While companies recognize the potential threats posed by natural catastrophes, many have insufficient mitigation plans in place, particularly in the area of information technology, according to research by Zurich Insurance Co. Ltd. and the Economist Intelligence Unit.
Zurich and the EIU surveyed 170 executives from large and midsize companies around the world in January, and respondents indicated that disruption from a natural catastrophe could affect many aspects of their business.
Almost half — 46% — of respondents said a natural catastrophe could affect the continuity of information technology support for business processes, while 44% said a natural catastrophe could affect supply chain logistics.
Forty-four percent of respondents said a natural catastrophe would impact business critical functions, while 42% said it would affect communications with customers, 37% said it would affect employee performance, and 24% said a natural catastrophe would affect the company's ability to protect sensitive data from theft or loss.
The study found that only 45% of companies use some form of scenario analysis to assess the risks posed by natural catastrophe, while 27% adopt no systematic risk assessment from natural catastrophe, 22% study the impact of catastrophes on other organizations, and 16% use third-party risk assessment.
Less than one-third — 31% — of respondents transfer the risks posed to their IT systems by natural catastrophes via insurance, the study showed, while just 23% said they expected to transfer IT risks through insurance in three years' time.
When asked about the steps they had taken to mitigate the threats to IT systems from natural disasters, 49% said they had employee-facing strategies to maintain business continuity, while 36% said they would be using such a strategy in three years' time.
Almost half — 47% — of respondents said they had new IT or data solutions to tackle the threats posed to their IT systems by natural catastrophes, while 48% said they would have such a solution in place in three years.
More than one-third, 39%, of respondents said they were attempting to mitigate the threats to IT posed by natural catastrophes by shifting to more integrated enterprisewide risk management, while 41% said they planned so to do within three years.
Thirty-one percent of respondents said they had customer-facing strategies to maintain business continuity, and the same percentage of respondents said they would have such a strategy in place in three years.
Almost a quarter — 24% — of respondents said they had increased spending on the overall risk management function as part of an effort to mitigate the threats to IT posed by natural catastrophes, while 22% said they would adopt such an approach by three years from now.
And 19% of respondents said they would shift the risk exposure of their IT systems to natural catastrophes via outsourcing, with 16% saying they would take such an approach within three years.
Companies were asked to cite the biggest single weakness they faced in managing IT risks from natural catastrophes.
Almost one-quarter — 24% — said their business plan did not adequately incorporate the full range of IT risks from natural catastrophes, while 22% said there was no clear “ownership” of the company's risk management function.
A further 17% said their organization did not have a formal business continuity plan, while 12% said their company's business plan was not communicated effectively to all stakeholders.
Meanwhile, 8% said their organization does not spend enough on technology solutions, while another 8% said the biggest single weakness in their company's management of IT risks from natural catastrophes was the lack of insurance against natural disaster risks. Another 8% responded that their company's biggest weakness in dealing with such risks was the absence of third-party IT backup services.
Results of the study can be viewed here.