There’s one tool that every corporate risk manager wishes they had in their toolbox – a crystal ball. Imagine being able to look into the future and see how an event will impact your company’s balance sheet. Even better, imagine having the foresight to be able to prevent that loss event from happening in the first place. That’s the dream; not the reality. But there are proactive measures companies can take to crunch the numbers, run data analysis, and figure out their financial exposures prior to an event.
Global accounting and advisory firm, Baker Tilly Virchow Krause, LLP, (Baker Tilly) is on a mission to encourage more financial risk proactivity among corporations around the world. The firm is trying to “demystify business income loss,” and help clients tie together the ‘what happened’ part of a loss event with the ‘financial impact’ piece, explained Simon Oddy, partner, global forensics, Baker Tilly.
Speaking to Corporate Risk and Insurance at the NetDiligence Cyber Summit in Philadelphia, Oddy said: “We often see a little bit of misunderstanding around how business income loss is covered by insurance and how the measurement for business income loss takes place. Essentially, to demystify business income loss, you have to back out the event. Using cyber as an example, you have to look at what would have happened without the data breach or the ransomware attack and then contrast that with what’s actually happening as a result of the event. Then you end up with a financial gap.
“What we’re trying to do at Baker Tilly is model those scenarios and forecast the financial implications of events so that we can help our clients be as prepared as possible. In the cyber space, the market does a good job of preparing clients for events, with breach response plans and so on. What we’ve found is that clients aren’t necessarily as ready to respond to the financial impact of events, especially when it comes to business income loss. But the cyber sector’s appetite for preparedness is helpful to us in our mission to improve proactivity around financial risk. They’re receptive to our message around shifting a lot of the post-loss work into a pre-loss setting.”
Anyone with a finger on the pulse of cyber risk developments will know that cyber is one of the fastest evolving corporate exposures. Cyber criminals always seem to be one step ahead and new strains of malware are in development every day. There will always be some element of guess work when corporate risk managers look into their hypothetical crystal balls to think about the potential financial impacts of an event.
“If you can run pre-loss analysis and be able to turn around some deliverable and output to say: ‘These are the problems we could potentially face,’ that’s really valuable, and it will certainly help to make any real claims a much smoother process,” Oddy commented. “It’s always a challenge knowing what the event will be, but you can certainly crunch the numbers, run the analysis, and figure out what you’re exposed to. Shifting that into the pre-loss period and knowing what the business financials are looking like before an event is really going to help with understanding the impact after an event.
“All you need is a willing participant and a company that’s prepared to be that proactive. The pain in the pre-planning can seem great, but once it’s done your business is in a better place. It’s a worthwhile endeavor.”