Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Jon Seals

SAN JOSE, Calif. – Diablo Technologies today announced the production release and volume availability of its Memory1™ 128GB DDR4 system memory module. The 128GB module and accompanying Diablo Memory Expansion (DMX) software provides 1TB or 2TB of system memory in a single two-socket server – unleashing the power of Big Memory for Big Data. Memory1 is now available to OEMs, system integrators and end-users for production deployment.

Memory1 provides the highest-capacity system memory solution on the market, enabling massive increases in server and application capability. Diablo’s JEDEC-compliant, flash-based DIMMs, interface seamlessly with existing server architectures and require no changes to hardware, operating systems, or applications. Memory1 is ideal for environments that require large memory footprints for workloads such as big data analytics, caching, and complex web applications.
“Achieving Memory1 production release is a significant milestone for Diablo and the industry. Customers are reporting compelling economic benefits and powerful gains in performance for a wide variety of Big Data applications,” said Mark Stibitz, Chief Executive Officer of Diablo Technologies. “Memory1 provides more processing power per server, allowing data centers to cost-effectively scale-out and tackle workloads previously beyond their reach.”
Memory1 is the continuation of Diablo’s award-winning innovation and market leadership in bringing NAND-Flash deeper into the Cloud and Enterprise Datacenter. For pricing and availability, please contact sales@diablo-technologies.com. Tweet This: Diablo Technologies #Memory1 is now shipping in volume to #OEMs, #systemintegrators and end users #BigMemoryForBigData www.diablo-technologies.com
FOLLOW DIABLO https://twitter.com/diablo_tech https://www.facebook.com/pages/Diablo-Technologies/369582183128064
ABOUT DIABLO TECHNOLOGIES Diablo is at the forefront of developing breakthrough technologies for next-generation enterprise computing. The company’s flagship Memory1 is a first-of-its-kind Flash-as-memory technology that delivers four times the capacity of the largest DRAM modules. Diablo's Memory Channel Storage platform combines innovative software and hardware architectures with Non-Volatile Memory to introduce a new and disruptive generation of Solid State Storage for data-intensive applications. The Diablo leadership team has decades of experience in system architecture, chipset design, enterprise software and business development at companies including PMC-Sierra, Anobit, AT&T-Microelectronics, Bell Labs, Nortel Networks, Intel, Cisco, AMD, SEGA, Cadence Design Systems, Matrox Graphics, BroadTel Communications and ENQ Semiconductor. Learn more at http://www.diablo-technologies.com.

Thales, leader in critical information systems, cyber security and data protection, and Williams (ETR: WGF1), the leading Formula One team and advanced engineering company have entered into a new technical partnership. As part of the agreement Thales will deliver state-of-the-art cyber security solutions for real-time global telemetry transmission to both WILLIAMS MARTINI RACING and Williams Advanced Engineering, the engineering services and technology division of Williams.


Thales designs, develops and operates resilient and high-performance critical information systems supported by its 2,000 cyber security experts and world class data protection and digital trust management solutions, protecting mission critical data anywhere data resides. Cyber security, especially data protection, is of the utmost importance in the competitive world of Formula One.


The expertise brought by Thales will assist Williams in protecting its confidential high-value data. Thales Datacryptor 5000 delivers high speed data protection with state-of-the-art throughput enhancement and low latency to ensure high assurance, real-time global telemetry transmission from the pitlane back to Williams’ headquarters. Furthermore, with an increasing number of projects being undertaken for external customers through Williams Advanced Engineering, data protection and security has become a priority across the Williams Group.


Marc Darmon, Executive Vice-President, Secure Communication and Information Systems, Thales says:

“Thales is a world class cyber security expert and a globally recognised systems integrator, delivering safety and security critical systems in challenging environments such as Aerospace, Space, Defence, Finance, IT & Technology and Ground Transportation. This agreement builds on the already strong existing relationship between our two companies and our combined skills and expertise. It clearly illustrates Thales’s commitment to accompany its clients in their digital transformation where cyber security is a vital requirement.”


Claire Williams, Deputy Team Principal and Commercial Director, Williams says:

“Williams has undergone a significant digital transformation over the past two years. We are revolutionising our IT infrastructure to make sure that we are well placed to continue innovating. With the help of Thales, we will be introducing cyber security systems that keep our business critical data secure wherever we are in the world.”


About Williams

Williams is a leading Formula One team and advanced engineering company. Formed in 1977 by Sir Frank Williams and Sir Patrick Head, the company has secured 16 FIA Formula One World Championship titles since its foundation. The company's core competencies are the design and manufacture of Formula One race cars, and the deployment of this expertise in running the team's entries into the Grands Prix each season under the name WILLIAMS MARTINI RACING.

Williams Advanced Engineering is the division of Williams that harnesses Formula One derived technology, development pace and knowledge to deliver highly innovative products and services to the motorsport, automotive, aerospace, defence and energy sectors. Working in close collaboration, Williams Advanced Engineering helps its customers meet the sustainability challenges of the 21st century and improve their performance, market position and brand image.


About Thales

Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 62,000 employees in 56 countries, Thales reported sales of €14 billion in 2015. With over 22,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its exceptional international footprint allows it to work closely with its customers all over the world.

Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe’s leading players in the security market. Thales solutions secure the four key domains considered vital to modern societies: government, cities, critical infrastructure and cyberspace.

Drawing on its strong cryptographic capabilities, Thales is one of the world leaders in cybersecurity products and solutions for critical state and military infrastructures, satellite networks and industrial and financial companies. With a presence throughout the entire security chain, Thales offers a comprehensive range of services and solutions ranging from data protection and trust management, security consulting, intrusion detection and architecture design to system certification, development and through-life management of products and services, and security supervision with Security Operation Centres in France, the United Kingdom and The Netherlands.

Aspect, first and largest vendor of cloud-based energy and commodity trade and risk management (ETRM / CTRM) software, has seen sales for the first half of the year climb to a record 16-year high as even the largest global organizations are dumping entrenched, legacy software and moving to the cloud.


Booking more than $7M in new business through the first 6 months of the year, an increase of 127% over the same period in 2015, Aspect has become the replacement solution of choice for user organizations blighted by traditional client-server solutions that require either costly upgrades or pay-all-over-again replacement versions to remain competitive. Conversely, Aspect’s monthly subscription model sees fully-tested fresh versions, fixes and upgrades delivered to desktops automatically and transparently at no extra cost.


Now regarded as the CTRM sector disruptor, Aspect has this year signed 8 new deals with global top tier trading companies in the metals, coal and oil trading sectors, including Ferrocadia and MENA Energy. Aspect’s functional expertise, rapid implementation and proven scalability all played an important part in this success. The company did particularly well in North America and the Middle East where sales were consistently ahead of target.


Steve Hughes is CEO of Aspect and formerly of its predecessor OILspace, the company that pioneered cloud CTRM 16 years ago. Since then Aspect’s continually evolving solutions have helped put the cloud front and center of the industry. “The world has moved on but legacy CTRM solutions have not,” said Hughes. “Users are paying for support and updates to software going nowhere. The cloud is a way out of that cycle, a route to software with a future for minimum pain and maximum gain.”


Switchers to Aspect can typically achieve cloud CTRM implementation in as little as eight weeks, with ongoing cost of ownership typically comparable to the cost of support only for legacy software.


“Where once it was just the small and mid-tier market, there’s little doubt that cloud vendors now effectively own the whole market. Meanwhile there’s evidence that legacy vendors are abandoning their traditional products, leaving users themselves to find alternatives,” added Hughes.


About Aspect

Aspect is a leading global provider of multi-commodity trade, risk and operations management applications delivered Software-as-a-Service (SaaS) in the cloud. With almost 500 customers in 90 countries, it’s one of the fastest growing providers with rapid deployment, affordable subscriptions, and immediate ROI for all size companies. Solutions include AspectCTRM®, a full-featured commodity trading and risk management enterprise suite for front, middle and back office. It’s available in three editions: Lite, Standard and Enterprise, expanding in functionality according to the needs and budgets of clients. Aspect is the only ETRM/CTRM solutions provider with market data and analytics tools delivered with its trade and risk functions on the same platform. This provides users with a seamless packaged solution beginning with pre-trade pricing analysis and market assessments via AspectDSC. Aspect’s solutions are available on desktop, tablets and mobile devices and through its new Aspect Partner Program (APP).

Carbon Black Delivers the Industry's Most Complete Next-Gen Endpoint Security Platform, Featuring the Cb Collective Defense Cloud


WALTHAM, Mass. – Carbon Black, the leader in next-generation endpoint security, today announced its acquisition of Confer, a next-generation antivirus (NGAV) company.

Carbon Black is recognized for its market-leading application control, incident response, and threat hunting products that serve more than 2,000 organizations globally. By adding Confer’s NGAV product, Carbon Black delivers the industry’s most complete endpoint security platform. Confer’s software solution will be renamed “Cb Defense.”


“With the acquisition of Confer, organizations of every size can now address their endpoint-security requirements through a single platform,” said Patrick Morley, chief executive officer of Carbon Black. “This extension of the Carbon Black platform is a significant step forward in our vision to create a world safe from cyber-attacks.”


Today’s cyber security war is waged at the endpoint. Incumbent AV providers regularly miss critical malware threats, as noted by Gartner in its 2016 Magic Quadrant for Endpoint Protection Platforms: “44% of reference customers for EPP solutions have been successfully compromised.” In the wake of traditional AV proving to be ineffective, emerging endpoint players have entered the market. However, these players offer incomplete, point solutions that miss entire classes of cyber-attacks. These omissions create a false sense of security and leave enterprises vulnerable.


“The emerging next generation endpoint security market is about more than prevention. Security vendors who offer a comprehensive security platform comprised of prevention, detection and response capabilities will lead the transition from prior generation solutions,” said Doug Cahill, senior analyst at ESG. “With the addition of Confer, Carbon Black is offering such a next-gen platform to address the ever evolving threat landscape.”


Cb Defense Redefines Next Gen AV

“NGAV solutions need to take a far more innovative approach in stopping attacks and be much more effective than legacy AV” said Mark Quinlivan, co-founder and chief executive officer at Confer. “We built Confer to provide a sophisticated, lightweight yet simple solution that includes groundbreaking prevention, detection and incident response.”


Cb Defense uniquely combines behavioral-based prevention techniques with integrated detection and response capabilities to stop cyber-attacks. Its cloud-based, deep-analytics approach blocks both malware and increasingly common malware-less attacks that exploit memory and scripting languages such as PowerShell. Once malware is blocked, Cb Defense gives organizations visibility into how the attack happened, which enables them to proactively fix security problems.


Cb Defense uses a lightweight sensor that installs in less than a minute and consumes less than one percent of the CPU, disk and network. Once installed, Cb Defense can be completely managed from the cloud through an easy-to-use, web-based interface.


Carbon Black Endpoint Security Platform

With the acquisition of Confer, customers will have access to a single platform designed to replace ineffective antivirus, lock down critical systems, and arm incident-response teams with the most advanced tools to proactively hunt down threats. The Cb Endpoint Security Platform is the only solution that provides the flexibility and security required to grow and evolve with an organization’s security needs.

The Cb Endpoint Security Platform is designed to:

  • Stop the Most Attacks. Using a combination of endpoint data and the Cb Collective Defense Cloud, the Cb Endpoint Security Platform stops more attacks than both traditional AV and competing NGAV products. It blocks both malware and malware-less attacks.
  • See Every Threat. The Cb Endpoint Security Platform continuously records all endpoint activity, giving organizations full visibility into how cyber-attacks happen. By capturing and analyzing behaviors, it pinpoints potential exploits and provides complete visibility into each threat.
  • Close Every Gap. With complete threat visibility, the Cb Endpoint Security Platform enables organizations to proactively fix security problems in their environment by leveraging a full suite of remediation capabilities.

Cb Collective Defense Cloud

Confer’s cloud-based analytics engine will become part of the “Cb Collective Defense Cloud,” adding significant depth to the Cb Endpoint Security Platform. The Cb Collective Defense Cloud provides an assessment of what’s safe and what’s not, based on advanced-analytic techniques applied to data from millions of endpoints.

The Cb Collective Defense Cloud:

  1. Continuously records data from more than seven million endpoints protected by Carbon Black products.
  2. Enhances and enriches the data with threat intelligence from dozens of sources including Carbon Black’s Detection eXchange and partner feeds.
  3. Applies rigorous analytic techniques including machine learning, artificial intelligence and behavioral analytics to massive datasets of attacks, threats, behaviors and anomalies.
  4. Streams context and insight to Carbon Black’s offerings where attacks are blocked at the endpoint.

Continuous interactions between the Cb Collective Defense Cloud and Carbon Black’s offerings strengthen the system’s ability to identify malicious activity and become more resilient over time.

Confer Co-founders Paul Morville and Jeff Kraemer will be joining the Carbon Black product and engineering teams respectively. Confer employees will join the Carbon Black team. Terms of the acquisition were not disclosed.


About Carbon Black

Carbon Black has designed the most complete next-gen endpoint security platform, enabling organizations to stop the most attacks, see every threat, close security gaps, and evolve their defenses. The Cb Security Endpoint Platform helps organizations of all sizes replace legacy antivirus technology, lock down systems, and arm incident response teams with advanced tools to proactively hunt down threats. Today, Carbon Black has approximately 2,000 worldwide customers, including 25 of the Fortune 100 and more than 600 employees. Carbon Black was voted Best Endpoint Protection by security professionals in the SANS Institute’s Best of 2015 Awards.

Wednesday, 20 July 2016 00:00

BCM 2000: Essentials of BCM Series


Implementing ISO 22301, 22313,
22320, 22398, 27031, 31000, 19011 & 17022
Includes BCI's 2013 Good Practice Guidelines 
Looking for a course that is based on international standards?
Looking for templates and examples on how to develop a Business Continuity Management System that meets the requirements of the standards? 
Do you like to have fun (and maybe even laugh out loud!) when you learn?
Then BCM 2000: Essentials of Business Continuity Management is the course for you!  Download the Brochure 

Course Description 
BCM 2000: Essentials of Business Continuity Management provides you with knowledge to develop a standards-based, auditable, and actionable business continuity program for your organization.
This course is the critical starting point to developing a program that can be certified ISO 22301. It is comprised of 10 individual modules that can be taken as a series or in combination over time.

Essentials of Business Continuity Management provides the foundation necessary for new or current professionals interested in either developing a career in Business Continuity Management, seeking certification, or for those professionals responsible for developing a business continuity program for their organization.

It is designed to expose the participant to all aspects of a holistic BCM program and to be a solid "how to"guide for building a business continuity program for all types of organizations.

Student activities are included throughout the course and are designed as knowledge checks to reinforce lesson materials and to provide attendees with hands-on activities that will enable them to become familiar with and apply these principles in their jobs.

Delivery Structure
Essentials of BCM is offered as an elearning course that includes the following elements: Download the Brochure
  • Voice over ppts teaching online
  • pdf's of the course book
  • Templates of how to implement the requirements of the standards (sample policies, reports, etc.)
  • Multi-media that is relevant & fun!
  • BCI's 2013 Good Practice Guidelines 
  • Case study
  • Open for Business Toolkit
  • Course review activities to evaluate for comprehension
  • Practice exam questions (for DRII's Qualifying Exam)
  • Online essay for CEU credit  
  • Email access to a qualified expert for questions
  • Online ISO 22301 Lead Implementer Certification Exam included in course fee 
Certification Requirements
Successful completion of the BCM 2000 series with a passing grade on the online ISO 22301 Lead Implementer exam completes the educational component for certification as an ISO 22301 Lead Implementer.

Holders of the ISO 22301 Lead Implementer certification are entitled to apply for statutory membership with the BCI at the AMBCI or MBCI level, subject to evidence of required experience.
With ISO 22301 as an international standard allowing companies to demonstrate their ability to cope with major threats; as well as provide a management systems approach to business continuity management, this course provides you with what you need to develop a program that complies with these certification standards.

Register Here

And if you have questions, don't hesitate to call or send an email.
Lynnda Nelson, President
The International Consortium for Organizational Resilience
866.765.8321 US/Canada  +1630.705.0910 International Calls
BCM 2000: Essentials of Business Continuity Management Series
BCM 2011: Business Continuity Program Development
BCM 2021: The Business Impact Analysis
BCM 2022: The Risk Assessment
BCM 2023: Developing Strategies / Options to Protect the Organization
BCM 2031: Plan Design, Program Structure, & Required Documentation
BCM 2032: Incident Response, Management & Communication
BCM 2033: Business Continuity & Recovery Plans
BCM 2035: Writing the ICT Continuity / IT DR Plan
BCM 2041: Awareness, Training, Testing & Exercising
BCM 2042: Program Evaluation, Improvement & Audit
BCM 2011:  BCM Program Development 
In order to develop a Business Continuity Management System, it is important to understand the requirements of management systems, the core concepts of business continuity, and how to determine the scope of the program, develop policy, and the requirements for leadership and governance. BCM 2011 provides an overview of each of these topics as the foundation for developing and managing the BCMS.  Register Here
BCM 2021:  The Business Impact Analysis
The BIA process is covered from beginning to end with a focus on the identification of the organization's key products and services and the critical activities and resources that support them.  Examples of BIA data gathering questions, methodology, analysis and reporting provided.  Register Here
BCM 2022: The Risk Assessment
Using the ISO 31000 standard on Risk Management as its basis, this course describes the process of conducting a risk assessment and analyzing the results to mitigate risks.  From risk identification, risk description, risk analysis, risk evaluation, risk communication, and risk reporting, this course covers the entire risk assessment process using an enterprise risk management approach.   A key requirement of the standards is the identification of the organization's risk appetite or acceptance and this course provides the methodology for this identification.
In addition, BCM 2022 includes a review of different quantitative and qualitative methods for analyzing risk. Register Here 
BCM 2023:  Developing Strategies / Options to Protect the Organization
This course introduces the student to the challenges of selecting the appropriate strategies / options
for the continuity and recovery of business processes, critical functions, operations and the supporting information technologies within the specified recovery time objective.  Building on the information gathered during the BIA and risk assessment, BCM 2023 explores how to evaluate the different strategies necessary for mitigating risk, continuing operations when possible, and recovering operations if interrupted. BCM 2023 reviews strategies for people, property, assets, technology and information, reputation, suppliers, and financial viability.  Register Here
BCM 2031:  Plan Design, Program Structure & Required Documentation
In order to develop the actual plan documents the organization will need to decide on the approach, methodology and the plan document structure. BCM 2031 outlines the necessary roles and responsibilities of the members of the organization, the key elements that must be included in every plan type, and how to meet the requirements for managing documentation.   Register Here
BCM 2032:  Incident Response, Management & Communications
Implementing procedures for responding to an incident of any kind, managing the incident, and ensuring successful communication with all interested parties before, during and after the incident is an essential requirement for all business continuity programs. BCM 2032 also ties to the requirements of ISO 22320 on Incident Management and PAS 200 on Crisis Management & Communications.  The objective of BCM 2032 is to develop and implement procedures for response to and stabilization of the situation following an incident or event, including establishing and managing an Emergency Operations Center and local command centers during the crisis. Register Here
BCM 2033:  Business Continuity & Recovery Plans
All of the procedures developed as part of strategy development need to be documented in the business continuity and recovery plan. BCM 2033 reviews the requirements for business continuity plans and how to document procedures according to ISO 22301.  Register here
BCM 2034:  ICT Continuity / IT DR Plans & Procedures 
The focus of the ICT Continuity and the IT Disaster Recovery Plan is on the IT infrastructure that supports the business operations and ensuring that the plan in place protects the key infrastructure of
the organization. ISO 27031 on ICT Continuity outlines the methodology for ensuring that the ICT infrastructure supports the BCM infrastructure to ensure that there are no unsupported critical processes and the RTOs can be met. BCM 2034 reviews the guidelines for ICT continuity under ISO 27031, ISO 27001, and NIST 800-34. Register here
BCM 2041:  Awareness, Training, Testing & Exercising 
Building a BCMS culture is an essential component of ensuring a successful program. Determining competence of all parties involved in the business continuity management system and increasing competence through awareness, training, testing, and exercising is a key component of this process and is vital to the success of the BCMS. BCM 2041 also aligns to the guidance of ISO 22398 for developing exercise programs.  Register here
BCM 2042: Program Evaluation, Improvement & Audit 
It is impossible to keep the BCM program current and actionable or to move to a management system without monitoring, measuring, analyzing, and evaluating the BCMS. BCM 2042 explores the requirements for internal audit and management review of the BCMS. Also included are the requirements for writing the audit report based on ISO 19011 and ISO 17022.  Register Here
Save 10%
Did you know that you can save 10% on all ICOR courses if you are a member of one of the following organizations?  Contact them to find out how or email info@theicor.org.
  • ICOR
  • ACP
  • ASIS
  • BRPA
  • IAEM
  • IFMA
Become an ICOR Member Today!
Ransomware is one of the hottest topics in computing, data and internet security and has gained momentum over the last few months. Now, more than ever before, users – home and business users alike – are being aggressively targeted.

When a computer is infected, is there a chance of regaining the valuable data? Can this be done by the user himself? Perhaps by the company’s IT staff? Or even by data recovery specialists like Kroll Ontrack?



Compliance training, when not executed properly, can prove to be costly to organizations. Very often, compliance violations are not because of willful offenders, but ill-informed or unwitting employees who might not have paid attention or did not understand the implications of a particular action.  Today, most organizations opt for online compliance training, as it is cost-effective, practical and can also be monitored easily. However, online courses can be boring and uninspiring if they are not engaging the participants.  As a result, the learning may not be complete and as desired.

However, with simple elements in an online course and the right learning strategy, you can make courses effective and learner-friendly, as well as engaging.  At the same time, you can also ensure that the participants complete all course modules without skipping and thereby missing important content. Given below are some important elements I have identified, based on my experience developing online compliance courses for leading organizations.



What would you expect residents of Sydney to be doing Sunday afternoon and evening, 5 June 2016? Watching the big fight? In a way, they were. Storms hit the city and real clouds slugged it out with virtual clouds.

Nature scored points and something of a knockout in the first round, taking out some of Amazon’s Sydney web services and data centre facilities.

Amazon virtual clouds staged a comeback and had services back up and running by the next morning. In the meantime, end-users went to social media to complain about the breakdown and lack of business continuity.

Worrying enough perhaps, but sometimes it takes far less than giant storm clouds to bring communities to their knees, as the following example shows.



Despite acute awareness of the millions of dollars in annual costs, and the business risks posed by external Internet threats, security leaders highlight the lack of staff expertise and technology as a key reason that these attacks are unchecked, according to results from a new Ponemon Institute study sponsored by BrandProtect. 79 percent of the IT and IT security practitioners polled indicated their defensive infrastructure to identify and mitigate those threats are either non-existent, ad hoc or inconsistently applied throughout the enterprise. The findings reveal that the companies represented in this research averaged more than one cyber attack per month and incurred annual costs of approximately $3.5 million because of these attacks.

The report ‘Security Beyond the Traditional Perimeter’ examined the threats, costs and responses of companies to external internet cyber attacks. These threats include executive impersonations, social engineering exploits, and branded attacks arising outside a company’s traditional security perimeter. Security professionals cited an urgent need for expertise, technology, and external services to address their growing concerns about these external threats.

Some of the key findings include:

  • Fifty-nine percent of respondents say the protection of intellectual property from external threats is essential or very important to the sustainability of their companies.
  • External Internet attacks are frequent and the financial costs of these attacks are significant. Respondents in this study report they experienced an average of 32 material cyber attacks or slightly more than one per month, costing their companies an average $3.5 million annually.
  • Seventy-nine percent of respondents described their security processes for internet and social media monitoring as non-existent (38 percent), ad hoc (23 percent) or inconsistently applied throughout the enterprise (18 percent).
  • Sixty-four percent of security leaders (directors or higher) feel that they lack the tools and resources they need to monitor, sixty-two percent lack the tools and resources they need to analyze and understand, and sixty-eight percent lack the tools and resources they need to mitigate external threats.
  • Security leaders agreed that monitoring the internet and social media is critical to gaining intelligence about external threats. Top monitoring priorities include mobile app monitoring (cited by 62 percent of respondents), social engineering and organizational reconnaissance (61 percent of respondents), branded exploits (59 percent of respondents) spear-phishing infrastructure (58 percent of respondents), and executive and high value threats (54 percent of respondents.)

Read the report.

Even as middle market businesses in all parts of the world view their exposures to natural catastrophes as increasing many fall short of managing these risks effectively, according to a new survey. Assurex Global polled senior executives at more than 80 leading independent insurance brokers from around the world whose commercial clients operate primarily within their own countries and found that many mid-sized firms lack adequate insurance, business continuity planning, risk management and civil infrastructure support to prepare for and recover from large-scale natural disasters.

In the survey, inland flooding was considered the most significant natural catastrophe risk for middle market businesses, cited by 70 percent of the brokers; followed by hurricanes, cyclones and windstorm (50 percent), and earthquakes and tsunami (38 percent). Understandably, responses varied somewhat by region, with hurricanes rated the top risk in the US and Canada; earthquakes/tsunami in Latin America and the Caribbean; and inland flooding in the Asia/Pacific and across Europe, the Middle East and Africa (EMEA).

“Although the types of natural catastrophe risks facing businesses vary somewhat in different areas of the world, there’s a common thread in terms of what must be in place for middle market businesses to manage them effectively,” said Jim Hackbarth, CEO, Assurex Global. “Certainly, having sufficient catastrophe insurance, effective business continuity management and a civil infrastructure that supports preparedness, response and recovery are all keys to managing these significant exposures. Further, senior leadership’s support of the company’s risk management measures is universally paramount to their implementation as well as to the company’s ultimate success and survival.”

Natural disaster risks on the rise

Worldwide, more than half the brokers indicated their clients believe that their exposure to natural catastrophe risks has increased in the past five years, including 78 percent of those in Latin America and the Caribbean and 67 percent of those located in the Asia/Pacific.

Many businesses unprepared

In the face of increased risks, nearly one-fourth of the brokers surveyed worldwide estimated that fewer than 20 percent of middle market businesses in their regions now feel they are adequately prepared and insured for natural catastrophes. These estimates varied sharply by region, with 44 percent of brokers in Latin America/Caribbean citing the same low level of preparedness; 33 percent in the Asia/Pacific, 28 percent in EMEA, and 11 percent of US and Canadian brokers.

Insurance and business continuity planning are key elements of catastrophe risk management

When asked to list steps taken by clients that feel adequately prepared for natural disasters, 90 percent of the brokers worldwide cited client purchases of catastrophic property insurance, 68 percent pointed to the establishment of business continuity plans, and 40 percent indicated their clients retrofitted their facilities to withstand a disaster. In addition, 30 percent indicated these clients had worked to strengthen supply chains and 27 percent noted client efforts to increase worker response training.

On the other hand, when brokers were asked to list reasons clients might offer for not being adequately prepared for natural disasters, lack of effective business continuity planning was the biggest factor, cited by 60 percent of the brokers. Meanwhile, 39 percent mentioned lack of affordable insurance coverage for catastrophe risks and 36 percent, lack of support from leadership for measures to manage catastrophe risks.

Lack of civil infrastructure and leadership issues undermine readiness

Although one-third of the brokers worldwide indicated their clients would tie inadequate readiness to the lack of available government/civil infrastructure to facilitate preparedness, response, recovery and protection of affected plant and equipment, the issue is especially pronounced for businesses in the Asia/Pacific, where it was cited by 67 percent of brokers. By contrast only 13 percent of brokers in the US and Canada expressed the same concerns. In addition, issues related to lack of leadership support also appear acute in the Asia/Pacific region, cited by 60 percent of the brokers.

Among the most significant factors flagged by brokers around the world in determining whether a client is adequately prepared for a natural catastrophe, 71 percent cited internal support from senior leadership; an equal percentage identified company size and resources, believing clients view these factors as correlated with better protection and preparedness. In addition, 45 percent of brokers cited the presence of a corporate risk manager or risk management function and 42 percent, the availability of a civil infrastructure (including emergency responders, evacuation routes, shelters, and related resources) to help facilitate preparedness and recovery.

According to the brokers surveyed, middle market clients would cite several elements of disaster risk management as needing improvement, with the responses varying markedly by region. For instance, although 25 percent of brokers worldwide cited the availability of adequate and affordable property catastrophe insurance, 56 percent of those in Latin America/Caribbean identified that issue, ranking it the region’s top factor for improvement. And while 25 percent of brokers around the world cited improvements in government infrastructure to facilitate preparedness and recovery, these needs were cited by nearly half those in the Asia/Pacific and 38 percent in EMEA, making it the biggest element to target for improvement in those two regions.

The survey was conducted in June and July 2016.