Skip to main content
Marsh logo

Article

Evaluating business interruption in a nuanced retail landscape

Retailers need to assess their cyber risk exposures, conduct loss analyses, and establish recovery plans to be prepared for cyber disruptions.

12/16/2024 · 6 minute read

In today’s omnichannel environment, it is imperative for retailers to understand their exposures and accurately assess potential business interruption (BI) losses before they occur, allowing them to better measure, manage, and mitigate their risks.

From apparel, specialty, and department stores to home improvement outlets and groceries, the retail landscape is no stranger to the BI risks associated with operating a physical store. Traditional property risks, including natural disasters, fire hazards, and supply chain disruptions, among others, have long been front of mind.

But today’s online dependent business models present new challenges, including a range of existing and emerging BI exposures. Considering the heavy reliance of large-scale retail operators on integrated data to communicate in real time across systems — including Point of Sale (POS), inventory order management, and shipping to and from distribution warehouses — any outage, especially during critical periods, can lead to significant financial and reputational challenges. 

As they seek to safeguard and grow their businesses, organizations must consider whether they have adequate protections against existing and emerging risks and whether their insurance program is providing them adequate coverage that aligns with their risk appetite.

The implications of different business models

The retail landscape is universally complex, shaped by various factors, including business models, consumer behavior, changing technology, and market conditions, which contribute to a unique risk profile. 

A natural disaster that destroys a luxury home goods retailer’s showroom can severely impact customer engagement and brand presence. And while a major apparel retailer may be able to weather a brief online outage that doesn’t impact in-store sales, a lengthy outage could disrupt or stall inventory management, order fulfillment, and customer interactions across multiple sales channels, particularly during critical shopping periods.

On the other hand, a specialty electronics retailer that relies heavily on its online platform for sales and customer engagement could suffer significant losses due to a massive cyberattack interrupting business.

Regardless of their business model, organizations need to consider how a property or cyber event could impact them, quantify the expected financial impact of potential losses, and prepare to manage a wide range of scenarios.

Key distinctions between property and cyber loss triggers

In today’s nuanced and connected retail landscape, understanding the distinctions between property and cyber loss triggers is essential for effective BI risk management.

The most common physical risks for retailers include:

  • Extreme weather events, including flooding, storms, and wildfires
  • Supply chain disruptions
  • Catastrophic property events, such as earthquakes
  • Other physical damage to owned property

Cyber risks associated with the retail environment usually include:

  • Cybercrime
  • Data integrity
  • Data security, privacy, and liability
  • System failure/network interruption
  • Reputational risks

Restoring properties that suffered significant physical damage can take months or even years, leading to prolonged business interruptions and substantial financial impacts. Except in widespread catastrophic scenarios, property damage is typically restricted to a specific location and downstream business income losses may be mitigated through robust business continuity plans. Business income coverage may provide a stopgap for income shortfalls during the restoration period.

In contrast, downtime from cyber events is generally shorter, enabling quicker recovery and a more immediate return to normal operations. However, a network outage can disrupt entire distribution and POS systems, affecting order intake, inventory replenishment, and shipping across all locations, resulting in substantial income loss in a short time. Restoring systems becomes critical, often requiring strong crisis management.

Three strategies that may help reduce BI exposures and strengthen recovery

Every organization has unique exposures and considerations. Consider developing a structured risk management approach to address your business’ unique challenges and enhance resilience.

1. Conduct a probable maximum loss (PML) exercise and pre-loss BI values analysis

A PML exercise assesses the potential financial impacts of BI — including contingent business interruption and cyber interruption — before a loss occurs. An annual BI values report, based on prior years’ financial results, provides a location-specific revenue and profit profile. This analysis, often required by underwriters, assesses the coverage limits and sub-limits with the goal of maintaining financial stability in the event of a loss.

The pre-loss annual values report, combined with a probable maximum loss exercise, serves as a foundational tool for risk management, seeking to provide a comprehensive overview of the retailer's financial exposure in the event of a loss. Consider including:

  • Asset inventory: A full list of physical and digital assets, detailing their current value and replacement costs.
  • Revenue analysis: An assessment of historical sales data to project potential lost revenue during a BI event.
  • Operational costs: An evaluation of fixed and variable costs that would continue during a disruption, such as payroll, utilities, and lease obligations.

As you carry out the valuation of BI losses, it’s important to consider different scenarios to determine a more accurate analysis.

2. Establish a robust recovery plan

Having a well-defined recovery plan may minimize the impact of BI events by allowing retailers to be more agile. It is prudent for this plan to outline steps to be taken immediately following a loss, including: 

  • Key stakeholders’ responsibilities: Identify and assign specific roles and responsibilities for key stakeholders, such as management, IT, operations, and customer service teams, ensuring they are trained to execute their responsibilities effectively.
  • Communication protocols: Establish clear lines of communication to ensure timely updates to all stakeholders, including employees, customers, suppliers, and emergency services. 
  • Resource allocation: Determine the necessary resources required for recovery, including personnel, technology, and financial support. 
  • Timelines for recovery: Develop a timeline that outlines critical milestones for recovery, including immediate actions, short-term recovery goals, and long-term restoration objectives. 

A robust recovery plan is a critical proactive strategy that can help empower retailers to navigate the complexities of business interruptions with confidence. Consider the potential impacts of a number of cyber events, including ransomware and system failure/network outage and develop a comprehensive plan that allows you to better respond and recover. 

3. Conduct a post-loss valuation and identify lessons learned

A post-loss valuation can aid in assessing the actual financial impact and help guide recovery efforts. Consider focusing on:

  • Actual loss assessment: Conduct a detailed analysis of the financial losses, including lost revenue, increased operational costs, and any additional expenses related to recovery.
  • Claims support: Gather documentation and evidence to support insurance claims to help you receive appropriate compensation for losses.
  • Takeaways: Evaluate your response to the loss event, identifying strengths and weaknesses in the recovery process to inform future risk management strategies.

Regularly testing and updating the recovery plan can improve its relevance and effectiveness, allowing you to respond swiftly and efficiently to disruptions.

Breaking down retail complexity with a structured risk approach

Navigating a complex and changing retail landscape remains a challenge for business leaders who already have a host of other priorities and responsibilities. Engaging a third-party risk advisor can provide you with specialized expertise to identify potential vulnerabilities, assess the adequacy of existing risk management strategies, and recommend tailored solutions that can help you mitigate existing exposures. By leveraging advisors’ industry knowledge and experience, you can gain insights into best practices, emerging risks, and regulatory requirements, ultimately enhancing your overall risk management framework. 

As the retail environment continues to evolve in step with changing consumer needs and behaviors, understanding and managing BI risks is essential. Adopting a proactive and structured approach to risk assessment and recovery planning can help you enhance your resilience and better safeguard your operations against potential disruptions. 

To learn more about evaluating business interruption in a nuanced retail landscape, please click here.

Related insights

Hand of customer choosing clothes in a clothing store

Article

Explore safety best practices from new retail industry study

06/26/2024
ships; stack; logistic; loading; hong kong; harbor; developed; commerce; container; aerial view; background; boat; business; cargo; commercial; construction; containers; crane; delivery; dock; dubai; export; freight; global; import; industrial; industry; infrastructure; international; japan; logistics; port; sea; ship; shipment; shipping; singapore; storage; technology; terminal; top; trade; traffic; transport; transportation; truck; unloading; vehicle; vessel

Article

3 major supply chain risks retail, food and beverage companies must navigate

12/06/2023
Contract Signing. Female Customer Sign Papers In Dealership Office, Unrecognizable African American Woman Client Buying New Car Or Purchasing Property, Closeup Shot, Cropped Image With Free Space

Video

Reducing claims costs for retail, food & beverage companies

06/17/2023
stethoscope on money

Article

Returning injured workers to health can help drive down claims costs

06/16/2023
View more