Equipment failure. Cyber attacks. Natural disasters. Every company hopes to avoid operational risks or, at the very least, mitigate the harm they can cause. But a recent study of senior financial executives revealed that although many companies have been harmed by operational risk events, confidence in preparedness remains low.
Sixty-six percent of financial executives surveyed say their organizations have experienced equipment failure, nearly 60 percent say their firms have been impaired by data breaches or cyber attacks, and more than half (52 percent) have had operations affected by natural disasters. Yet the majority (54 percent) say their organizations have not developed or tested formal loss-recovery plans. Why is this still not a priority for businesses?
Like most of us, until you actually sustain a loss, the risk falls out of focus. With limited funds available to invest in the business, a lot of organizations aren’t ready to invest in risk mitigation. But managing operational risk has fallen in the laps of financial executives as the list of operational risk guidance continues to expand.
According to the study, financial executives recognize the need to implement stronger plans with increased data to help promote organizational resilience . In fact, 86 percent of respondents say their companies will need to be more resilient in the future.
Kevin Ingram, CFO at FM Global, insists much of the information financial executives need is available easily. For example, natural hazard findings have been included in FM Global’s online toolkits, which offer facts, figures and solutions around the threats of earthquakes, floods, freezes and windstorms. Financial executives should seek out data, experts, and companies that can help them make informed decisions around operational risks like equipment failure, cyber attacks and natural disasters.
Financial executives must also look internally to develop and maintain effective loss prevention programs.
“As a CFO, I think I understand the business and the risk, but two heads are better than one,” Ingram says. “It’s necessary to connect with my CRO or CIO to try to understand how we can improve the resiliency of the organization by identifying the risks, understanding the exposure and developing a plan.”