Tech company CFOs look beyond numbers
Travelers provides insight into risks in the technology sector
By Michael J. Moody, MBA, ARM
Regardless of the industry, financial executives are finding themselves more involved with risk management. Nowhere is this truer than in the technology sector. Travelers, in conjunction with CFO Research, recently completed a new study to determine how CFOs in this sector "view their companies' ability to manage nonfinancial risk." For the most part, the survey participants "feel that their technology businesses are fairly well protected for a number of narrowly defined nonfinancial risks"; however, that was not the case for all risks.
The survey participants were far more concerned with those types of risks that have the potential to have more direct or substantial impact on their organization's performance. According to Travelers, the evolving technology sector is creating new risks that may not be immediately recognizable to CFOs. As part of the insurer's commitment to keeping the industry informed regarding the range of nonfinancial risks, the study provides an opportunity to gain significant insight into the participants' views on the growing range of emerging nonfinancial risks in the tech sector.
Nonfinancial risks 101
For the purpose of the study, nonfinancial risks were defined as "events or actions, other than financial transactions, that can negatively impact the operation or assets of a company." Obviously, this is an area of growing concern for CFOs in most industries. In fact, 62% of the study's participants indicated that these risks had become a major concern in recent years. They noted that events in the recent past have called attention to the problem and, as one indicated, "With the financial meltdown, nonfinancial risks have become exacerbated."
Additionally, many technology companies are facing "increased competition plus continuous price pressures from customers." Participants expressed the most concern about nonfinancial risks that affect business operations directly. As a result of the above factors, Mike Thoma, vice president and chief underwriting officer of Traveler's Global Technology Group, notes, "Many tech company CFOs are beginning to expand their responsibilities by focusing on risk management."
While the study noted a number of potential nonfinancial risks, its participants identified a group of six specific risks that they indicated were the most critical ones. Two of the risks—breach of a company's electronic or online data, and U.S. regulatory compliance—were viewed as "yellow zone" risks. These "yellow zone" risks are considered "proceed with caution." While it is easy to see that these two risks could have huge consequences, the majority of CFOs said they believed their companies were well prepared for these types of risks.
A number of participants stated that in today's business environment "effective cyber security is a given." Most (70%) noted that while it is a significant risk, especially for tech companies, they "make sure they have mitigation plans in place to protect their companies." They also point out that "for many technology companies, regulatory compliance is a basic requirement simply for doing business." Here again, many of the CFOs believe that they have the compliance well in hand.
Of much more concern to the technology CFOs was a group of four nonfinancial risks they consider to be "red zone" risks that require immediate action. The consensus of the participants was that their organizations "are not prepared well enough to manage their most pressing 'red zone' nonfinancial risks" and, as a result, they believe that they should be addressed most urgently.
"Red zone defense for business execution"
The red zone risk identified by the greatest number of participants (48%) was "business decline due to economic conditions." Further, "59% of these respondents say their companies are not adequately prepared for this risk." The majority agreed that their organizations need to be better at coping with the economic downturns, even if they aren't attributing the business decline to a poor economy.
Another red zone risk that was noted was "performance failure of vendors and suppliers." In today's business climate, many tech companies increasingly have to rely on extended and exposed supply chains. Thoma indicates, "This is a critical issue for most firms in this industry segment." Part of this problem has to do with "getting to market with upgrades or new products faster than ever," thus requiring the smooth functioning of the supply chain. Participants are quick to point out that "the effects of the recession and slow economic recovery are having negative impacts up and down the supply chain."
A third red zone risk noted by the tech CFOs was "the ability to hire and retain quality employees." This, of course, is a problem for any business, but the technology sector relies more heavily on specialized expertise than other industries. As one technology finance executive put it, "The ability to attract and retain top talent is mission-critical." Added to this situation, increasing globalization presents its own set of human resource challenges for technology employers.
"Failure to meet targets for business/customer growth" is the final red zone risk that was noted in the study. This is an important area of concern for most of the survey participants and one of the reasons Travelers chose to undertake this study. As an industry leader, Travelers believes it is critical to help "technology companies understand and manage their risks."
"Many tech company CFOs are beginning to expand their responsibilities by focusing on risk management."
-Mike Thoma, Vice President, Chief Underwriting Officer, Travelers Global Technology Group
Most of the tech executives surveyed "stress the importance of taking an integrated view of nonfinancial risks." A large part of this strategy, they believe, is that "diligence and 'keeping informed' are keys to being prepared for a technology company." They recognize the importance of understanding what they need to guard against. "If we don't really know what to protect against, it's hard to form a plan." As a result, the CFOs are continuing to search for "cost-effective ways to stay better informed and ahead of the curve with regard to these risks."
The majority of the participants realize that this type of integrated approach requires a strong board and executive management team. Equally important is that they need to listen to their customers and suppliers. A small group of participants (about 16%) believe that their organizations are "quite good at putting the picture together," noting that they rated their ability to manage these nonfinancial risks as "excellent." Among the reasons for this rating were such things as better management of suppliers and vendors, as well as more attention to risk prevention and disaster recovery. Based on the respondents' comments, Travelers believes that "confidence in the ability to manage risk effectively seems to go hand-in-hand with a more aggressive stance towards nonfinancial risk."
In analyzing the results, Travelers highlights several important points. They indicate that by and large the CFOs "feel their companies are well prepared for predictable nonfinancial risks." But not surprisingly, "they are most uncomfortable when it comes to risk for which they feel they cannot prepare." Travelers points out that when you consider these types of risks, focus needs to center on mitigating, managing or eliminating them. For example, when you look at "performance failure of vendors and suppliers," technology companies frequently think they can protect themselves just by lining up more than one supplier. However, Travelers says this approach may not be adequate on a long-term basis. This type of situation may arise when a common event, such as the October 2011 floods in Thailand, affects many suppliers, resulting in an overall worldwide hard drive shortage. "This was a wake-up call for companies that do business in this part of the world," Thoma says.
A similar issue occurs with cyber security, where 70% of the participants thought "they had adequately prepared for attacks against security of their customers' private information." Travelers believes that in some cases the finance executives have "a false sense of security when it comes to their preparedness for cyber-related risks." Unfortunately, Thoma notes, "Many people know they have this risk, but they think they have it under control." The executives may not realize just how quickly this area is changing. Travelers points to the fact that the "number of 'comprised records' reached 174 million in 2011, up from 4 million the year before," according to the 2012 Verizon study on cyber security.
One of the specialty areas for Travelers is technology companies. Not only do they have a wide variety of traditional insurance products specifically designed for this industry sector, they also can address a number of the nonfinancial risks that are faced by this sector. Typically, for most of the six critical nonfinancial risks (4 red zone and 2 yellow zone risks) Travelers has either established loss control programs, insurance products or both to address these specific risks.
Cyber threats, Thoma believes, are a perfect example, where Travelers' CyberFirst® product covers a wide variety of situations that can involve electronic or online data. Among other things, this combo product combines technology errors and omissions, economic losses incurred due to a failure of a company's product, protection for data breach exposure and the cost of notification due to the breach. In addition, the coverage can provide assistance with crisis management and PR efforts in the event of a breach. Thoma says that CyberFirst has a long list of other coverage enhancements that will assist insureds and represents only one of the available coverages for this sector.
One final point that should be of interest to any agent or broker involved in this business sector is: "Seventy-four percent of the participants," according to Thoma, "really are eager to learn recent and relevant information regarding risk management from their brokers." Further, he points out, "Customers are anxious to be able to tap into the broker's resources," and they believe that this access to recent and relevant information will ultimately become a significant differentiator in the marketplace. Customers realize that by keeping informed they will be better able to prepare for the unknown and unexpected.
Brokers and agents who wish to develop or maintain a book of business in the technology sector should plan accordingly.