Ongoing Need to Include Civil Unrest in Your Enterprise Risk Strategy
Civil unrest continues to pose a widespread threat to North American companies. Here are four steps to consider when adjusting your risk strategy.
Among the numerous lessons employers learned from the past 24 months is the ongoing need to prepare for social change movements, and the civil unrest that may come with them.[1]
While the protests that took place in 140 U.S. cities in mid-2020 were mostly peaceful, property damage that occurred during some events surpassed $2 billion in insured losses, making it the most expensive period for civil unrest in U.S. history.[2]
To some extent, civil unrest has always been a part of enterprise risk management. But in recent years, such unrest continues to be more widespread, touching more industries and posing a bigger threat not just to business continuity and property, but to the safety of employees at work. Industries such as food services, retail and healthcare have been among those hardest hit.[4] As a result, risk managers need to place a higher priority on planning for it and consider it, not only from a business continuity and liability perspective, but also from environmental, social and governance (ESG) and HR perspectives as well.
While it can feel overwhelming to prepare for the risks brought on by civil unrest, keep in mind that enterprise risk management is often a way to institutionalize common sense. Here are four important steps to consider when adjusting your risk strategy in response.
1. Develop a crisis plan
Companies need to develop crisis plans to manage threats such as riots or active shooter events, as well as the resulting consequences.[5] Your primary duty is to protect the safety of your employees, so organizations should update their policies and procedures and prepare physical security measures that will be deployed if the need arises. If you have multiple locations that will be affected, each location needs its own plan stating the circumstances that would trigger closing the location.
Companies should also provide counseling for employees who were caught up in the event—and be prepared that some of them may be hesitant to return to work at that location.
2. Review your insurance coverage
Most insurance policies cover losses for riots, civil commotion or vandalism[6]—although risk managers should have a clear understanding of terms and conditions in their property coverages and how those policies may respond to civil unrest-related losses. For instance, coverage may not extend to business interruption if there’s not a covered property loss. The potential for business interruption can be significant, from the attack itself to the police investigation.
After an event, risk managers should apply all possible triggers that could impact a claim. Risk managers should also consider the areas where they can retain risk, if they implement stronger security measures or other mitigations.
3. Recommend updates to your social media policy
Social media plays a major role in social change, and with 71% of Americans and nearly 70% of Canadians[7] saying companies have more responsibility than ever before to address social justice issues, the social media policies of corporations are being scrutinized at a much higher level.
Indeed, a firm that helps companies structure their social media policies stated that they received a higher volume of requests in 2020 than in previous years, demonstrating that organizations are realizing the power of their social media policy as a risk mitigant. Risk managers should recommend that the organization make certain updates to its social media policy as part of its risk program.
Once you have a policy in place, enforcing it is also of utmost importance, especially for individuals in leadership roles, where their stances on certain issues will be more closely linked to company reputation. Another best practice is to prepare and draft social media statements for various risk scenarios. Companies that have a message ready to go when the situation hits often respond better than those that come up with it in real time.
4. Recommend internal and external communication strategies
Internally, companies should include language in employee policies and programs, and prepare the message from leadership if certain risk scenarios come to pass. Externally, stakeholders should gather to decide the role your company will play in the public conversation.
Look for potential blind spots or areas where your practices and governance may be subject to criticism. It’s increasingly important to consumers that companies don’t just pay lip service to issues like ESG and diversity, equity and inclusion. And, a company’s silence also sends a message, so if you do choose to remain silent, think through possible interpretations that may bring.
Finally, keep in mind that it’s difficult to appeal to all customers and employees because these issues are so personal. You'll be speaking to people who have a lot at stake, and who fall on both sides of any issue and in-between. An effective strategy is a proactive one, so take what you’ve learned from the events of the past year and start planning for the next event now.
***
All descriptions, summaries or highlights of coverage are for general informational purposes only and do not amend, alter or modify the actual terms or conditions of any insurance policy. Coverage is governed only by the terms and conditions of the relevant policy.
[2] Who Was Prepared for This? AM Best
[4] Reuters, Civil unrest puts U.S. economy in vicious cycle
[5] Risk & Insurance. Dealing with Civil Unrest
[6] III. Civil disorders and insurance
[7] Canadians are increasingly seeking stances on social issues from employers