Businesses are aware of natural catastrophe risks but do not systematically assess business risks

Tornado hurricane storm catastrophe

Companies recognise potential risks posed by natural catastrophes but have insufficient mitigation plans in place, according to a report by the Economist Intelligence Unit.

The research sponsored by Zurich, polled 170 executives from medium-sized and large companies around the world, and found fewer than half of respondents (45%) say that they use some form of scenario analysis to assess the risks of natural catastrophes; 16% use third-party risk assessments, but nearly three-in-ten (27%) say that they do not systematically assess business risks related to natural catastrophes.

Roughly half of those who do not use scenario analysis say that they do not systematically assess risks of natural catastrophes at all.

“This means that many companies are unprepared for natural disasters despite being aware of their severity. Inadequate budgets and a lack of technical risk-management skills seem to be the main hurdles”, the report stated.

Furthermore, nearly one-fifth (19%) of companies have not adopted any strategy to mitigate IT risks related to natural catastrophes. About two-thirds (66%) of respondents say that their companies have adopted at least one of three purely hardware-orientated strategies for mitigating threats to IT systems in the event of a natural disaster. These include locating IT infrastructure away from high-risk regions, hardening IT infrastructure against physical disruption and adopting early-warning tools for back-up or fail-over systems.

Only 5% are employing the full array of robust risk-mitigation tools available to them and 31% of companies are transferring risk through insurance, frequently to bolster their own enterprise risk-management endeavours.

The survey suggests that progress has been made in recognising risks from natural catastrophes but a full integration of risk management across the enterprise remains “spotty”.

The report added that although a long-term trend towards integrated enterprise-wide risk-management programs has been documented, progress remains slow.

When asked to name the single biggest weakness in their company strategy for managing IT risks from natural catastrophes, nearly one-quarter (24%) point to the failure to incorporate the full range of risks into the business-continuity plan. This is followed closely (22%) by the lack of clear ownership of the organisational risk-management function.

Zurich Chief Risk Officer Axel P. Lehmann  said: “A lack of resources and technical know-how are the most common reasons for organizational failure to develop and implement more efficient risk-management processes”, comments

“In fact many respondents lack the ability to present a compelling business case for risk-management initiatives. But, while in-depth analysis may provide clearer data for decision-makers, it is incumbent on Chief Executive Officers and Risk Officers to develop appropriate risk strategies and to ensure their companies are better prepared.”