Digital disruption: Lessons of 9.11
© lloyds.com Limited 2002
Tuesday, 4th of March 2002 - September 11 highlighted
just how dependent global enterprises are on interlinked telecoms systems.
But the effect of business interruption in this area can be reduced with comprehensive
disaster recovery planning - and the right kind of insurance.
The internet and new communications technology enable companies to operate
more efficiently, but they also raise customers’ expectations about service
standards. Long delays may hit a firm's finances hard, yet many businesses
are unaware digital risk exposure is largely no longer covered by standard
insurance policies like business interruption.
Business interruption insurance compensates for lost income if a company
has to vacate its premises due to disaster-related damage. Most coverage comes
as part of a firm's corporate property insurance. Policies cover the profits
a company would have earned, based on its financial records, had the disaster
However, from January 2002, reinsurance companies around the world excluded
data and other digital liabilities from their cover, along with terrorism.
This followed warnings made in 2001.
DK Matai, chairman and CEO of UK-based mi2g, a digital communications
specialist, says: "Substantial take-up of digital
risk insurance is expected in 2002 and beyond as the new digital exclusions
and their ramifications become better understood by insurance buyers and sellers."
After the terrorist attacks, many businesses that did not suffer physical
damage were temporarily unable to function because of systems failures.
Ultimately, it is up to a company's broker, disaster planner or risk manager
to help limit the period of loss after a catastrophe. Some loss adjusters
believe the terrorist attacks prompted contingency plans to be revisited with
an evaluation of all a firm's dependencies – although one Lloyd's underwriter
says it has been difficult to assess the business losses of telecoms firms.
J Pat Guerry, marketing and strategy vice president of US loss adjuster
Crawford & Co, says: "Disaster recovery and the associated planning is about
having alternative means of operating.
"Whether this is having access to corporate data (remote hot sites), communications
(back-up call centres), or personnel (contingent chain of commands), an effective
disaster plan need not focus on the cause of the loss, but rather on the loss
"In other words, planners should not ask, 'What if a terrorist attacks?'
but rather 'What if our communications are disrupted?' Elimination of dependencies
is the key to getting results from the planning process," he comments.
Before September 11, many companies failed to factor telecoms convergence
issues into their business continuity plans. According to UK based-continuity
specialist, Global Continuity, telecoms and IT were once considered separate
networks, but they are interlinked and 'mission critical' – vital for operation.
The wide scale telecoms outage after the attacks was due to the destruction
of crucial telecoms infrastructure and transmitters and the swamping of global
systems because of the sheer volume of calls being made.
Communications outages exacerbated difficulties in organising recovery teams
and accounting for staff. And recovery processes that relied on transferring
data through telecoms networks were delayed – by many days in some cases.
Guerry says: "Some new technologies, such as call re-routing, and cellular
usage, greatly reduced the impact on business loss, particularly relating
to a company being able to communicate with its customers. Firms that do not
have such capabilities in their contingency plans should consider communication
as a top priority."
Communications in general were problematic after September 11, according
to surveys by business analysts McKinsey, Gartner and Deloitte & Touche. The
terrorist attacks caused major continuity difficulties for internet-reliant
companies. Those directly affected by telecoms outages had 'dead' websites
for days, causing major losses for e-commerce-related businesses in Manhattan.
But other companies elsewhere suffered temporary internet service outage,
too. Analysts found this was because people reading about the attacks caused
a massive surge in internet use worldwide, which overloaded servers and routers.
Most firms recovered major data and critical business systems. But Global
Continuity says many overlooked the importance of local connectivity - such
as desktops and local area networks - to ongoing operations.
Internet availability is important for many businesses - not just e-commerce
ventures. It is one of several means of providing services, so continuous
availability of a connection is vital, as is adequate insurance for the technical
"Needing main servers for electronic communication is a new concern," comments
Guerry. "Once again, re-routing capabilities are crucial and need to be part
of disaster planning. It is important that corporations develop offsite capabilities,
much as insurers spread their risk."
Since the attacks, businesses that rely on the internet for e-commerce sales
- or for other mission critical activities - are looking to implement solutions
such as re-routing. But for the most vulnerable websites, a back-up website
in a different region or continent may be a viable solution as traffic can
be diverted after a disaster.
Will future technological advances in telecoms increase the potential for
business interruption? "It is hard to tell," says Guerry. "Advances such as
satellite communications are likely to decrease the potential for interruption
of communications. However, a dependency on any such system will increase
a company's potential exposure."
The magnitude of the attacks on the twin towers demonstrated that the physical
loss of facilities may be the most commonly recognised issue that businesses
deal with after an event, but the real impact of a catastrophe on a business
is based on the unique ways it operates.
According to a report by Global Continuity entitled Business continuity:
Lessons learnt from September 11, telecommuting - working from home – may
be a viable way of spreading dependencies as a preventative measure or solution
in the event of a catastrophe.
Underwriters are still calculating the cost of business interruption claims
from the US attacks and disaster planners will continue to learn from this
event for many months.
Some 25% of insurers that responded to a recent Tillinghast-Towers Perrin
survey on technology investments said technology has played - or will play
- a major role in managing the impact of the attacks on business or process
operations. Ensuring there are appropriate levels of the right insurance for
clients will be just one challenging aspect of future business continuity
To comment on this or other articles please contact lloyd's.com