Culture of Safety
Mention insurance to someone, and chances are they’ll think of buying a certain level of coverage against loss, damage, or other adverse events. But when it comes to business insurance, that’s just one aspect of protecting a company. Just as important is risk management, which is essentially the process of implementing steps to reduce the probability of such dangers. It’s a win-win effort that saves money for both insurance companies and their clients — and often saves lives, too.
Insurance, Bill Grinnell noted, is a transfer of risk, an investment a business makes in protecting itself from the costs of accidents, fraud, theft, and any number of other occurrences.
“You can manage risk in different ways,” said Grinnell, president of Webber & Grinnell Insurance in Northampton. “You can buy insurance to protect against exposures, but you can also reduce the risk of exposures — and your costs will be lower.”
He was talking about risk management, which can take many shapes, but typically refers to the mitigation of risk to avoid an accident or other incident that could trigger a costly insurance claim.
Risk management is big business for insurance carriers, who employ professionals with industry-specific expertise to help businesses cut down on their exposure to risk, thereby saving both the insurer and client money.
“Some of it is common sense. But sometimes it takes paid professionals to come in and make recommendations to help devise solutions,” said Timm Marini, president of HUB International New England in East Longmeadow. “The larger employers have their own safety officers and risk-management officers, but even they often rely on people like us.”
He said one of HUB’s calling cards is its network of individuals around the country who develop and help implement industry-specific workplace strategies to reduce risk, from driver training to hazardous-materials edcuation. “Within each discipline, there are very specific types of expertise available.”
Shellye Archambeau, CEO of MetricStream, a provider of governance, risk, and compliance software solutions, recently wrote that the hallmark of a good risk-management program is a pervasive risk-assessment culture that starts at the top, and is built on sound policies, training programs, and incentives.
“For organizations to not only survive, but thrive in this new landscape, they will need to build better resilience. That means gathering, analyzing, and learning from the past, so that decision makers can take measured steps to deal with the next major volatility or stress,” Archambeau noted. “It also means having the right risk data at the right time to understand how to diversify or disperse risks, so that no single risk has a major impact.”
The exposures that HUB works with companies to mitigate, Marini told BusinessWest, are diverse and always changing. For instance, while many accident-prevention strategies in manufacturing have been around for decades, now employers must deal with a demographic shift: Americans working longer in life than before, leading to higher-than-ever instances of joint deterioration and a subsequent boost in workers’ compensation claims related to joint injury and replacement.
Then there’s the new high-tech culture as it intersects with driving, a concern for companies with employees who work on the road. “With new technology in vehicles, we’re seeing more distracted drivers,” Marini said. “That creates increased exposure; when drivers get distracted, it’s very similar to drunk or impaired driving.”
Grinnell agrees, saying, his agency insures many firms in trucking, fuel-oil transport, and other fields where driver safety is a concern. “So we’re seeing more webcam technology, GPS technology, and technology that tracks the speed of the vehicle, sudden starts and stops, swerves … all that gets recorded.”
It’s a way to both incentivize driver safety and to record the true facts of an accident, both of which affect a company’s bottom line. But another high-tech concern is causing an even greater stir these days in the world of risk management.
That would be cybersecurity, an area of interest for just about every company, large or small. Not every breach causes exposure on the level of a Target or Home Depot, but any avoidable damage can harm a company’s bottom line and reputation.
“Those companies that keep medical records, Social Security numbers, and credit cards are expected to be more diligent in protecting their data than businesses that don’t have so much of that exposure,” Grinnell said. “You need to be sure you’re not only protected, but in compliance with some pretty stringent laws.”
More and more, Marini added, insurance agencies are working with clients to control cyber privacy and protect information. “It runs the gamut from healthcare to manufacturing. If people get in, they can disrupt your business and hold you hostage. We’re spending a whole lot of time developing capabilities to help our customers protect themselves from cyber exposure and risk.”
One way it has done that is through the use of certified friendly hackers. “We’ve actually put on some seminars with the FBI, where our friendly hacker goes in and shows how easy it is to permeate your firewalls. For 97% of businesses, it’s not a matter of if, but when something of this nature will happen.”
But he also returned to that concept of creating a culture of safety where each employee understands the risks of, say, leaving a laptop open, neglecting strong password protection, or falling for phishing e-mails. “Those moments of carelessness may be having the same password for everyone, or keeping printed materials of a private nature in your vehicle.”
After all, employee negligence may limit insurance protection, noted Lorelle Masters, a partner at the international law firm Perkins Coie, in Risk Management Monitor. “Although many businesses have crime insurance that covers ‘computer-systems fraud,’ ambiguous provisions or liability limits may restrict coverage,” she noted. “Some courts have held that fraud coverage applies only when intrusions are unauthorized, but not when an unwitting employee falls prey to an online scam.”
For other types of risk exposure, insurance companies rely on the guidelines laid out by the National Fire Protection Agency, the Occupational Safety and Health Administration (OSHA), and other work-related protection agencies — as well as their own, industry-specific expertise — to determine exposure to loss and help companies reduce it.
For instance, manufacturers need to train employees in handling hazardous chemicals and working around dangerous machinery and sharp cutting edges. Much like the friendly-hacker concept, many risk managers conduct mock OSHA inspections, so companies can locate and iron out safety issues before the real thing — when mistakes can lead to hefty fines. Businesses may also choose to make structural changes to their buildings if they’re located in a flood zone, near a faultline, or otherwise geographically vunerable.
Once risk is mitigated to whatever degree is possible, an insurance carrier can then assume the remainder of the risk.
“Risk management boils down to the owner and management of a business making safety a priority and really instilling in their managers to preach safety — and hold them accountable for the safety of their workers,” Grinnell said. “It’s amazing how much common sense can protect a business. On the other hand, if it’s all about profit and productivity and squeezing as much business as you can into one day, then safety falls to the side, then accidents are going to happen. When businesses get the culture of safety right, the rest kind of falls into place.”
Grinnell noted, however, that many insurance companies do a mediocre job helping companies reduce risk. “Most insurance companies go out for the first visit and make sure companies have their act together, but they don’t repeat that visit or check up on them,” he said. “Some companies do offer more comprehensive risk-management services, but they’re few and far between, so companies are left to rely on their own devices to figure out their risk-management steps. We do offer a fair amount of those services.”
With the risk-management and regulatory-compliance worlds intersecting in a more complex way for businesses these days, Marini said HUB’s emphasis on providing resources to help clients navigate their risks is a definite benefit. “We have all of that available for our customers. Ninety-nine percent of the time, it’s part of the arrangement.”
Some risk-management startegies are simply common sense, from not leaving customer data lying around to shredding rather than throwing away sensitive documents; from maintaining eye-wash stations where chemicals are handled to installing cameras in parking lots and entryways to record the verity of slip-and-fall accidents that often lead to costly lawsuits.
“Those types of controls have been around for a long time,” Grinnell added. “You basically do an assessment of the business, whether you’re trying to prevent hands getting caught in machines or exposure to hazardous materials or fall exposure, whatever. There are safe practices to follow to protect yourself against all those hazards.”
Although no company can ever say it’s totally safe from the myriad events that cause disruption, financial loss, and injury — or worse — it’s clear that developing that culture of safety, with all the details that go into it, can significantly reduce exposures and help employers sleep better at night.
“You may think you’re running the best operation in the world,” Grinnell said, “but if you’re not thinking about these exposures, you’re leaving yourself vulnerable.”
Joseph Bednar can be reached at firstname.lastname@example.org