Managing Risk & Protecting Your Business
Managing Risk & Protecting Your Business
Not Reading This Is Called Risk Avoidance
The electronic security industry is hyper-focused on our customers. From retail locations to government buildings to multi-family residences, our clients and their properties are consistently at the forefront of our minds. Our business objectives are almost always related to providing the most advanced technologies with high-quality user experiences at solid price points. And this is as it should be. But every once in a while, we need to turn the tables and focus on ourselves and our business.
Owning and operating a business is often accompanied by uncertain times and can require a venturesome attitude. But a certain peace of mind comes with the risk mitigation and insurance coverage that is provided by Security America RRG. With nearly 900 policy holders, Security America RRG has been providing extensive general liability, including errors and omissions coverage, to ESA members since 2003. The key differentiator of Security America RRG is the expertise provided by individuals who know the electronic security industry and are uniquely positioned to offer insight into the optimal risk mitigation strategy for your business.
In June 2016, ESA secured a partnership with GDP Advisors, LLC, to bring members additional insurance solutions and consulting services under ESA Insurance Solutions. Together with the quality general liability and E&O insurance already offered through Security America RRG, ESA Insurance Solutions provides members with access to an entire portfolio of products including health insurance, workers comp, business auto insurance, commercial property insurance, home, auto, and life insurance
ESA caught up with Security America RRG’s president, Michael Keegan, and Seth Denson, co-founder and president of GDP Advisors, LLC to get the inside information on risk management and protecting your security business.
What do security businesses need to know about risk management?
Keegan: Managing your company’s risk begins long before your technician arrives at a job site. Risk management is built on the foundation of your company’s policy and procedure manual. Those standards must be followed and managers must take the time to confirm them during training and verify they are being followed — especially by your technicians. This includes standards such as not starting work until a signed and approved contract is in place, following guidelines for ladder safety and other job site hazards as well as testing the functional operation and communication of all protective devices that are installed.
Denson: The same applies to security- based companies as it does to any employer and any company. First and foremost, identify what risks and hurdles the company faces. For years, the electronic security industry has relied upon insurance companies to tell us what those risks are. The problem is insurance companies only talk about the risks that they sell insurance for. What we find more often than not and what causes companies to crumble has nothing to do with insurance at all; it’s the uninsurable risks. The key approach any business should take, is to identify what risks are out there for insurable and uninsurable scenarios.
What is unique about security business coverage?
Keegan: General liability coverage for a security integration company is commonly mistaken to extend coverage to their customers. An industry standard installation and monitoring agreement will state “company is not an insurer.” Residential and commercial customers should be protecting their buildings and contents with their own insurance coverage. Because the customer maintains a relationship with its alarm provider for monitoring and service, it is vital that the integrator is protected by the limits of liability and indemnification clauses of an industry standard contact.
Denson: Many security companies are owner-operated and the hurdle that these owner-operators have is there is only so much time in the day to focus on the business and in the business. When you’re managing a business—in the business— as the owner, chief strategist, CEO, and operator, you’re wearing a lot of hats. The ability to toggle back and forth, spending the appropriate amount of time to wear each of those hats is quite difficult. Developing a strategy, understanding a business, and what that strategy needs to be is the real solution. But to find a solution, you first have to identify the problem. Identifying risk is actually taking the time to know what you don’t know. Then you need to quantify that problem by putting a dollar amount to it and understand its impact to the organization. Follow up with prioritizing that risk. GDP Advisors, LLC call it the identification, quantification, and prioritization process.
What are the more common risks in the security industry and how should businesses combat them?
Keegan: By paying attention to the details of an installation, an alarm company can reduce its exposure to a future claim and reduce their risk. Not receiving an alarm condition is a common cause for an insurance claim. Making sure that all devices are tested back to the monitoring station is critical. Just because a zone is clear and trips a siren doesn’t mean it will notify the monitoring station. Not following best practices will also get you into a lawsuit. Making sure your technicians are trained in codes and standards as well as job site safety will help keep you out of the courtroom.
Denson: The number one uninsurable risk that GDP Advisors, LLC sees is compliance. There is no insurance policy that is going to cover a business if the government shows up and cites you for non-compliance; whether that’s payroll, employment practices, OSHA, tax filings, properly filling out 941’s and I-9’s; any of those types of things, there’s no insurance for. Every security-based company faces not only the influence from the state government but the federal government. Managing those entities effectively and understanding the risks is key.
The second uninsurable risk we see most often is income and reputational risk. What happens if income stops tomorrow? If income stops because of a flood, a fire, or a natural disaster, there’s insurance income protection. But what if all of a sudden your customers go away? Those types of things are very real to an organization and there’s no insurance to manage that loss of income due to reputational risk situations.
The third uninsurable risk throughout the security industry is culture risk. To develop a good employee-based culture is challenging. It can take a lot of time to develop the culture that you’re trying to accomplish but it can take mere milliseconds to ruin it. If employees walk out the door tomorrow, what happens to the organization? You have 100 employees on Friday and not a one comes in Monday morning. There’s no insurance for that. There are a number of things that could cause that to happen but there’s no insurance for when it does.
What threatens business continuity?
Keegan: As an alarm company owner, you need to step back from the day-to-day firefighting and ask yourself “what if?” If your building is burned to the ground or submerged by flooding do you have a plan to operate from a temporary location? Do you have your customer data and financial data backed up to an offsite location and have you run a mock catastrophe so that you know what works and doesn’t work? Is your downloading software and customer programming information on another offsite computer ready to go? Not only will these preparations help you in the event of a physical situation but also a cyber event. I know of at least one alarm company that was hacked and their information was held for ransom. Will you be ready to go to plan B? Only if you are prepared and have a plan B!
Denson: Risks are evolutionary. Every year, a report is released that addresses the emerging risks that businesses face. Out of the top 100 reported last year, there were 13 in the top 20 that were new. The concern is that a company goes through a process of identifying, quantifying, and prioritizing risk and executes a plan to its fullest and then never goes through that process again. The biggest risk that organizations face is being complacent, even the most strategic are holding on to old strategies and not evolving with the risk.
What trends do you see in Cyber Insurance coverage?
Keegan: Think of it. Our industry maintains on/off codes to banks, critical infrastructure facilities and government buildings—not to mention our residential customers. In addition, we store credit cards and ACH bank information. Yet, despite all of this data we hold, the alarm industry is slow to embrace cyber coverage. I believe we will start to see more of our customers require their alarm provider to carry cyber coverage just as we are required to carry general liability insurance.
Denson: Cyber risk is by far one of the most impactful emerging risks of the 21st century. With the globalization of the business market comes the globalization of business threats. I can sit in the Czech Republic and impact an organization in Midland, TX with the stroke of a keyboard. As long as information flows at the speed in which it flows, cyber will continue to be a problem. There will be very little companies can completely do to negate it because it is ever-changing.
What are some of the mainstream myths of protecting your business?
Keegan: I often use the example of the alarm company owner who installed a system for his best friend. No need for a contract – just a handshake agreement because “he would never sue me, he is my best friend.” Two years later, the four million dollar house burns to the ground. The best friend says “don’t worry, my insurance company is taking care of everything.” After some time, the alarm company owner is notified that his friend’s insurance company is suing him because the smoke detectors didn’t notify the monitoring station. “Don’t worry,” says the friend, “I’ll tell my insurance company not to sue.” The insurance company has the “right of subrogation,” meaning they can stand in the owner’s shoes and the owner has no say in the matter. Remember that one million dollar coverage? Yes, that is paid to the friend’s insurance company by the alarm company’s insurer. But what about the other three million? The alarm company owner was sued for that amount and had to settle with an out of pocket cost that forced him to sell his business. The moral of this story is to carry coverage limits in excess of the value of your largest customer, not just a minimum policy and NEVER install a system without the protection of an industry standard contract!
Denson: It is a myth that insurance is the end-all, be-all solution; the silver bullet. The reality is that there is no silver bullet, they don’t exist. The best we can do is to continually try to stay on top of risks by talking about and identifying them and having a third party or outside organization without any blinders on looking at our business as often as possible. That is a key factor that companies must do to manage going forward. Stop thinking that insurance is the end-all, be-all solution, it is a part of the solution but it’s not the entirety of it.
2017 is the time to make employee benefits and risk management a strategic initiative in your organization. Security America RRG and ESA Insurance Solutions will help you define organizational objectives and develop an action plan to ensure a comprehensive approach to fulfilling your portfolio needs. The strategic planning services offer ongoing evaluation of your organization’s characteristics, such as emerging and uninsurable risks, to guarantee a proper balance is achieved. Strategic planning shields your plan from becoming obsolete as new trends and market factors emerge, and also helps with budgeting and long-term cost management. ESA members are reinventing their companies with coverage that is scalable and effective.
Does your current business insurance policy leverage critical coverage to mitigate risks? To discover the policy highlights, compare your current policy, or request a quote, GDP Advisors, LLC is standing by. Contact Chris Bufkin at (866) 441-0877 or GDP@ESAweb.org to start 2017 with a business protection strategy designed specifically for your electronic security business.