Some threats, like many hazards, can be prevented. Workplace accidents are a good example to consider as a threat that can be mitigated. A comprehensive accident prevention program can reduce the frequency of accidents dramatically. Most fires can be prevented. Spills of hazardous chemicals can be avoided. Business disruptions resulting from machinery breakdown can be prevented by following the manufacturer’s recommendations for inspection and maintenance.
Resources for hazard prevention include OSHA’s free on-site consultation for small business. OSHA also provides many resources to evaluate and improve workplace safety. Many insurance companies provide free workplace safety, property loss prevention and other assistance for their policyholders. Check with your agent, broker or underwriter to see what services are available. Contact your local fire department’s fire prevention division for assistance with fire prevention.
- The Cyber Threat
- Preparing to Mitigate Terror Attacks
- Preparing Response to Chemical Attack
- Global Threat Assessment
- External review by CISO-as-a-Service or CTO-as-a-Service
- The technical aspects of security with CTOvision
In the context of businesses and threats to businesses, deterrence is a strategy to prevent criminal activity. A building with clear lines of sight and lighting around its perimeter is not an easy target for criminals. Security of all entrances and screening of visitors, contractors, employees and packages is another element in a good security program. A properly designed and installed intrusion detection system provides a measure of deterrence and can provide notification of unauthorized entry. Security begins with every employee. Consider providing basic training for all employees so they know how they can contribute to a secure workplace.
Cyber or information security should be a part of the security program. Installation of antivirus and anti-spyware software and maintaining strong firewalls are essential to protect network and information security. Keeping computers updated with the latest operating system and application “patches” should be part of the cyber security program. Having a threat intelligence program in place and frameworks for cyber defense are also critical (see our book on The Cyber Threat).
Natural hazards such as flooding, earthquakes and hurricanes cannot be prevented. However, there are still opportunities to reduce damage from natural hazards.
Some things are beyond your ability to prevent or deter. But still you can have some influence. Informing yourself will help you have the biggest influence. Do that by subscribing to our Daily Threat Brief and also by diving into our resource page.
Natural hazards have been the cause of the vast majority of Federal Disaster Declarations. Hurricanes, earthquakes, tornadoes and other natural hazards cannot be prevented. Some technological hazards such as a regional power outage cannot be prevented by an individual business. Accidents that were not prevented and intentional acts that were not deterred can result in property damage and business disruptions. For those hazards that cannot be prevented, there are still many opportunities to reduce the potential impacts on life, property, business operations and the environment. These opportunities are addressed in risk mitigation.
There are many mitigation strategies that can reduce damage from hazards. The first is site selection. Selecting a building site that is not subject to flood, storm surge, significant ground shaking from earthquakes or in proximity to hazardous facilities is a first consideration. Building construction should meet applicable building codes that include requirements for fire protection and life safety. High valued assets including data centers, expensive production equipment and hazardous processes should be carefully reviewed to determine the most appropriate protection in accordance with national standards. Computer network security should be evaluated to determine whether electronic information is secure.
Strategies to mitigate business disruption include providing uninterruptible power supplies (UPS) and an emergency standby generator for critical equipment. Development of a business continuity plan with recovery strategies is another method of risk mitigation.
You should research applicable fire prevention regulations, national standards and best practices to identify mitigation opportunities and requirements. Confer with your insurance agent, broker or underwriter to determine if they provide consultation services to assist with the development of customized protection specifications for a new or renovated facility. Highly protected facilities may be eligible for reduced insurance premiums.
Insurance is Financial Risk Mitigation
Purchasing insurance is a way to reduce the financial impact of a business interruption, loss or damage to a facility or equipment. Insurance companies provide coverage for property damage, business interruption, workers’ compensation, general liability, automobile liability and many other losses. Insurers only pay when the peril (i.e., hazard) that caused the loss is insured by a policy. Losses caused by flood, earthquake, terrorism or pollution may not be covered by standard property insurance policies. Flood insurance coverage for a facility located within a flood zone may be purchased through the National Flood Insurance Program. Earthquake, terrorism and pollution coverage may be purchased separately or as an endorsement to an existing policy. Coverage for other hazards such as mold may be provided as part of the basic property insurance but the amount of loss payable under the policy may be limited.
Business interruption coverage is available to reimburse profits during the business shutdown and certain continuing expenses. Contingent business interruption coverage is available to reimburse losses caused by a supplier failure. Endorsements to standard policies can cover extra expenses such as the additional costs for expedited delivery of replacement machinery following an insured loss.
Review your insurance policies with your agents, brokers or directly with your insurers to determine whether your insurance policies adequately cover your potential losses. Consider the following recommendations.
- Download the Insurance Coverage Review Worksheet.
- Review the risk assessment and the identified hazards and potential impacts to your business.
- Use the business impact analysis as a tool to quantify potential financial impacts.
- Examine any scenario that results in impacts to multiple facilities. Evaluate whether the limits of insurance are adequate.
- Compile an inventory of properties and assets and determine whether insurable values reflect inflation costs over time.
- Review whether property insurance policies cover actual cash value or replacement cost.
- Be sure you understand deductibles, waiting periods before coverage begins, and procedures for notification of insurers when a loss occurs.