Dave Oates: Welcome to the first of a video series where we’re going to talk to people within the San Diego and southern California communities about crisis management situations from all different perspectives. Welcome, John Rains. John Rains with Alliant Insurance, one of the top-tier insurance brokers for all sized companies, but primarily in the manufacturing and distribution, $25 million or above. Do I have that right?
John Rains: Very much so. We’re fortunate to work with publicly traded and private companies really throughout San Diego and California, but also clients throughout the country that have diversified series of risks that we have to look at. I mean, really when you think about our company, I think we’re really poised to do a handful of things for clients. First and foremost is really providing risk identification. Based on your real industry, what are the areas of risk that you have? The other thing that we do is provide brokerage services, so insurance into the marketplace. Say they’re with New York markets, London markets, specifically developing these policies that a company should have for the proper coverage. Then really lastly is when we have a claim. How do we engage and help our clients when we have risk mitigation or claims advocates that will work on behalf of our clients.
Dave Oates: I guess the next question then is, the practice of risk management, it encompasses so many different facets. What are the kind of things from a strategic point of view are you trying to get organizations to think about when you walk in and start discussing that topic?
John Rains: It’s a great question. It’s something we do with every client we meet with because again, some clients and most companies are going to have some general risks that are going to be needed to be evaluated, but it’s really more nowadays when they talk about it. An example. Let’s talk about cyber liability coverage. We’re certainly talking about all our clients about how they’re addressing the records they’re keeping, how does cyber work inside their overall business. Then really managing that issue in regards to what happens when we have a breach of this data that we’ve got in our control. There’s a number of different ways to address that, but it’s most important really to think about risk management from a basic standpoint.
John Rains: From the basic standpoint, we’re really trying to evaluate what could go wrong. What is the impact and likelihood of that something going wrong? Then, what can we do to really mitigate it? We can we can do to really change those type of things? Those are really the basics of risk management.
Dave Oates: Let’s talk a little bit an example. You mentioned cybersecurity, and there’s the recent Starwood cyber breach that is affecting I think millions and millions of customers worldwide. There’s a hard dollar cost to the recovery of that, but then there’s also the cost of reputation. There’s a cost of employee morale and productivity. Where do you fit with addressing the totality of risk involvement?
John Rains: That’s a great question. We really, we touch all of those parts. An example of Starwood, again, I got my response on Friday, ended late. Starwood had done their announcement how they were going to manage their client relationships in regards to the breach, the data they have had. We would manage this in a couple ways. First and foremost, the best time to really talk about a risk is well before it ever happens. We use this comment about how frequently and when should we do these things. It’s no different than the old adage of, when is the best time to plant a tree? Yesterday. I mean, that’s really kind of the best answer I can give you in regards to risk management.
John Rains: For Starwood example, Starwood has gone through a number of reiterations of looking at, what’s going to happen when they lose data? What’s the true financial cost of one, providing credit monitoring to people like me, a third party? Then, really that reputational piece. I mean, I certainly know who the CEO of the company is now because I got a letter from him on Friday night. That reputational part that when I as a third party look and say, have they treated my data well? Have they done a fulsome operational perspective and maintained that data? Those things will still to be decided, and third parties like myself will gauge those things. Things like cyber liability and these true really makeups of your industry really will reflect on you and the community when you have a breach when you have a type of loss.
John Rains: Doing those fulsome things in the beginning and knowing what those financial costs are going to be, but then also being prepared well before this ever takes place. What announcements are we going to have to make? What counties are we going to have to make these announcements in a timely manner? All those things really have to work into a true risk management program. PR and managing crisis PR has to be paramount in this process because again, although I got my statement on Friday night, at that point I start thinking about, okay, who are these individuals and how are they proactive in protecting our data? I think we’ve really come into a different world in regards to PR because access to data and information is so heightened now.
Dave Oates: There really isn’t an end of a news cycle. No one would have even 20 years ago put out something that on a Friday would have been on a Monday, but the reality is there’s no choice in the matter anymore, and you have to be accessible.
John Rains: That’s right.
Dave Oates: I appreciate that. Ok, a little plug for yourself and Alliant. Let’s talk about how you help organizations solve this. They’ve identified the risk. They understand the totality of the exposure level to which they’ve got to mitigate.
John Rains: Right.
Dave Oates: Where do you come into play? How do you help them solve that?
John Rains: Yeah. That’s such a wonderful question. I am partnered with a number of other professionals. We have people that are on the loss control, kind of the risk identification process. That’s all they do from a professional standpoint. They will come into a company and look at all the data and really the operational perspective of where we could have a loss. Then, that’s really disclosed to me, our underwriting team. We go out and secure coverage that’s specifically modeled to trigger when they may have a breach or some other type of business event. Those are the things we do, and then lastly, we really buttress that with claims advocacy professionals. Professionals that are ready to deal with the insurance carrier for our insured, and then be able to try and make them as a whole as possible based on whatever loss they would have. That’s really kind of all-encompassing.
Dave Oates: I appreciate that. Just to reiterate again as you talked about, when is the time to plan for such an adverse event?
John Rains: It certainly was yesterday. It was certainly yesterday. My hope is you’ll look at somebody like Starwood. They will get this process. My hope is that they will refine the risk management process because again, risk management is not something we develop and we put on the shelf. It’s something that can continually need to be modeled and really fit into your organization because your organization is going to change over time.
Dave Oates: John, thanks so much for your time. We appreciate it.
John Rains: You’re welcome. Thank you.
Dave Oates: John Rains of Alliant Insurance. Thanks so much for watching.
John Rains: Have a great day.
Dave Oates: See the next episode soon.