An important consideration for companies is the establishment and implementation of corporate preparedness strategies that address emergency events, including natural disasters, terrorist activities and outbreaks of pandemics. For instance, there have been several epidemics across the globe with the potential to become pandemics, such as the bird flu epidemic in China and the respiratory syndrome coronavirus (MERS-CoV) in the Middle Eastern countries that have or potentially could have affected U.S. companies with offices or suppliers in those regions. Experts from the United Nations have calculated that the bird flu outbreak in China, which began in February 2013, has caused about $6.5 billion in losses to the global economy. Such disastrous events raise complex issues for affected companies.
In one particular case in which Day Pitney attorneys assisted a client whose New York office buildings sustained extensive water damage from flooding, the following conditions were present:
- Slow responses from government agencies
- Confusion regarding building owners' v. building occupiers' responsibilities
- Loss of power for months
- Mold and contamination
- No coordinated game plan for reaction
- Absence of drawings
- Inadequate insurance to cover the post-emergency recovery or clarity on existing insurance coverage
- No records of pre-existing conditions on impacted buildings
In another New York case, Day Pitney attorneys were tasked with assessing the impact of contamination on a client's building from hazardous substances in the air resulting from building debris, combustion byproducts and emissions from fires. Issues included lack of health-based benchmarks for assessing the risk to human health from exposure to the air pollutants, lack of decision-making tools, and less than adequate or untimely guidance from the governmental or scientific communities on human health risks, background or contamination levels, and remediation standards.
When these types of difficult issues arise, it is extremely helpful to have a well-organized corporate preparedness plan in place.
A company should have in place an emergency preparedness plan and a business continuity plan, as typical emergency plans do not work for many disaster situations. Companies might consider preventive measures, if possible, as well as reactive capabilities.
Each company has substantially different needs that determine how it must prepare for and manage potential terrorist acts and other disasters. A company's industry, infrastructure, concentration of business processes, geographic locations, number and type of facilities, number of employees, and regulatory compliance requirements are important determinants of corporate need. Larger, more complex entities will need to implement more extensive and complex preparedness strategies and capabilities. For example, financial service companies should have more extensive business continuity plans in place, while companies dependent on complex supply chains should be more concerned with the security of suppliers than are the companies less dependent on them. Additionally, companies with critical facilities located in major cities should be more prepared for terrorist activities than those located in more remote areas.
Further, more extensive coordination of risk assessment within an enterprise risk management framework may be necessary for improved resource allocation and efficiency. This is because risk assessment often may be fragmented, as multiple accountabilities and organizational models exist in one company, nomenclature is not standardized, and preparedness functions are not well integrated with senior leadership. Researchers have found that companies that evaluate and mitigate enterprise risk from an overall perspective, and integrate their preparedness functions accordingly, likely will improve preparedness overall. Best practices that could be implemented include threat warning systems, access control, air protection, crisis management, risk assessment, surveillance, employee protection, business continuity, perimeter protection, mailroom and delivery security, communications, and training.