Preparing Your Business for Disaster Before It Strikes

Planning now can prevent existential problems later—a guide to the essentials.

Running a business involves many challenges, from figuring out market fit and beating competitors to designing efficient operations that achieve ROI. But while managing cash flow is paramount when it comes to business survival, there are significant but often overlooked risks that can quickly destroy companies big or small: the fallout from unforeseen disasters.

Calamities can take many forms, and business owners should have plans to contend with at least the ones most likely to affect them. Here’s a basic guide to business disaster preparedness:

Step 1: Assess your risks

When we think of the words “disaster” and “emergency,” weather events come to mind, and they are a great place to start. Hurricanes, earthquakes, floods, and tornadoes (like the ones that recently cut a 250-mile path of destruction through the Midwest) represent some of the most dramatic risks to people and businesses.

So, an initial step is assessing which threats apply to your company, followed by building specific elements into an emergency plan. South Florida companies, for example, must be prepared for hurricanes and flooding, whereas those on the West Coast need to anticipate earthquakes.

Beyond geographic risks, there are those that apply to every business or entire industries. Among them are supply chain issues (which may be caused by disasters in other areas), cyberthreats such as ransomware, and, as the last two years have taught us, worldwide pandemics. For example:

• Research shows that “43% of cyber-attacks target small businesses” now, and 60% of those targeted “go out of business within six months.” This threat has grown so rapidly that many analysts regard a cyber breach not as a question of “if” but “when.”

• While the pandemic ended fewer small businesses than initially feared, it did destroy a quarter to a third more of them annually than average. And 67.8% of respondents to an October 2021 survey of small businesses said the pandemic had a negative impact, with 22.9% specifying a “large negative effect.”

The takeaway is that there are a variety of risks to plan for, but you must assess which ones realistically apply to every business and yours specifically.

Step 2: Devising action plans: evacuation, communication, data backup and security, and operational contingencies

Different emergency business plans have varying components, many but not all of which will be used in various crises:

Physical risks

A fundamental planning component depends on whether a business owns or leases physical property: ensuring employees’ immediate health and safety. Steps here include devising and rehearsing evacuation plans in the event of natural disasters or man-made emergencies like a fire or building gas leak, for example. These strategies also must include legal compliance and maintenance of any essential building systems, such as life safety lights and signs, fire alarms, and sprinklers.

Communication

Communication protocols are the heart of any business preparedness plan. Owners should maintain a database of employees, partners, suppliers, and other stakeholders who would be affected by an emergency that disrupts operations. This informs a notification plan with steps applicable to relevant parties.

For example, if the company closes because of a natural disaster, how are employees contacted and organized? If a fire destroys a warehouse at a crucial supplier, which customers further down the supply chain must be notified of delays? And if business is entirely interrupted, how will you communicate with current and potential customers to keep them once the emergency subsides?

Game out possible scenarios and create specific communication procedures.

Data backup and security

Backing up all essential information, including contracts, tax records, and critical operational documents in a secure cloud database serves multiple purposes. It saves vital data in the event of a physical threat, such as a fire or natural disaster, and it enables quick recovery from a cyber-attack.

When it comes to the latter threat, proactive and reactive cybersecurity measures are now essential. The proactive steps are instituting cybersecurity best practices, including firewalls, anti-malware programs, and multi-factor authentication to access business systems. These actions are coupled with reactive efforts if a data breach or other cyber-attack happens. They include contacting an IT or cybersecurity provider to stop and remediate an attack, notifying customers and authorities (which may be required by law) if sensitive data is stolen, and reverting to data backups should ransomware block access to vital systems and information.

Business contingency plans

Again, emergencies vary, making contingencies a pretty broad category. The key here is identifying a company’s primary vulnerabilities and developing strategies to address them.

One of the clearest examples is key person analysis: which employees are vital to operations, and what would you do if one of them leaves, dies, or otherwise becomes unable to work? Planning to address this situation may include hiring another employee, cross-training others to create redundancies, and taking out key person life and disability insurance policies.

Another example is supply chain disruption. If you are dependent on a supplier and their operation is lost to a disaster, human rights violations come to light, or a global pandemic creates critical delays, what do you do? The best step here is identifying alternate suppliers. Again, contingency planning is a catch-all category that varies widely. But its essence is identifying the potential weaknesses that would cause business failure and devising solutions to shore them up—before an emergency happens.

Resources for creating specific disaster plans

Many resources guide owners through the process of creating different crisis plans:

• The US government’s “Ready” campaign offers numerous business disaster preparedness guides, including Toolkits for dealing with earthquakes, hurricanes, flooding, power outages, and severe winds/tornadoes.

• Similarly, the US Small Business Administration has preparedness checklists for hurricanes, winter weather, earthquakes, tornadoes, wildfires, floods, and cybersecurity. The SBA also provides resources for obtaining economic injury loans.

• The US Chamber of Commerce Foundation has a wealth of online resources covering “IT Disaster Planning,” “Preparedness Tips,” and step-by-step guides for drafting plans that address different emergencies. 

Protect yourself with insurance

Obtaining insurance is an absolutely essential element of business disaster planning. Of course, policies can’t cover every possibility—the virus exclusions providers wrote into business interruption policies before the pandemic illustrated this truth. But a suite of policy types can cover many emergencies. Here are some examples:

• Commercial property insurance covers property and equipment from threats like “fire, explosions, burst pipes, storms, theft, and vandalism.” Note that events like earthquakes and hurricanes may not be covered unless a provider offers add-ons to the policy.

• Commercial flood insurance is a government-backed policy issued by the National Flood Insurance Program (NFIP) either directly or through licensed insurance agents.

• Business interruption insurance replaces business income lost in a disaster and is an add-on to an existing property/casualty or similar policy. It’s imperative to understand precisely what’s covered and excluded in a specific agreement, however.

• Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is an emerging insurance class, so what’s covered varies among policies. Generally, it reimburses the expenses associated with a data breach and its remediation, as long as good cybersecurity is in place.

• Key person insurance: If a critical employee becomes ill, injured, or passes away, the company is the policy’s beneficiary. This provides money to recruit, hire, and train a replacement, cover lost profits during the transition, and reimburse the lost enterprise value.

Stay proactive and start planning for disasters

Business owners spend incredible amounts of time and resources ensuring the growth and survival of their companies. Still, many don’t do enough to prepare for some of the most dramatic risks. A survey of small business owners found that 61% said “they don’t have a formal disaster recovery plan,” and 31% said they “didn’t know if their business would survive if it was forced to close for more than a month.” And only 40% had business interruption insurance.

Entrepreneurs can take risk-mitigating steps to avoid becoming one of the 20% of small businesses that fail in the first year or the 70% that close up shop within 10 years. Quality disaster preparedness can make the difference.

Karp HR Solutions helps businesses design and implement benefits programs and other strategies that master the mix of financial and human resources. Contact us today for a free consultation.