Operational risks have changed: Make sure you’re protected

Are operational risks top of mind for your company’s leadership team? If so, you’re in good company. According to a report shared by the Enterprise Risk Management Initiative in the Poole College of Management at North Carolina State University, operational risks have shifted toward the top of the list of concerns for C-suite executives and boards of directors.

In a survey conducted with help from global consulting firm Protiviti, the N.C. State team discovered that concerns about rising labor costs had moved from 23rd place in 2021 to sixth place in 2022. And leadership in the manufacturing and distribution industry named supply chain risks as their top concern this year.

Difficulties related to digital adoption ranked ninth for 2022—and cyberthreats were No. 1 in the group’s rankings for top risks through 2031.^{Disclosure 1}

“The pandemic has made [leaders] aware that insurance doesn’t cover everything. They’re looking at risk much more comprehensively than they used to,” says Steven Aldrich, managing director at McGriff Insurance Services. “We’ve seen companies go out of business because they didn’t contemplate certain risks, or their insurance didn’t respond appropriately to certain risks.”

Operational risk management in 2022 and beyond

Many businesses continue to face labor shortages, supply chain interruptions, and greater vulnerability from cyberattacks—pandemic-era problems that some experts predict will linger for months or even years.^{Disclosure 2, Disclosure 3}

Are you equipped to manage these challenges? There’s no easy answer, but there’s an easy way to dig deeper: with a thorough risk assessment. This type of analysis includes all four quadrants of risk: strategic, financial, hazard, and operational. (See “Am I considering all 4 quadrants of risk?” on page 4 of the Purple Paper^sm: “Imagine tomorrow. Build it today.” for examples of each.)

Henry Wright, client experience officer at Truist Insurance Holdings, sees this as an important move, regardless of how the pandemic has affected your business.

“Even if you had insurance coverage for workplace interruption, the resulting labor shortage is a risk that wasn’t planned for,” he says. “[Businesses] have to reshape how they look at insurance and risk.”

Here are a few unique operational risks to consider, plus solutions from Aldrich and Wright that can be implemented this quarter.

For workplace safety: Focus on training and culture

The Great Resignation and the resulting labor shortage—with more than 11 million open jobs across the U.S. at the end of February 2022^{Disclosure 4}—is leaving businesses understaffed.

Even when new workers are hired, they need to be trained, and if there isn’t anyone with significant experience and skill, they may not match the abilities of the long-loyal baby boomers who felt prompted by the pandemic to ease into retirement.

Helping employees grow. Offering competitive or generous packages to highly skilled candidates, expanding your search beyond your usual sources (such as virtual or local job fairs, Facebook groups, or an international ambassador program), and investing in more extensive training may help mitigate some of these risks over the long term.

Ensuring leaders walk the walk. Leadership training matters more than ever, too. Truist Leadership Institute is seeing a greater demand for strategies for promoting diversity, equity, and inclusion in an authentic and action-based way. Investing in training to enhance leaders’ emotional intelligence may be key to retention in today’s workplace.

“If you don’t have the right culture and beliefs and demonstrate them regularly with your leadership team, you’re not going to retain people,” says Aldrich. “Enhanced benefits and compensation are just a temporary solution. You have to make your company a place people would want to come to and stay.”

For supply chain security: Rethink coverage and logistics

With fewer workers in every industry, it’s no surprise that businesses are facing harmful supply chain delays.^{Disclosure 5} In fact, 94% of Fortune 1000 businesses are seeing supply chain disruptions, with 75% reporting negative impacts on their operations.^{Disclosure 6}

Broadening coverage. As with labor shortages, there may be some supply chain risks you can insure against with specialized coverage. One example would be the loss of a key supplier due to an insured peril (a type of damage or loss that’s covered by insurance, such as a fire or theft).

However, insurance is only part of the solution. Businesses also need to examine their own supply chains and look for ways to mitigate interruptions, like negotiating stand-by contracts with alternative suppliers.

Integrating vertically. Some companies are looking to proactively integrate their operations by purchasing suppliers or partners that have traditionally handled distribution, thereby controlling more of their product’s supply chain.

Adding inventory. Others are freeing up capital and/or purchasing warehousing to store greater amounts of inventory, whether that’s raw materials or finished products.

Recalculating routes. Still others are crunching numbers differently when it comes to supply chain choices. Maybe the route from A to B seems longer if you go by land, but if the shipyards are gridlocked and your product gets stuck at the docks, you may be better off using trucks. That is if you can find drivers, which is yet another reason some companies are investing in transportation operations: If you’re the one finding the drivers, at least you have more control over how soon your trucks can move out.

Keeping the consumer in mind. It’s also important to remember that supply chain interruption is only one type of “contingent business interruption,” in which a third party’s behavior impacts your ability to do business. The other side is the loss of a key customer.

McGriff recently reviewed a regional utility company that buys electricity off the grid at a fixed price and term. The utility company had one large customer that purchased 20% of their electricity. If that customer lost their facility due to an insured peril (fire, wind, etc.), the utility would have been obligated to purchase 20% more electricity than they would sell—a significant financial risk.

Identifying consumer-related risks can help companies like this one determine possible mitigation strategies, which can make a big difference in a company’s ability to weather future storms.

For cyber risks: Protect employees and suppliers

As businesses have been forced to adapt to a changing work environment, they’ve also faced increased vulnerability to cyberattacks. Since the start of the pandemic, there has been a 300% increase in cybercrimes in the United States.^{Disclosure 7}

Insurance alone can’t address this growing problem. In fact, with or without appropriate cybersecurity measures in place, your business might not be covered when an attack occurs.

Doing a gap analysis. One of the challenges is that the proliferation of digital technology is as fast in the world of crime as it is in the world of business. As new attacks emerge, old insurance policies may not cover those emerging risks—even if “old” means it was created just a few months or a year ago.^{Disclosure 8} A gap analysis, says Wright, can help identify areas where existing insurance solutions may be helpful in protecting against today’s “knowns.”

“Let’s not look at it as how much insurance can I buy for this risk, but how can I make this risk more palatable?” Wright says. “How can I manage it? What kinds of systems and procedures can I put in place to make it more difficult for that criminal to get us?”

That may include investing in better hardware and software solutions, or it could mean improving employee training for more secure remote work.

Documenting guidelines and goals. Companies should go a step further to ensure that their documentation matches their implementation,^{Disclosure 9} because a plan without action won’t offer adequate protection.

Another possibly overlooked area of operational digital risks: contract and service agreements. A complete risk analysis should not only assess information security risks in these documents—and their digital trafficking and storage—but it should also develop guidelines for your field operations to define duties, respond to breaches, and ensure that employees know how to conform with regulatory requirements.^{Disclosure 10} (Learn more about mitigating cyber risk.)

The time to act is now

A professional risk analysis was traditionally recommended at least once a year—or more often if your business circumstances significantly change. But with today’s market changes, you may need to conduct risk analyses more often.

Ask your insurance services provider, or another qualified third party, if they can help you plan and/or conduct additional assessments on a frequency that best meets your business’ needs.

If the past few years have taught us anything, it’s that insurance is essential—but it isn’t enough.

“A pandemic can’t be addressed by insurance alone,” says Aldrich. “So we aren’t just talking about renewing insurance. Our clients are looking for more than an insurance policy. They’re looking for knowledge and advice on how to make their business better.”