Why you shouldn’t gloss over your business insurance

From terrorism to cyber-crime, there are many risks to businesses that good insurance can mitigate. Steve Hemsley investigates.

The terror attacks across Europe in recent months not only devastated people’s lives, they seriously disrupted local businesses. Buildings were damaged, police roadblocks hindered trade and firms had to move staff to temporary premises.

According to Pool Reinsurance – the insurance industry and government-backed underwriter set up during the IRA’s mainland bombings in the 1990s – five of the top 10 most costly global terror attacks in terms of property damage have occurred in the UK. The largest claim to date – of £262million, which resulted from the Bishopsgate bombing in London in 1993 (pictured next page) – would cost more than £800million today.

Insurance will never be a sexy boardroom subject, but a failure to have adequate business critical cover could be a multi-million-pound mistake. An organisation must be protected against the impact of terrorism and other dangers such as cyber-security threats or risks to its intellectual property and reputation.

“Large corporate businesses in major city centres tend to know they need terror cover but the uptake of terrorism insurance among smaller enterprises is low,” says Pool Reinsurance’s CEO Julian Enoizi.

The risk of a terror attack is hard to predict and the cover companies need goes beyond financial compensation to repair damaged buildings. “There is often a gap in insurance cover relating to business interruption that occurs after a terrorism event but which is not related to the damage to property,” says Enoizi.

Directors should regularly review their organisation’s risks to plug gaps in the cover or ensure the policy wording does not leave them exposed. Businesses should test their insurance programme against specific scenarios.

Deloitte insurance partner Nigel Walsh says companies cannot simply tick a box to say they “have cover”. “You need to understand your own resilience,” he says. “The board must realise its obligations and what is and is not covered under the business’s insurance policy before a breach occurs.”

He adds that in the event of a cyber-attack, for instance, directors should be most concerned about general business interruption, brand reputation and restoring customer confidence.

“No one wants to be in the headlines for a data breach and most boardrooms do understand the importance of protecting and insuring against data loss,” says Walsh.  “This will be reinforced from May 2018 when the General Data Protection Regulation (GDPR) comes into force, requiring companies to report a breach within 72 hours.”