Insurance carriers affected by the Superstorm Sandy are trying to assess how to get their operations back online and running normally and once that is done they can look at how their disaster recovery and business continuity plans played out in the face of a difficult challenge.
Meanwhile, the rest of the insurance world needs to pull out their own disaster recovery plans and determine what a 50-year storm might do to their operations. As Rob McIsaac, a principal with Novarica points out, disaster recovery planning is critical and exercising the plan is something insurers need to do on a routine basis.
“The value is not that you planned for the right event,” says McIsaac. “What you want to do is free up your team so you have the intellectual capacity to focus on the things that are new and different this time around and allow you to make on-the-fly decisions around what needs to be done to recover from a particular event.”
McIsaac recalls working for an insurer based in lower Manhattan after Hurricane Katrina devastated New Orleans. Manhattan and New Orleans are similar in that they are susceptible to storm surge.
“Not only did we go through what we learned from [Katrina], but the step back was what would happen if a similar size storm came into New York Harbor instead of Lake Pontchartrain and how would we have responded to that,” he says. “This learning happens with each event and if people take the time to plan appropriately it provides more intellectual capital around what you need to be worried about and how you may respond to different circumstances.”
McIsaac knows insurers are never going to get their plans exactly right, but questions should remain top of mind—particularly if all your resources are located in one place.
“You need to think about ways you can distribute access so you can routinely operate—even with a skeleton crew—some of the core business functionalities that are required to keep your customers and employees in the know and your distribution partners aware,” he says.
Chad Hersh, a partner in Novarica, recalls working for an insurer in Houston at a time when a tropical storm dumped three feet of rain on the community.
“For some reason, in a city built on a marsh and in a building next to a bayou, they put the data center in the basement,” he says. “That didn’t end well.”
Disaster recovery starts with the basics, according to Hersh. The good news is that in this day and age, no insurer should ever lose their data to a storm. Restoring operations, however, is another story. On the day after Sandy, Hersh went to the websites for some New Jersey p&c carriers. He found some had employee announcements on the site, such as reminders of essential-employee verification cards that were issued to allow people to travel even though the roads are closed.
“[The insurers] were looking to staff their claims center 24 hours a day,” says Hersh. “That being said, you then notice they don’t take claims online or via a mobile app. Wouldn’t that have been handy for them rather than trying to get a bunch of staff to the office?”
The lesson Hersh hopes other insurers learn from Sandy is to automate tasks that are critical to customers after a storm, which he believes is something that has been ignored in typical planning.
“You might want to think about ways to reduce your need for getting employees back in the office,” he says.
McIsaac points out many business continuity plans anticipate that in the heart of a disaster their employees will get on a bus and travel potentially hundreds of miles from home to staff a call center or an operations center that is brought up in anticipation of a disaster.
“A lot of times that’s just not practical because people are dealing with their own personal situations, so the realism of these plans comes into stark contrast when you actually have to execute them,” he says.
McIsaac contends that in times of stress there is a potential for customers to rely on traditional technology such as telephones, even when there is no guarantee the infrastructure is going to stay up. During Katrina, he explains, most of the 800 circuits in the southeast routed through central offices that were located in New Orleans.
“We needed to find ways that would allow people to get to us in non-traditional ways that we had not thought much about,” he says.
Hersh explains the best advice for carriers looking at the aftermath of Sandy from a safe distance is to take a lesson.
“You look at a lot of the New Jersey insurers right now and you can’t get to their websites,” he says. “It’s a little late to start thinking that your website is a pretty critical business tool. A lot of companies spend all their time and resources around what they view as mission-critical systems—the back end. They forget that the most visible thing to the customers is the system most people don’t view as critical—the customer/agency front end.”
McIsaac agrees: “If your front end systems are down, as far as your customers are concerned you are closed. At the time they need you the most you need to be available. Insurers need to think through hosting solutions, how systems are integrated, and how you are going to run the front end even if key pieces of the back end are down. Historically, human beings have been the touch points, but now people grab their smartphones or their browsers. They will make decisions about whether or not you are a company they want to have a relationship with based on whether you were there when they needed you.”