and even willful failure.

New integrated information management solutions are far more effective. These will help companies find hints and clues of noncompliance in open communications that, aided by big data analytics, converge on apparent discrepancies between self-reporting and actual behaviors. These signatures of misbehavior will more quickly expose potential deviations from responsible behavior and enable corrective actions.

Companies can also reduce irresponsible behavior by making it harder for potentially deviant suppliers to rationalize such behavior and assuage their guilt. Insurances have become available that will objectively affirm the authenticity of a company’s values and neutralize rationalization that might lower the barriers to irresponsible behavior by some suppliers. Insurances can also increase the disincentives for irresponsible behavior in two fundamental ways. First, escalating the behavior into the criminal matter of insurance fraud is a far greater disincentive than a terminated contract. Second, by making insurance a condition of contracting, loss of insurance becomes an independent and non-judgmental basis for termination. Companies cannot then be vilified for evading responsibility.

Companies that manage risks to their supply chains in a way that stakeholders can appreciate and value can transform risk management into a strategic advantage. These companies will emerge with reputations for being 21st century industry leaders in governance, management and control.


For years, plastic bag manufacturers have prevented passage of laws banning their product in California, but they appear to have lost the battle. On Aug. 29, the California State Senate passed a ban on single-use plastic grocery bags—passed the day before by the State Assembly—making them the first state in the nation to do so. The bill awaits Gov. Jerry Brown’s signature.

Sponsored by Senators Alex Padilla (D-Pacoima), Kevin de Leon (D-Los Angeles) and Ricardo Lara (D-Huntington Park/Long Beach), the bill would phase out single-use plastic bags in California grocery stores, convenience stores, liquor stores and pharmacies.

“Single-use plastic bags are not just a coastal issue,” Sen. Alex Padilla said in a statement. “They are found in our mountains, our deserts, our rivers, streams and lakes.  They are also in our parks and neighborhoods.  It is a statewide problem that deserves a statewide solution.”

He explained that, “The so called, ‘progressive bag alliance’ is funded by the plastics industry. These out-of-state special interests are out of touch with California and our values. Californians care about the environment. In cities and counties throughout the state, Californians are speaking out loud and clear in support of the bag ban.” Currently, 124 cities and counties in California have a local ordinance in place, covering 35% of the population.

More than 14 billion single-use plastic bags are given out by retailers annually and, according to the U.S. Environmental Protection Agency, 88% of these bags are not recycled. According to CalRecycle, in California, only 3% are recycled.

Massachusetts and Washington are also considering a ban on single-use bags. Seven states, including Hawaii, New York, Pennsylvania, Vermont and Virginia, are weighing state-imposed fees for plastic shopping bags, the Press Enterprise reported. Washington, D.C. has charged a fee of 5-cents per bag since 2010.

According to Sen. Padilla, SB 270 will:

•     Prohibit grocery stores and pharmacies from making single-use plastic bags available, beginning July 1, 2015. If paper bags are offered to customers, they would have to include recycled content.

•      Prohibit convenience stores and liquor stores from making single-use plastic bags available, beginning July 1, 2015.

•      Grandfather in existing local ordinances.

•      Provide up to $2 million in competitive loans to businesses transitioning to manufacture of reusable bags.

Under the new law, stores may sell paper, durable reusable bags, and compostable bags with a minimum charge of 10 cents each. The 10 cent charge is to encourage consumers to bring their own reusable bags. The bill also seeks to protect and create green jobs by creating standards and incentives for plastic bag manufacturers to transition to making reusable bags, according to Californians Against Waste (CAW).