Извините, Вы используете неподдерживаемый данным сайтом браузер.

Рекомендуем обновить Ваш браузер для улучшения работы с данным сайтом


Risk in Context

Business Interruption in Today’s Technological World – Time to Rethink?

Posted by David Tate Среда, 10 Января 2018

Usually, discussions around business interruption (BI) are in the context of property damage, for example, a fire or flood. However, in today’s environment, with significant dependence on technology across the retail, food and beverage industries, events which don’t damage property can still severely disrupt operations and are often underestimated. For example, what would happen if a cyber-attack led to the shutdown of a web shop, automated distribution centre, or disrupted a business’s supply chain systems?

New technologies continue to reshape industries, legacy retail management software and systems are struggling under the strain of multi-channel expansion plans, while in the food manufacturing industry, profit margin battles and new product demands continue to put extra pressure to implement new technology for increased efficiency. Changes in the use of technology will result in a rethinking of business models and profound changes to firms’ risk profiles.


While most businesses will have assessed the potential maximum loss of revenue following a property damage event, many may not have quantified the revenue they would lose if their systems were hacked or taken offline for a significant period of time. Whether the trigger is at a business’s own location or at a customer or supplier location, these risks demand a new approach:

ASSESS:  Cyber risk should be defined, and organisations should identify and develop loss scenarios arising from cyber triggers. Maximum losses for non-damage business interruption, data breach, data deletion/corruption, and system outage should also be quantified. A practical understanding of cyber risk management should include a review of control maturity assessment, remediation strategy development, and threat monitoring to inform risk management activities.

MITIGATE: Mitigation measures might include changing business and IT processes to improve resilience, enhancing restoration capabilities, or strengthening technical cyber-security controls and contractual risk management.

TREAT: Customised insurance can be considered where identified risks exceed tolerance levels. Coverage is available for first and third party risks including non-damage business interruption.

Assessing and treating today’s new technology-driven business interruption risks is a major opportunity and an essential activity to build resiliency. 

David Tate


GDPR: A Positive Change for Utility Companies?

Posted by Darren Shelford Вторник, 07 Ноября 2017