Target as Target
After fumbling its initial response to a massive data breach, Target Corp. has rebounded, according to experts in crisis management.
However, they said, the retailer still faces challenges in regaining consumer confidence, especially among people directly harmed by the cyber attack, which struck at the height of the holiday shopping season.
In late November and early December, malware lodged in the retailer’s point-of-sale system siphoned off account and personal information for up to 110 million customers. But Minneapolis-based Target is not the only company that may have been struck. Luxury retailer Neiman Marcus suffered a smaller breach, and news reports suggest at least six other retailers have been hit. These other companies likely are keeping a close eye on Target’s handling of the crisis.
Critics have focused, in part, on the company’s early communications. Target appeared initially to underestimate the gravity of the situation, crisis consultants said. For example, Target’s first message to customers apologized for the inconvenience.
“You don’t call something like this an inconvenience,” said Rich Klein, a crisis management consultant in New York City.
Subsequent messages from Target used stronger language, acknowledging customers’ stress and anxiety, he said. Messages also switched from assuming customer confidence to promising to regain it, Klein added, praising the change.
“I would still say it’s so much better to get it right the first time,” he said.
Still, he added, the company made good use of its Twitter feed and Facebook page. Facebook, for example, was used only to communicate about the breach, not to advertise sales, though it also acted as something of a lightning rod for complaints.
Consultants also panned the company’s decision to extend a 10 percent discount to shoppers during the weekend of Dec. 21, a few days after news of the breach first surfaced. While the discount was a nice gesture, it did not adequately address customer concerns and seemed to suggest the crisis had passed, consultants said.
In addition, the company has occasionally appeared to be behind the news, with information trickling out in the media before being revealed by Target, said Jeff Jubelirer, vice president of Philadelphia-based Bellevue Communications Group. “We should expect more from a retailer of that size and that reputation and that level of success.”
A key turning point came on Jan.13 when the company’s CEO, Gregg Steinhafel, appeared on CNBC, apologizing for the breach, reassuring customers and defending the company’s reaction:
Steinhafel should have been giving interviews in December, said Jonathan Bernstein, an independent crisis management consultant in Los Angeles. “They would have suffered less loss of sales and less impact on their stock value if they had been more assertive from the get-go.”
Other observers gave Target high marks for making a relatively quick disclosure of the breach and offering a free year of credit monitoring to customers. The four-day gap between discovery of the breach on Dec. 15 and public disclosure on Dec. 19 was faster than it’s been in other cases, said Alysa Hutnik, an attorney in the Washington, D.C. office of Kelley Drye.
“I haven’t done the math, but I think that would rate somewhere at the very top,” said Hutnik, who specializes in cyber security issues.
Another high point is the prominent role of Target’s CEO, Hutnik said. “He knows there’s work to be done to earn back customer trust, and it looks like he is taking that obligation seriously,” she said, noting that top executives rarely serve as public faces after a data breach.
Other positive steps include Target’s $5 million investment in cyber security education said Michael Soza, a partner in accounting and consulting firm BDO.
“This latest move … is really going on the offensive to show that they really are trying to get out in front of this thing and really attack what is not just a Target problem,” Soza said.
As long as no other damaging details leak out, most customers will remain loyal to the chain, said Daniel Korschun, an assistant professor of marketing at Drexel University in Philadelphia.
But the company will have to work harder to win back customers who suffered directly. They will be hard to find and hard to soothe, especially if they’ve had to spend hours on the phone undoing damage to their credit or bank accounts.
“Those are the ones where the trust has really been lost,” Korschun said.
Risk Managers Rank Global Risks
Damage to brand and reputation is the No. 1 risk facing companies today, according to Aon’s 2013 Global Risk Management Survey.
“There’s a lot behind that which is driving that [ranking],” said Theresa Bourdon, group managing director, Aon Global Risk Consulting.
One of those factors is cyber risk, which for the first time in the survey’s history, since 2007, jumped into the top 10 risks, coming in at No. 9. It had been 18 in the last survey, which is taken every two years.
“If you talk to our clients, that’s no surprise,” she said. “The frequency is very low for these cyber events but it is obviously increasing.”
And, just as obviously, there is a correlation between cyber events and brand. Just look at Target, which is still struggling to regain its footing after the personal information of about 110 million of its customers was stolen in 2013.
According to U.S. Reputation Leaders Network, Target’s reputation saw its biggest drop after the cyber attack – and it was the largest drop of any U.S. company from 2013 to 2014, according to an article in “The Street.”
The remaining top 10 risks are: economic slowdown/slow recovery; regulatory/legislative changes; increasing competition; failure to attract or retain key talent; failure to innovate/meet customer needs; business interruption; third party liability; and property damage.
Other key movement in the rankings were the inclusion of property damage, which moved up to No. 10, from 17 in 2013; and third party liability, which had been 13 but moved up to 8.
One risk that dropped off as a top 10 risk was commodity price risk. It had been 8 in 2013, and moved down to 11 in the 2015 survey.
Bourdon said that one risk that remains top of mind for risk managers is regulatory and legislative issues. “It’s consistently a top 3 risk,” she said, noting that it was projected to remain so when risk managers were asked to project their top risks three years from now.
“Organizations are really challenged to respond to the pace at which regulations are coming,” she said. “There is a strong need for governance and a compliance framework.”
That risk, also, she said, relates to the reputational and brand damage that a company can suffer.
As for cyber, one surprising finding of the study — which surveyed 1,400 risk decision-makers in 28 industry sectors in 60 countries — was that 82 percent of the respondents said their companies were ready for a cyber attack, Bourdon said.
At the same time, 58 percent of the respondents said their companies have not done an internal assessment of their cyber risk exposure.
“Realistically speaking, this is relatively new territory that everybody is trying to get their arms around, organizations, insurance companies and those of us who are risk advisers,” she said.
“The goal for the industry as you look at these risks today and in the future is, how are we going to innovate and support these risks.”
Cyber, in particular, needs solutions, she said. “There is not enough insurance out there for the demand.”
Risk managers understand they need more data and analytics to “help them navigate this world” of increasingly complex risks, she said.
More risk managers, Bourdon said, are looking at their organizations holistically and not just focusing on insurance purchasing.
“It’s a much bigger and challenging role than it ever used to be and if you are using the same tools and techniques you were using 10 years ago, then you are not leading your organization down the right path.”
Healthcare: The Hardest Job in Risk Management
Radically changing cost and reimbursement models.
Rapidly evolving service delivery approaches.
It is difficult to imagine an industry more complex and uncertain than healthcare. Providers are being forced to lower costs and improve efficiencies on a scale that is almost beyond imagination. At the same time, quality of care must remain high.
After all, this is more than just a business.
The pressure on risk managers, brokers and CFOs is intense. If navigating these challenges wasn’t stress inducing enough, these professionals also need to ensure continued profitability.
“Healthcare companies don’t hide the fact that they’re looking to reduce costs and improve efficiencies in practically every facet of their business. Insurance purchasing and financing are high on that list,” said Leo Carroll, who heads the healthcare professional liability underwriting unit for Berkshire Hathaway Specialty Insurance.
But it’s about a lot more than just price. The complexity of the healthcare system and unique footprint of each provider requires customized solutions that can reduce risk, minimize losses and improve efficiencies.
“Each provider is faced with a different set of challenges. Therefore, our approach is to carefully listen to the needs of each client and respond with a creative proposal that often requires great flexibility on the part of our team,” explained Carroll.
Creativity? Flexibility? Those are not terms often used to describe an insurance carrier. But BHSI Healthcare is a new type of insurer.
The Foundation: Financial Strength
Berkshire Hathaway is synonymous with financial strength. Leveraging the company’s well-capitalized balance sheet provides BHSI with unmatched capabilities to take on substantial risks in a sustainable way.
For one, BHSI is the highest rated paper available to healthcare providers. Given the severity of risks faced by the industry, this is a very important attribute.
But BHSI operationalizes its balance sheet in many ways beyond just strong financial ratings.
For example, BHSI has never relied on reinsurance. Without the need to manage those relationships, BHSI is able to eliminate a significant amount of overhead. The result is an industry leading expense ratio and the ability to pass on savings to clients.
“The impact of operationalizing our balance sheet is remarkable. We don’t impose our business needs on our clients. Our financial strength provides us the freedom to genuinely listen to our clients and propose unique, creative solutions,” Carroll said.
Keeping Things Simple
Healthcare professional liability policy language is often bloated and difficult to decipher. Insurers are attempting to tackle complex, evolving issues and account for a broad range of scenarios and contingencies. The result often confuses and contradicts.
Carroll said BHSI strives to be as simple and straightforward as possible with policy language across all lines of business. It comes down to making it easy and transparent to do business with BHSI.
“Our goal is to be as straightforward as we can and at the same time provide coverage that’s meaningful and addresses the exposures our customers need addressed,” Carroll said.
Claims: More Than an After Thought
Complex litigation is an unfortunate fact of life for large healthcare customers. Carroll, who began his insurance career in medical claims management, understands how important complex claims management is to the BHSI value proposition.
In fact, “claims management is so critical to customers, that BHSI Claims contributes to all aspects of its operations – from product development through risk analysis, servicing and claims resolution,” said Robert Romeo, head of Healthcare and Casualty Claims.
And as part of the focus on building long-term relationships, BHSI has made it a priority to introduce customers to the claims team as early as possible and before a claim is made on a policy.
“Being so closely aligned automatically delivers efficiency and simplicity in the way we work,” explained Carroll. “We have a common understanding of our forms, endorsements and coverage, so there is less opportunity for disagreement or misunderstanding between what our underwriters wrote and how our claims professionals interpret it.”
Responding To Ebola: Creativity + Flexibility
The recent Ebola outbreak provided a prime example of BHSI Healthcare’s customer-centric approach in action.
Almost immediately, many healthcare systems recognized the need to improve their infectious disease management protocols. The urgency intensified after several nurses who treated Ebola patients were themselves infected.
BHSI Healthcare was uniquely positioned to rapidly respond. Carroll and his team approached several of their clients who were widely recognized as the leading infectious disease management institutions. With the help of these institutions, BHSI was able to compile tools, checklists, libraries and other materials.
These best practices were immediately made available to all BHSI Healthcare clients who leveraged the information to improve their operations.
At the same time, healthcare providers were at risk of multiple exposures associated with the evolving Ebola situation. Carroll and his Healthcare team worked with clients from a professional liability and general liability perspective. Concurrently, other BHSI groups worked with the same clients on offerings for business interruption, disinfection and cleaning costs.
Ever vigilant, the BHSI chief underwriting officer, David Fields, created a point of central command to monitor the situation, field client requests and execute the company’s response. The results were highly customized packages designed specifically for several clients. On some programs, net limits exceeded $100 million and covered many exposures underwritten by multiple BHSI groups.
“At the height of the outbreak, there was a lot of fear and panic in the healthcare industry. Our team responded not by pulling back but by leaning in. We demonstrated that we are risk seekers and as an organization we can deploy our substantial resources in times of crisis. The results were creative solutions and very substantial coverage options for our clients,” said Carroll.
It turns out that creativity and flexibly requires both significant financial resources and passionate professionals. That is why no other insurer can match Berkshire Hathaway Specialty Insurance.
To learn more about BHSI Healthcare, please visit www.bhspecialty.com.
Berkshire Hathaway Specialty Insurance (www.bhspecialty.com) provides commercial property, casualty, healthcare professional liability, executive and professional lines, surety, travel, programs, and homeowners insurance. It underwrites on the paper of Berkshire Hathaway’s National Indemnity group of insurance companies, which hold financial strength ratings of A++ from AM Best and AA+ from Standard & Poor’s. Based in Boston, Berkshire Hathaway Specialty Insurance has regional underwriting offices in Atlanta, Boston, Chicago, Los Angeles, New York, San Francisco, Toronto, Hong Kong, Singapore and New Zealand. For more information, contact email@example.com.
The information contained herein is for general informational purposes only and does not constitute an offer to sell or a solicitation of an offer to buy any product or service. Any description set forth herein does not include all policy terms, conditions and exclusions. Please refer to the actual policy for complete details of coverage and exclusions.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Berkshire Hathaway Specialty Insurance. The editorial staff of Risk & Insurance had no role in its preparation.