The Courage to Create
When I think of the courage to create, and the accompanying traits of passion and perseverance that define Risk All Stars, I can’t help but think of Renee Crow of Kimpton Hotels and Restaurants.
Like a number of our Risk All Stars winners, Crow manages risk at a company that is experiencing rapid growth. Rapid growth brings opportunity. But rapid growth, as we know, carries risk.
When Crow joined Kimpton, the company owned 24 properties. Now, it owns more than 60.
Although customer service underlies so much, there is a laser focus on it in the hospitality business. Much is expected and very little is forgiven.
The organizations these professionals manage risk for are stronger because of their courage.
According to Crow, Kimpton sets high customer service standards, but it was also facing legal snares from guest and employee interactions gone bad. She devised a training program that enabled Kimpton staff across the country to re-enact various customer service scenarios and learn from them.
Crow humbly states that she did what she did because she’d seen enough bad training approaches to know better. But I say what she did was innately brilliant.
She took a risk, or a negative, and created employee engagement across the board in seeking solutions. This is an era when employee disengagement is reported to be at high levels across many industries. The cost of risk at Kimpton has plummeted as a result.
The creative courage of Risk All Stars winner Kris Finell of Rytec Corp. also comes to mind. Finell possessed not merely the courage to create, but also the moxie to confront.
Rytec, another fast growing company, is a manufacturer of high-speed industrial doors. You can easily see the risks and the results when something goes wrong.
Rytec salesmen were in the habit of removing industrial door safety features at the behest of customers. Finell, practically brand new in her role as risk manager, put a stop to it.
Waivers that allow customers to remove safety features on Rytec doors are now a thing of the past.
Finell also had the courage to remove a broker that was friends with one of her supervisors. The relationship wasn’t working for her vision, so she vetted a number of candidates and chose one with the right fit for her.
Talking to these Risk All Stars reminded me that it’s not enough to see something; you have to say and do something. The organizations these professionals manage risk for are stronger because of their courage.
2015 Risk All Stars
Angeli Mancuso: On a Mission to Revitalize (+Responsibility Leader)
Manager, Employee Health & Safety, Cottage Health System
By getting the board of directors behind a goal to decrease patient-handling injuries, Angeli Mancuso has improved employees’ quallity of life.
Timothy Fischer: With Military Precision (+Responsibility Leader)
Tim Fischer was given nine months to address the risk implications of a sizable spin-off.
Tim Kirsch overhauled his company’s safety mission, protecting drivers on the road while slashing workers’ comp claims costs.
The urgent need for a creative solution inspired one Risk All Star to create a unique excess casualty program with benefits on several levels.
Jennifer Cable’s degree is in opera performance. She is also a risk management maestro.
Tracey Gasper: Service Centered (+Responsibility Leader)
This risk manager’s savings for her company can be measured in the millions.
Elizabeth Queen: Building a Unified Travel Program (+Responsibility Leader)
With an existing program now spread enterprise-wide, traveling employees have an improved experience, while the company enjoys lower costs and reduced risk.
One Risk All Star took on the daunting challenge of quickly relocating a sprawling headquarters, and without a single moment of down time.
David Brooks quantifies and manages risks across every industry and product offered by XL Catlin.
Brent Cooley: Shakespeare Minus the Tragedy (+Responsibility Leader)
A series of potentially high-severity events drove the push to launch a safety organization that will help keep theater students safe for years to come.
New to her position in risk management, Rytec’s Kris Finell set about correcting just about everything she could get her hands on.
Albert Fierro: The Fruits of Long, Hard Labor (+Responsibility Leader)
With decades of expertise in captive insurance, Albert Fierro was the ideal person to help AARP rein in its rising workers’ compensation costs.
Adding role playing to training efforts helped Kimpton Hotels’ risk manager teach employees how to avoid mistakes that drive up the cost of claims.
Treasury now drives risk management throughout Meritor’s business units, thanks to the efforts of Todd Chirillo.
Florida’s insurance pool members can rest easy that, thanks to Jeannie Garner’s initiative, they can bounce back in the face of severe storms.
When staff reductions and organizational change made strong leadership imperative, Amanda Lagatta rose to the challenge.
To Keep Cool in a Crisis, Companies Need a Comprehensive Solution
Threats against corporate security come in many forms, from intentional acts of violence to civil unrest to cyber-attacks. The perpetrators don’t discriminate by company size or sector, and the consequences can range from several thousand dollars lost to several lives lost.
The recent shooting in an Orlando nightclub that killed 49, for example, or last year’s San Bernardino shooting that killed 14, are somber reminders that terrorism and violence can erupt anywhere and in any type of business. In addition to loss of life, violence can translate into business interruption and property damage. In Ferguson, Mo., riots lead to over $4 million in property damage.
Cyber-attacks have also become commonplace, with hackers infiltrating private networks to steal data or hold it ransom.
Is your organization prepared for these risks?
“A lot of companies have a crisis response plan on paper, but they don’t have outside resources to come to their aid if there is an incident,” said Reggie Gibbs, Underwriter and Product Manager, Starr Companies.
Mid-size companies especially tend to lack comprehensive insurance coverage and crisis management services for a variety of security events due either to limited resources or an underestimation of their exposure.
Starr Companies’ Cyber and Terror Response (CTR) solution provides three coverages as well as crisis response services tailored to meet the needs of these companies. Each of its components addresses a common security threat.
“We don’t just want to indemnify the security risks our clients face; we want to help them actively manage them.”
— Reggie Gibbs, Underwriter & Product Manager, Starr Companies
Terror and Political Violence
“Political violence can be defined as a strike, riot, protest, or any type of unrest that gets out of hand and turns violent,” said Gibbs, who specializes in terrorism and political violence, workplace violence, and crisis management.
In the case of the Ferguson protests, any first party property damage or third party liability incurred by the disruption would be covered under the terrorism and political violence segment of the CTR solution.
In the case of a terror attack, organizations cannot necessarily rely on TRIA to pick up property losses. In the case of the Orlando shooting, for example, the likelihood of TRIA being invoked is low because property damage will not meet the threshold for coverage to kick in.
TRIA, reauthorized in 2015, provides a federal insurance backstop in the event of a terror attack. The U.S. Secretary of the Treasury, U.S. Attorney General, and U.S. Secretary of Homeland Security must declare an attack to be an act of terrorism, and property damage must exceed $5 million to trigger TRIA.
“We would still view the Orlando shooting as an act of terror, however, because of who the shooter claimed he was working for regardless if the ties to terror groups are clear or not. Therefore, our coverage would apply,” Gibbs said. Even if TRIA was enacted, however, companies would still have a lot of pieces to pick up following an attack. They may have injured or deceased employees, or face legal action from third parties.
For these situations, and any other incident of violence not driven by terrorism, the workplace violence component of Starr’s CTR solution would act as an umbrella to cover other liabilities such as legal liability, loss of life benefits, psychiatric care, and other crisis response services.
One such incident struck a Boston-area Bertucci’s in early May. An attacker wielding a knife drove his car into a Boston shopping mall before making his way into the nearby restaurant. He killed five, including restaurant workers and patrons.
“There was no ideological or political motivation behind it. He was just deranged.” Gibbs said. “Our workplace violence coverage can handle the loss of life benefits for both the employees and patrons killed in situations like this one.”
In the best cases, though, violence can be prevented altogether.
“If an employee reports a stalking threat, the policy would cover the expense of security guards,” Gibbs said. “In this case, it’s more of a pre-workplace violence coverage. It would de-escalate the situation.”
Attacks can also be non-physical.
Cyber extortion in particular is on the rise. Phishing scams lead employees to click on malicious links, unknowingly downloading ransomware onto their internal networks. The cyber criminals then hold companies’ networks ransom, asking for a sum of money in return for the release of data or to prevent a business interruption. The ransoms can be low — amounts that organizations can afford to pay.
“The hackers don’t want to attract the attention of law enforcement or regulatory agencies,” said Annamaria Landaverde, National Cyber Practice Leader & Professional Liability Underwriting Manager, Starr Companies. Landaverde specializes in the cyber component of the CTR coverage. “The FBI may not get involved if someone asks for $5,000. They are more likely to get involved if someone asks for $5 million.”
Since companies are not required by law to report cyber extortion —like they are for data breaches — many choose simply to pay the ransom and move on without generating any negative news headlines.
“The hackers don’t want to attract the attention of any law enforcement or regulatory agencies. The F.B.I. won’t get involved if someone asks for $5,000. They will get involved if someone asks for $5 million.”
— Annamaria Landaverde, National Cyber Practice Leader & Underwriting Manager, Professional Liability Division, Starr Companies
“A California medical center recently had an incident like this where the hackers asked for $17,000 in ransom,” Landaverde said,” but the amounts can vary.”
While the ransom itself may seem manageable, many companies fail to recognize other costs associated with the identification and removal of the malware from their system. There may also be costs associated with forensics investigations, legal experts, public relations firms, third party lawsuits, and notification and credit monitoring.
“The cyber arm of the CTR coverage extends to liability that an organization would suffer as a result of a breach, or failure of security of the insured’s network,” Landaverde said. That includes not just cyber extortion, but outright data theft or denial-of-service attacks.
Crisis Management Services
“We don’t just want to indemnify the security risks our clients face; we want to help them actively manage them,” Gibbs said.
The fourth component of Starr’s CTR solution – crisis response — provides two outside consultants to insureds, with one specializing in “hard” security services like guards or instances of cyber extortion, and another focusing on crisis communications.
Without these outside services, there is only so much insurance can do in the aftermath of a crisis. Experienced consultants provide a range of security preparedness and response services to complement coverage and help insureds recover from an episode of violence or cyber event.
“From a communications perspective, our consultants can manage the public relations front to create clear and consistent messaging, but they can also stay in touch with families after a terror or other violent attack to make sure everyone stays informed,” Gibbs said.
They also serve as a first point of contact for insureds immediately after an event. If they need guidance quickly, consultants await at the ready.
“When a client purchases the product, they get a 24-hour hotline set up with one of our consultancies,” he said. “They can report an incident at any time, and our consultant will help either resolve a situation or deal with the aftermath in whatever way they can.”
While the Cyber and Terror Response package provides a comprehensive solution tailored for mid-size companies, Starr also offers standalone cyber liability and crisis management coverage on a primary and excess basis.
“For companies with greater exposure to a particular type of risk, or who simply want higher limits or greater customization, we have those standalone polices.” Landaverde said.
For more information on Starr Companies’ Cyber and Terror Response solution, visit https://www.starrcompanies.com/Insurance/CyberAndTerrorResponse.
Starr Companies is the worldwide marketing name for the operating insurance and travel assistance companies and subsidiaries of Starr International Company, Inc. and for the investment business of C. V. Starr & Co., Inc. and its subsidiaries.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Starr Companies. The editorial staff of Risk & Insurance had no role in its preparation.