In October, more than 20 wildfires blazed a path of destruction through seven Southern California counties. According to Boston-based catastrophe risk modeler AIR Worldwide, more than 1,800 homes had been destroyed and 490,000 acres of land had been consumed by Oct. 26. AIR estimates the insured losses from the wildfires will total at least $1.5 billion.
Largely unnoticed among those staggering statistics, however, were the 36 commercial properties that were lost to the fires and the untold number of businesses that were affected by the catastrophe. Depending on an organization's disaster preparedness, those losses and disruptions could have crippled critical business processes, toppling customer service levels and bottom lines alike.
For insurers, especially those that do a sizable amount of business in their own backyards, business continuity planning (BCP) has emerged as a key imperative. During times of catastrophe, an insurance organization can find itself in a precarious position -- a large number of customers are likely to demand immediate service at a time when the business processes that support that service could be most vulnerable.
As a result, disaster recovery -- specifically as it pertains to data backup and recovery -- must be measured in minutes, as opposed to days or even weeks. Therefore, questions regarding data preservation and recovery, and resource planning and deployment, are at the forefront of insurance executives' minds. But it hasn't always been that way.
According to Michael Costonis, the Philadelphia-based executive director of Accenture's global claims practice, the depth of insurers' BCP has changed as a result of recent catastrophes, starting with the Sept.11 terrorist attacks and continuing with several recent natural disasters. "[Business continuity questions] have become, in a lot of instances, the gatekeeper questions as opposed to the clean-up questions because the issue has become that important," he says.
In fact, many insurers are approaching the issue as less of an isolated IT challenge and more as a business challenge. At Pacific Life, for example, the strategic shift began in 2003, says Carl B. Jackson, BCP director for the Newport Beach, Calif.-based carrier. "Our business continuity planning philosophy was basically IT-centric, as it was at many organizations," he recalls.
"Through regulatory emphasis; through audit; through leading practices; and through customer, vendor and business partner contacts; it has become evident to us that just planning to recover our IT infrastructure is not enough," Jackson continues. "We really need to focus not just on IT. As a matter of fact, [we shouldn't focus] on IT at all in the beginning, but on business processes and understanding the time-critical nature of those business processes."
Much in the same way that chief technology officers are evolving into more well-rounded chief information officers, disaster recovery plans are beginning to evolve as well -- from "set it and forget it" IT protocols and procedures buried in static three-ring binders to full-fledged business initiatives that are constantly updated to account for new developments and risks. "The old-style method of business continuity planning was very much inward-focused. It was very much operations-focused," Accenture's Costonis adds. "Now the new method that is being demanded of insurance companies involves understanding current and potential macro risks and what it really means to respond to those."