Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Natural catastrophes: business risks and preparedness

Companies recognize potential risks posed by natural catastrophes yet have insufficient mitigation plans in place. This is the key finding of a survey on ‘Natural catastrophes: business risks and preparedness’, published by the Zurich Insurance Group.

The study, conducted in January 2013 by the Economist Intelligence Unit and sponsored by Zurich, continues the Group’s research into understanding and mitigating risks.

The research polled 170 executives from medium-sized and large companies around the world, and confirms a widespread perception among organizations that natural catastrophes are becoming both more frequent and more severe, and that ‘commensurate importance is assigned to assessing and mitigating the associated risks’.

Survey respondents say that business disruption from a natural catastrophe would encompass multiple aspects of the enterprise, with the most severe threats confronting continuity of IT support, business-critical functions and supply-chain logistics.

The research suggests that there is significant room for improvement in business continuity planning activities. This is true for business-critical functions and is a serious concern for IT functions in particular.

Although most companies surveyed have taken some steps to mitigate associated threats to IT systems, the adoption of systematic, integrated approaches to risk management is surprisingly low. The findings suggest that while businesses are aware of the challenges they face, most have not yet developed a holistic approach to protect themselves from these risks.

Combining the top two most severe ratings on a scale of five puts continuity of IT support as facing the most severe disruption (46 percent), followed by business-critical functions and supply chain logistics (both 44 percent).

Supply-chain logistics are difficult to address in the event of a natural catastrophe, as they are generally outside of an organization’s immediate control and often affect a variety of critical infrastructure. This reinforces the importance of preparation and truly understanding the company's exposures.

Companies do not systematically assess business risks related to natural catastrophes

Fewer than half of survey respondents (45 percent) say that they use some form of scenario analysis to assess the risks of natural catastrophes. Another 16 percent use third-party risk assessments, but nearly three in ten (27 percent) say that they do not systematically assess business risks related to natural catastrophes. In addition, roughly half of those who do not use scenario analysis say that they do not systematically assess risks of natural catastrophes at all.

This means that many companies are unprepared for natural disasters despite being aware of their severity. Inadequate budgets and a lack of technical risk-management skills seem to be the main hurdles, based on the survey’s results.

Nearly one-fifth (19 percent) of companies have not adopted any strategy to mitigate IT risks related to natural catastrophes. About two-thirds (66 percent) of respondents say that their companies have adopted at least one of three purely hardware-orientated strategies for mitigating threats to IT systems in the event of a natural disaster. These include locating IT infrastructure away from high-risk regions, hardening IT infrastructure against physical disruption and adopting early warning tools for back-up or fail-over systems. Clearly most businesses are trying to be proactive in some form, but only a small minority (5 percent) is employing the full array of robust risk mitigation tools available to them. And only a minority (31 percent) of companies is transferring risk through insurance, frequently to bolster their own enterprise risk-management endeavours.

The survey suggests that progress has been made in recognizing risks from natural catastrophes. However, a full integration of risk management across the enterprise remains spotty. Although a long-term trend towards integrated enterprise-wide risk-management programs has been documented, progress remains slow.
When asked to name the single biggest weakness in their company strategy for managing IT risks from natural catastrophes, nearly one-quarter (24 percent) of respondents point to the failure to incorporate the full range of risks into the business continuity plan. This is followed closely (22 percent) by the lack of clear ownership of the organizational risk-management function.

Challenges in developing comprehensive enterprise-wide risk-management strategies

A key element of such a strategy would be a full integration of threats from natural catastrophes into an organization’s systems for identifying, assessing and controlling risks. While the survey found that many organizations are taking action in this direction, the analysis concludes that considerably more effort will be required before the risks of natural catastrophes are adequately controlled.

Particularly important progress has been achieved in the area of IT risk-mitigation strategies. Nearly 80 percent of respondents say that their organization has adopted at least one hardware-oriented and at least one employee-oriented IT risk-management strategy related to natural catastrophes. And nearly 60 percent say that these initiatives have been largely successful. Yet efforts to address the interconnectivity of risk clusters through integrated risk management remain incomplete, as only a minority of business has developed a comprehensive risk profile for senior management.


•Date: 8th May 2013 • World •Type: Article • Topic: Enterprise risk management

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here