Half of large UK businesses have been impacted by a major crisis event in the last 12 months. This is one of the key findings from a report – Combatting crisis complacency: large businesses’ approach to crisis management — by Gallagher, one of the world’s largest insurance broking, risk management and consulting services companies. According to a poll of 100 UK business leaders*, commissioned by Gallagher, more than a quarter (27 per cent) of those surveyed have already been impacted by a data breach or cyberattack, and nearly a fifth (18 per cent) by industrial espionage, in the last year alone.
Gallagher’s research indicates that industrial espionage — which involves the illegal and unethical theft of business trade secrets for use by a competitor — is a significant growing risk to businesses. Nearly a third (30 per cent) of those surveyed expects to be affected by this practice in some way over the next 12 months. There is currently limited indemnity available for this risk. This necessitates a company placing a greater focus on crisis prevention and response if it can’t be effectively transferred from a company’s balance sheet.
The growing role of social media as a risk tool and communications channel
A high number of large businesses are using social media as a tool for proactive prevention and protection purposes. The majority (71 per cent) of large UK corporates polled say they currently use social media, digital monitoring or ‘social listening’ – monitoring conversations on specific topics, phrases or brands, via Twitter or virtual geo-fences – to gain actionable insights on potential crisis issues. However, nearly a third (31 per cent) admitted to having no social media protocols in place to help them respond to a crisis and only 16 per cent of those polled have a back-up social media communications channel in place in the event of a systemic IT or telephony failure.
Cover confusion and complacency
The report also highlights that businesses are leaving themselves potentially exposed through significant gaps in their crisis coverage and incident support. Although 73 per cent of businesses polled have reviewed their crisis planning following recent high-profile events, only 30 per cent have reviewed their associated insurance cover, despite the growing prevalence, range and sophistication of crisis incidents. Furthermore, while 99 per cent of respondents had conducted comprehensive risk assessments linked to crisis situations, less than a fifth (19 per cent) have included a broker in this process. This may go some way to explain the uncertainty or misunderstanding surrounding the scope of different forms of crisis insurance cover that could be effective in specific scenarios.
For example, although the majority of businesses surveyed (85 per cent) are correct in their belief that Pool Re, the government-backed terrorism reinsurance programme, provides cover in the event of financial loss relating to a terrorist incident, nearly two-thirds (64 per cent) mistakenly believe that loss of data is covered by Pool Re – when it is not – and a similar number (61 per cent) are incorrect in their view that reputational damage also falls within this remit.
Commenting on the findings, Paul Bassett, Managing Director of Crisis Management at Gallagher, said: “Large businesses across the UK are aware of the heightened dangers, new risks and emergent challenges flowing from the fast-evolving security threat landscape, which are increasingly complex and unpredictable in their nature.
“Yet despite the encouraging focus on protocols, risk assessments and mapping exercises, which are taking place across UK corporates, there is a significant blind spot when it comes to insurance. Many businesses are yet to review their insurance cover in the aftermath of the recent high-profile crisis events, which may explain the crisis cover complacency that seems to have crept in, which threatens to leave businesses dangerously exposed.
“We would urge companies to get specialist advice around their coverage and engage with their insurance brokers, during any risk review, alongside a thorough assessment of their crisis policies and response protocols.
“There will never be a fool-proof way of preventing data breaches, major terrorist attacks or industrial espionage – but preparedness and response is everything. By working with multiple internal stakeholders and implementing holistic risk management — which includes comprehensive cover and crisis protocols designed to protect an organisation’s people, systems and reputation — businesses can best build resilience to withstand the mounting threats of crisis incidents.”