Supply chain, cyber, political risks rank high among execs going global

By Patricia O'Connell on May 7, 2014

As companies increasingly look to overseas markets for growth, the need to understand and manage the inherent risks of a “go to grow” strategy loom larger.

With this in mind, Chubb Group of Insurance Companies recently undertook a survey of 300 U.S. and Canadian senior-level executives to assess the prevalence and management of overseas risks.

The results of the survey were announced at RIMS 2014 in Denver. The survey addressed four areas: Multinational business trends; Operations: Business continuity planning; Cyber: Mobile device security and social media management; and Employees: Business travel safety.

More than half (52 percent) of the respondents expect in 2014 to increase their overseas activities via acquisition, opening a new plant or office, or increasing imports.

“Global expansion, even on a modest scale is clearly recognized as a business imperative–and not just for larger companies,” said Kathleen Ellis, senior vice president, Chubb Multinational Solutions. “To grow you must go global and this is the opportunity to reach new buyers.”

Seventy-eight percent of respondents said risks outside the US and Canada are either equal to US and Canadian risks or are greater.

“Recognizing the differences in culture, politics, regulation (often in state of flux), tax implications, currency exchange, and labor laws, in addition to more obvious ‘physical’ aspects of expanding into emerging countries with less developed transportation, power and water, must be considered as paramount,” said Ellis.

Of those risks, supply chain failure is seen as the greatest threat to overseas operations in the years ahead, cited by 19 percent of respondents as the No. 1 threat.

Other risks that got double-digit votes for were data breach/cyber event (15 percent), government or regulatory investigation (13 percent); political instability (13 percent); natural catastrophes (12 percent), and intellectual property theft (11 percent). Terrorism was seen as the top vulnerability by only 6 percent.

The low ranking of terrorism a “bit of a surprise,” said Ellis, adding, “The other areas questioned related to more current news items or concerns such as cyber-attacks so this may have been top of mind for respondents. However, the over-arching supply chain disruption response incorporated very real concerns around the impact to the business from both terrorism and natural catastrophes.”

Fifty-six percent of companies have a business continuity plan to address overseas situations where a non-U.S./Canada supplier of products, components, or services temporarily or permanently shuts down. A quarter of respondents either don’t have a business continuity plan, or have a plan that doesn’t address overseas issues. Only 7 percent don’t have foreign suppliers; 12 percent don’t know if their company has such a plan.

Of the companies with a business continuity plan, 78 percent test it; with 38 percent of total respondents testing it once a year or more. However, 40 percent of businesses do not require their overseas suppliers and vendors to have any kind of business continuity plan.

Ellis cited the need for such a plan as perhaps the greatest of the four areas to address.

The cyber/data breach threat, cited as the No. 1 threat by 15 percent of respondents, is exacerbated by the fact 72 percent of those surveyed allow employees to use their own mobile devices for work.

Eighty-two percent of companies require at least one security feature on mobile devices used for work, with password protection being used by 75 percent. Slightly more than a third (39%) remotely wipe all data clean. With employees using their own devices, both business and personal travel represent opportunities for information to be compromised, Ellis said.

And data can be compromised not only from employees’ devices, but from those of customer and vendors as well.

Social media management also represents a cyber threat overseas. Most companies have a social media policy for employees who work outside the US and Canada, but only 23 percent tailor their social media policies to address local circumstances.

“The impact from a breach in the supply chain or a cyber-attack/data breach will be expensive, time consuming and distracting, if not devastating,” concluded Ellis. “Strong processes, oversight of operations, security and human resource policies to ensure the safety of traveling employees when abroad will be alleviated with a strong tested disaster recovery plan.”

With 69% of companies having employees who travel outside the U.S. and Canada on business, assuring their safety is a critical concern. More than half (57%) of respondents provide emergency medical care or evacuation assistance to employees traveling outside the U.S./Canada in case of medical emergency, catastrophe, or political turmoil.  Just more than a quarter (26%) don’t provide any such coverage.

Patricia O’Connell writes for the Advisen Risk Network. She has more than 15 years of experience writing about a variety of business subjects, including strategy, the C-Suite, and management. She is the former news editor at Businessweek.com, where she oversaw coverage for the daily web site.