It is axiomatic that good communication is a requirement for just about any successful business. Communication with customers, clients, investors and other stakeholders is typically of vital importance. When it comes to a business’ risk management function, communication within the organization is essential. Whether it is accurately completing insurance applications, dealing properly with notice of claims, or speaking to operating units about safety procedures, communicating between departmental lines can make an enormous difference in how well an organization can manage its risk and successfully transfer losses to its property and liability insurance policies.While many believe that open lines of communication are the goal, in practice, too many employees and managers climb into their respective silos and communicate less within their organizations than is optimal. Over the years, I have encountered risk managers who prefer not to share the company’s insurance policies with anyone outside of the risk management department, in-house lawyers who prefer to avoid the input of risk managers, company managers who believe cybersecurity issues are solely the concern and responsibility of IT, and senior executives who do not foster lines of communication that would permit them to hear and heed the wise advice of their employees. These are mistakes almost every time.
First, unless you are dealing with a kidnap and ransom insurance policy that may understandably require a certain level of confidentiality, keeping insurance policies under wraps within the organization can do more harm than good. Very often, we see instances where employees within legal, treasury, accounting and sales have very little understanding about what insurance policies are protecting their organizations and what the key terms of those insurance policies are. This can be a problem for a host of reasons, including the fact that some of these departments may be on the front lines of receipt of claims, oral or written demands of clients or customers, or knowledge of property damage or crime losses. Insurance companies usually bring their “A game” when looking for arguments over a policyholder’s delay in noticing claims or reporting damage information. As such, good lines of communication can minimize the chances of a coverage denial on late notice grounds.
Second, getting different departments engaged in pulling information to answer questions on an insurance application can be very useful—especially when answering overly broad or vague questions about potential claims, risks or loss history. In a large organization, it is unlikely that risk management will have all of the information in its grasp that can be implicated by a question designed to be overreaching. Polling other departments for potentially responsive information allows for a better application process and less danger of a rescission fight later on.
Third, it is a fact of life that severe cybersecurity threats affect almost every business in the world. Cybersecurity cannot be relegated to IT personnel. Instead it has to be a collaborative effort with joined forces from risk management, senior management, IT and legal—with a large buy-in from employees across the company. Cybercriminals always look for vulnerabilities so investing in excellent security software but failing to invest in regular employee training will always make the security of the company’s systems suspect, at best.
In addition, regulators across all key industries are now requiring senior management to engage be proactive in cyberrisk management and to meaningfully communicate with their stakeholders and employees. Although many industries believe they are already over-regulated, one good development to come out of this added regulatory oversight is that it may truly establish a necessary level of communication within enterprises to address and manage key threats facing the business.