War in Ukraine – Business and Risk Management Implications

The coordinated attack by Russia on Ukraine has created a historic risk environment for operations in these countries, and for organizations around the world. Companies with interests in Russia, Ukraine and nearby eastern European countries, as well as multinational organizations, should be aware that the current situation is fluid and evolving. There could be potential for negative impacts to businesses due to:

• Political violence/nationalization
• Trade interruption, including supply chain disruption/destruction
• Increased cyberattacks
• The ability to enter or leave the region safely
• Possible expropriation of Western assets in Russia

There will also be an increase in energy and commodity prices in Europe and possibly globally, depending on conflict escalation. Organizations within the conflict region and across the globe can expect an increase in terrorism, supply chain disruptions, and cyberattacks, and should take necessary steps to protect their operations.

Businesses should identify potential emergent threats and take the following overall risk management measures:

1. Work to ensure the security of your company’s people, assets, and supply chains, including: establish a risk map or risk summary of operations and locations in conflict zone — include property values and employee counts as critical data; identify the need for and establish critical alternative/redundant supply chains; determine alternative geographic locations for rapid recovery; and log, update, and provide best practices to traveling employees.
2. Review and maintain hard/physical copies of all insurance policies, critical contacts, claim reporting detail and disaster recovery and business continuity plans to allow quick access in the event of a cyberattack.
3. Submit any notice of circumstance or claim to your insurance companies as soon as possible following consultation with internal/external risk management.
4. Engage all current cyber risk management protocols and address critical vulnerabilities discovered. Conduct deep dive into cyber “hygiene” to seek to mitigate potential as a target and increase employee threat awareness training.
5. Finally, understand the ongoing business risks in the conflict region will be critical. These may include global impacts around financial transfer difficulties (due to SWIFT sanctions), commodity pricing impacts, cargo and aviation risks due to lack of insurance available and heightened risk of sanction violations.

As businesses consider their property and casualty coverage in this elevated risk environment, they should focus on property supply chain and business interruption losses. Business interruption (BI) coverage is a component of many property policies, and seeks to indemnify a policyholder, in case of a covered loss, for the income that would have been earned had no loss occurred, subject to limitations in the coverage forms.

While we would anticipate a majority of losses from the conflict in Ukraine to be “indirect” in nature (i.e., business shut down related to supply chain disruptions, as opposed to actual physical damage), and likely not covered by a standard BI policy, coverage extensions can be applied.

In regard to cyber risk, experts agree that Russian-backed or supported cyberattacks and counterattacks intended to disrupt supply chains, IT suppliers, governmental agencies, financial services organizations, critical infrastructure (including healthcare, transportation, and energy) and other critical national institutions are already happening and will likely continue. Cyber incidents/events or claims should typically be reported as soon as possible after discovering (or reasonably suspecting) such incident or becoming aware of such claim.

As the situation continues to evolve and sanctions potentially elevate, continue to closely monitor the situation to continually update your specific policies and risk management procedures.