Insurance is always too expensive until needed.

This insight seems obvious to most anyone.  But it is a fact that business insurance is one of the more poorly managed mitigation of risk in small and some medium sized corporations, often because of failure to assign the responsibility to an individual or department, and sometimes just from the willingness to bet against the event and save cash.

Business package policies are inexpensive and rather comprehensive tools that should be contracted by all companies with any assets to measure and protect.  A typical beginning package for a small company costs about $4 thousand a year, and covers a number of forms of liability both premises and product as well as employee use of self-owned cars for work, theft, employee dishonesty and more.  There is usually a small amount of business interruption insurance in the standard package, and more protection can be added at a cost.  Reading the list of protections is both impressive and frightening, since most of us never think of such risks, and it is overwhelming to have them pointed out in one reading.  Conversely, the list of excluded protections is equally frightening for the same reason.  We do not think of these unless someone points them out.

[Email readers continue here…] I believe my former software firm was responsible for one such exclusion that used to be a standard part of such policies. (Sorry about that.)  With almost 250 employees, 26 of whom were application programmers, it was important to back up the work of these programmers each night, and an employee was tasked with just this each evening after midnight.   Each night’s backup would be carefully marked and the rotated between offsite and on-site locations in a series of steps so that backups of a day, two days, a week and a month were all available both on site and off site.  Did I fail to mention that for more than a year we never tested whether the backups actually contained good data?  It seems that a change in the operating system on the server we used for development was made that changed the way backups were cued, and our backup person was unaware of the procedural change needed to accommodate this.  Came the inevitable day of the massive head crash, I quickly heard of the problem and the fact that all 26 programmers were standing by waiting for the backup to be restored, expecting to lose the partial day’s work.

And the first backup from the night before was blank.  As was each subsequent backup, on-site and offsite.   It took weeks for the team to assemble code from various sources such as customer sites, beta test locations and demo machines.  Then it took another several weeks for the programmers to come back up to speed rewriting patches and programs in a frustrating recreation of weeks and more worth of previous work.

I tasked our accounting department with collecting and calculating the costs of the labor lost, which was the only real claim for business interruption to be made as customers were unaffected by the problem.  The cost came to well over $100 thousand, and a claim was filed with the business package insurer. After a short negotiation and quick audit, the insurance company paid $108 thousand to settle the claim.  In the following year’s renewal policy, I noticed a new page in the exclusions section, excluding for the first time data losses from failed backups, no matter what the cause or where the fault.  As I recall, the year was 1987.  Either we were the first to make a significant claim under this previously covered portion of the policy or one of several that did so in that year. Either way, you have me to blame for one more of those exclusion pages that overwhelm such policies today.

Facebooktwitterlinkedinyoutubemail
This entry was posted in Protecting the business. Bookmark the permalink.

2 Responses to Insurance is always too expensive until needed.

  1. Thank you for advertising for me. Cheers:)

  2. I can tell you I have personally witnessed the data loss you reference at countless client sites over the past 20 years. Reviewing your backup procedure and validating your backup data are an essential IT practice that coincides with good insurance. Their is also specific cyber insurance available now.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.