A major incident is still perceived as a ‘once in a risk manager’s lifetime’ event. But as a host of issues grow in prominence, says Neil Hardie, the public sector’s response to major incident risk has never been riper for review
The Boscastle floods in Cornwall in August 2004 were, at the time, the worst in local memory. Later, the devastation caused in Morpeth and Cockermouth added to the swell of stark examples of the increasing effects and volatility of severe weather. Climate change is without doubt driving an increase in flood and storm-related events and major incident scenarios facing local authorities and other public services organisations as a result. But major incidents can be triggered by more than just weather, from fire through to the loss or misuse of data.
As councils adopt an increasingly lean operating model to realise much-needed efficiencies, they are entrusting more back-office functions and key frontline services to outsourced third parties. In so doing, their direct control over the service in question is decreased while their responsibilities of oversight (as ongoing and ultimate ‘owners’ of the outsourced service) increase and a considerable risk is created.
For example, a supplier loss of private health data or child care information can now lead to a major incident scenario, raising business continuity issues for the organisations involved, as well as the threat of significant reputational damage.
Major incidents are also increasingly costly. The 2007 floods cost the insurance industry roughly £3bn (€3.6bn), yet the aforementioned associated business continuity and reputational risk elements of such events for public sector organisations can also be sizeable. When already scant public sector funds and resources need to be diverted to take the remedial action necessary, this can lead to operational challenges for the organisation in question and/or a loss of faith by the community that key services are being delivered effectively.
For instance, if a commissioning local authority has to suddenly resume control of an outsourced service, such as senior care, following a breach in standards perhaps, not only is the supplier’s failure to deliver costing the authority, as it’s effectively paying for the service twice, it also has to manage the negative fall-out in terms of organisational disruption and reputation loss.
Not all about cost
Traditionally, major incidents experienced by local authorities often, but not always, centre around property damage and disruption to services. In the past, these have arguably been dealt with as a somewhat technical exercise; quantifying loss and looking at what’s insured in terms of the insurance policy’s terms and limits.
While this is naturally important, major incidents are as much about getting customers back on their feet quickly and helping them in the critical early stages post-incident as dealing with the subsequent claim.
Issuing interim payments to customers in the immediate aftermath of a major incident allows them to meet the urgent costs incurred by that incident – for example, additional sandbags, drying equipment and so on.
In the case of a local authority in particular, this practice is not only important for the insurer/customer relationship, it is also critical to the authority and community’s ability to recover quickly. Major incidents in the public sector require a special approach and capability. Major incidents are not just about claims. Nor should these events be categorised simply in terms of cost.
Recent flooding in Cumbria affected whole communities and in these situations, local authorities have to try to cope with both civic disasters as well as the impact of the disaster on themselves. At the root of addressing both of these is access to best practice expertise. It’s about looking at the impact on the customer and the wider communities they serve. Customers, and also often their delivery partners, should be encouraged to consider possible scenarios that could result in a major incident, and identify ways to mitigate the risks and manage them should they happen.
Certainly what we would consider to be a major incident has broadened in scope over the last five years. Traditionally, it would have been a weather event, flood or fire. Now, it can be IT failure, terrorist attack, outbreaks of disease or internal escape of water. Educating customers in terms of best practice to identify and best mitigate such risks is vital.
While traditional insurance can, dependent on your policy, meet the costs of many of these emerging risks – such as asset damage, business interruption costs or the failure of one of your ‘supply chain’ providers – many of these risks have to be addressed and mitigated through robust risk assessment and management and business continuity plans.
Experience has shown that the best results are produced if insurers are involved in major incident pre-planning and as quickly after a major event as possible. This is far more effective than being unprepared after an event happens, when people understandably may not be thinking clearly and may well be deluged with a whole range of enquiries and requests from members of the public and the press. Risk is evolving in its scope, volatility and impact. Public sector organisations must take steps to ensure that their organisations are as resilient in the face of these risks as they can be. Major incident capability should be at the top of the list when the sector selects its insurance and risk needs.
In today’s world of instant communication, from a reputational viewpoint response is almost as important as recovery. Headlines are written on the first day, not six months later, and a once in a lifetime incident can make or break your reputation. Sufficient cover, coupled with a swift, pre-planned response process, is fundamental in protecting it.
Neil Hardie is head of major incident, Zurich Municipal