Research by YouGov that was commissioned by Arthur J. Gallagher reveals that a quarter of large UK companies are concerned about their crisis resilience in response to rising threats, such as cyber attacks and terror events, further highlighting the need for important and adequate risk transfer solutions.
According to the research findings 40% of survey respondents, which includes large UK companies in the FTSE 350 or with a market cap of £500 million+, have experienced some kind of security threat over the last two years.
Roughly a quarter of respondents expressed a concern about their crisis resilience in response to growing threats, with 51% citing an expectation that their business was at a high risk of experiencing a cyber attack over the next 12 to 18 months. Over the same period, 22% of respondents shared the same concern about terrorism.
Paul Bassett, Managing Director of Gallagher’s Crisis Management practice, commented; “Our research has found the majority of large UK companies – but far from all of them – have invested in the tools necessary to build resilience in the face of rising and amorphous threats such as terrorism, cyberattacks and extortion. But these tools provide a false sense of security if they are not joined up in a comprehensive and cohesive approach that brings together all the key functions needed to play a role in preventing or responding to fast-evolving security threats.
“Only by proactively engaging and coordinating the efforts of risk, HR, security, finance, IT, communications, legal and real estate can a company maximise its ability to successfully anticipate, prevent, respond and recover from today’s heightened risk of threats.”
The report urges the development of improved crisis resilience, but does highlight the benefits of insurance protection against today’s changing risk landscape. However, absent an approach that promotes resilience companies could put themselves in a dangerous situation should an unprecedented event take place.
Four out of five firms surveyed have some form of insurance protection, with roughly two-thirds having business continuity plans or disaster recovery plans, says the report.
“Insurance is an important part of the overall picture, but it is a big spend, may not cover the key risks a company might face – particularly as the shape and severity of risks is continually evolving – and helps recovery, not resilience. By focusing more on anticipating, preventing and responding to risk, insurance can shift from centre stage and become just one part of a true culture of resilience,” says the report.
New insurance and reinsurance solutions focused on cyber and terror threats continue to evolve and as more events takes place, and historical data becomes more plentiful, it’s expected that improved solutions will start to be made available. But as noted by the report, it’s important that resilience is the end target.
Justin Priestley, Executive Director of Crisis Management at Gallagher, said; “Crisis management plans must be short, principle-based and genuinely stress-tested to enable rapid decision-making and communication at times when there will be a vacuum of information, panic and pressure from stakeholders on all sides.
“But getting crisis resilience right means the total cost of managing risk will be lower too, since insurance becomes a backstop rather than playing a central role. Comprehensive solutions will bolster confidence among internal and external stakeholders that a company will survive and prosper, regardless of the deepening threat environment.”