CNA’s recently released Business Resilience Report projects key global risks and how businesses can easily respond.
In this time of global uncertainty, businesses large and small are well advised to create a framework that will allow them to continue to operate – and perhaps eventually thrive again – regardless of the threats.
CNA Strategic Business Resilience Report outlines the risk landscape in 2022 and offers some suggestions on how businesses can better respond to threats that could disrupt or even terminate their ability to operate.
Tom Nappo, CNA’s vice president of property and marine risk control, said when the first report was released last year, the company didn’t think it would make another one for 2022.
“It was something that we thought was a one-time product, but when we looked at the state of the world right now and how much has changed, we said it was something we wanted to do on an annual basis” , did he declare.
Even in the short period of 12 months, the types and levels of risk in various risk areas have changed.
“I think inflation wasn’t really a big deal at that time. [when the first report was issued in 2021],” he said. “It really started to take off at the end of the year and went global.”
The report notes that inflation reached 9.1% in June 2022 in the United States, a level not seen for more than 40 years.
“While the impact of inflation will vary by business and industry, few, if any, will come out unscathed,” the report said. “There is clear evidence that consumer behaviors are changing due to inflation, and rising costs will force businesses to make tough decisions to manage the impact on their revenue and profitability.”
In addition to inflation, the reports list seven other significant threats to businesses in 2022:
Conflict and geopolitical instability: The war in Ukraine has contributed to inflation, especially in fuel prices. It also had a negative impact on the global supply chain.
Technological advances: New technologies, such as the Internet of Things (IoT), autonomous vehicles, 3D printing, nanotechnology, biotechnology, materials science, energy storage and quantum computing, continue to transform businesses. These advances also create new vulnerabilities and make businesses more prone to cyberattacks.
Cyber security: The field of cybersecurity is changing rapidly as malicious actors continually come up with new ways to attack and exploit unsuspecting businesses.
Environmental, social and governance (ESG) expectations: Investor, customer and employee interests continue to grow and favor companies that provide insights into how they manage risk and develop business strategies to address ESG issues.
Supply chain challenges: Supply chain issues that began in the early months of the COVID-19 pandemic continue, and new stressors, such as rising fuel prices, continue to drive up the cost of doing business.
Climate change: The impact of climate change is a growing risk for businesses in various regions of the world. The dollar value of economic losses associated with all geophysical, climatic and weather-related disasters has averaged about $170 billion per year over the past decade, with peaks in 2011 and 2017, when losses soared to over of 300 billion dollars.
Systemic Workforce Change: The United States Chamber of Commerce reports that in May 2022, 4.4 million American citizens left their jobs for more free time or better opportunities. Human resources departments review and, in some cases, modify employee benefits to better retain and recruit employees.
With so many risks, Nappo says, companies need to be proactive about how any of these hazards (or others not listed) might affect them.
“When it comes to resilience, when it comes to assessing risk, one of the things you have to be careful about is having a lack of imagination,” he says. “There are definitely some things that go on where you say, ‘Well, I didn’t see that coming’, but I think for the most part you have to stay on top of what’s going on in the world. , certainly, and you need to think about how this affects you as a business and all the different ways it could be possible.
The report recommends establishing a resilience framework that includes these elements:
Risk management: This function typically considers current and emerging risks and works with various business functions to put loss mitigation plans in place.
Incident management: This function is responsible for implementing strategies and plans at each site where the organization operates to reduce the impact of losses.
Business Continuity Management: This function develops strategies and plans to ensure disaster recovery teams have the resources to continue critical processes that have been interrupted.
To this end, a resilience plan should do the following:
Define a resilience program: Develop clear and concise business resilience policies that outline an auditable structure. These policies should cover things like updates, drills and training, as well as leadership roles for implementation across the organization.
Set up resilience response teams: Put in place the policies, procedures and resources necessary to implement the resilience framework for each organization. Two structures crucial to minimizing impact and loss across the entire operational footprint are a response structure and a recovery and restart structure.
How companies have developed a resilience framework often depends on the size of the company.
“Large companies, because of their size, have the ability to have individuals – or multiple individuals or sometimes dozens of individuals – supporting these functions and concepts,” Nappo said.
Even without these resources, he added, companies of any size that develop resilience plans are better positioned to meet the challenges.
“You have to deal with these things [disruptions] when they happen,” he said. “You need to have a plan in place to be able to get ahead.”
Businesses of any size can anticipate business interruptions and develop a plan to deal with them.
“Tabletop exercises to address these issues are extremely important,” Nappo said. “It’s important because there is learning, there is always learning. I have never participated in an exercise where there were not several “Aha! moments [of people saying] “Oh, we hadn’t thought of that.”
The report also describes insurance coverages for businesses:
Property: Companies that protect property and equipment need to be aware of the true cost of replacing these items when disaster strikes.
Interruption of work: Some of the items that may be covered include business income, ordinary payroll expenses, and equipment breakdowns. Annual review and updates are recommended to ensure coverage levels remain adequate. Fast-growing companies may need to review exposures and coverage levels more frequently.
The report calls the company’s highest level of resilience “optimal”, meaning that a “resilience mindset drives business strategy and sustainable response capabilities”.
Since the pandemic hit in 2020, Nappo said, more businesses have realized the need to have crisis response plans in place.
“I think a lot of companies, before the pandemic, were a bit hesitant to do the upfront work, because it’s a lot of work and it takes time to build those plans,” he said. “But I think the pandemic was really kind of a line in the sand in terms of those kinds of plans. Many other businesses are now paying attention because they have seen the incredible impact the pandemic has had on their business in so many different ways and how they really need to prepare.
Even after an incident has occurred, businesses can learn how to be better prepared the next time around.
“We recommend people do after-action reviews,” he said. “This term comes from the army. It’s a great way to look at this incident and look at everything that happened and say, “What did we do right? and ‘What went wrong? What can we learn? What can we do next time to prepare or further reduce the impact of this incident? »
Nappo said the C-suite and executive leadership set the tone for creating a resilient culture within a company, but everyone plays a role.
“They can foster a resilient culture,” he said, “but a lot of the work that’s done, a lot of the risk reduction, is done in the field, in factories or offices.” &