With daily warnings of another, perhaps more deadly, attack in the offing, companies are reassessing the risks they face
By Russ Banham
Wes Kautzi knows things that he wishes he did not, things that could conceivably bring down the U.S. economy. The risk manager of Sprint Corp. has the difficult job of assessing the financial cost of a terrorist incident shattering the Overland Park, Kan.–based wireless provider's infrastructure—or worse, a broadside against the nation's telecommunications network. While Kautzi says Sprint probably could survive financially a direct attack on the company, he is not too sure how the rest of the economy could weather a large-scale suspension of communications. "If we can't operate, then the banking industry can't operate because banks depend on telecommunications," Kautzi explains. "Transportation would come to a virtual halt because you can't buy a gallon of gas unless you stick a credit card in the dispenser and that, too, runs on phone lines. Internet communications would be disrupted since we're a major carrier of Internet traffic. The country's power grid, in terms of communications on where power is needed and how it gets there, also is handled over phone lines. Without communications, our entire economy would be destabilized. Yet, I know places in our network that could shut us down for weeks. And if I know it, do terrorists know it?"The weight of this knowledge has taken a toll. "I lose sleep," says Kautzi. "I have to imagine that a terrorist organiza-
tion will attack us. It's my job. I have done everything humanly possible to support my company [by purchasing] the appropriate insurance policies and all that. In certain ways, I'm the last line of defense. But, if we're shut down for more than 60 days, on the 61st day we might as well all be selling hot dogs."
Before the tragic events of Sept. 11, risk managers of large U.S. global corporations tended to worry about the usual—from fire at a warehouse to toxic emissions from a factory, from theft of intellectual property to the unfair firing of an employee. Today, as the nation faces the prospect of imminent attack and corporations like Citigroup are surrounded by legions of submachine gun–toting police, they fret about the survival of their companies in the wake of a terrorist attack and the domino effect on the rest of the economy—and with good reason.
In interviews with a wide mix of executives from security organizations, consulting firms, insurance brokerages, financial institutions, defense contractors and law firms, a terrorist attack on a large U.S. global corporation—especially one symbolic of U.S. influence in the global economy—is given high probability. "Terrorists taking down a large U.S. corporation is very plausible," says Charles R. Lee, a managing principal at the risk management consultancy Tillinghast, a business of Towers Perrin. "The only questions are how they would go about it, who will be the target and when the attack will occur."
Even if a company is not a specific terrorist target, it could be in close proximity to a company that is targeted or may endure economic distress in the event of an attack against some vital portion of the country's infrastructure. "Every check that is written goes on an airplane from one Federal Reserve to another, as part of the clearing operation," says Jeffrey P. Colbath, a first vice president and financial planner of Smith Barney, a Citigroup subsidiary. "After 9/11, the Federal Reserve system was under tremendous pressure because aviation was shut down. If this happens again, for a longer period of time, small companies everywhere and even larger ones will experience tremendous cash flow problems." A similar disruption would occur, he adds, if the postal system were shut down.
And, there are other indirect costs to non-target companies, such as the fear and anxiety the threat of terrorism produces that sap employee productivity. "Terrorists wreak havoc even when they don't attack, just by implying they might," says Lisa Parker, senior vice president of The Strickland Group, a New York–based executive coaching and development firm. "There is a substantial risk of a loss of productivity from employee fear, including greater absenteeism, missed deadlines, irritability and difficulty concentrating and making decisions. The recent scare in New York dramatized this starkly. I have a colleague who had trouble sleeping and would come into work late and go to meetings tired and frazzled. And we were not even close to the action. Fear has a way of infecting everyone."
GUESSING GAME ON TERROR
But planning risk management strategies to defend against a vast potential terrorist arsenal is difficult—first and foremost, because it is almost impossible to predict how a terrorist will strike, so plans must be devised to protect against any and all avenues of attack—from the suicide missions the nation has already experienced to a gamut of threats, including product tampering, supply chain disruption, assassination of key executives, theft of critical data, computer viruses and even insidious rumors created to destroy a company's credibility. "You can't say that no one will fly an airplane into a building anymore," says Anthony Beverina, president of Digital Sandbox Inc., a Reston, Va.–based risk measurement software firm. "The hardest part is identifying the potential range of ways a terrorist organization might try to bring you down and then making sure you're properly aligning corporate resources with those risks."
Another problem risk managers face when trying to devise adequate lines of defense—both financially and physically—is the uncertainty surrounding insurance coverage for terrorism attacks. If Congress does not act soon, insurance to broadly transfer the risks of terrorism will disappear quicker than Osama bin Laden in the mountains of Afghanistan—or wherever he is. The Terrorism Risk Insurance Act, popularly known as TRIA, is set to expire in 2005. The act currently transfers most of the risk of catastrophic terrorism incidents on U.S. soil by foreign organizations to the U.S. government. Insurers and many business organizations are lobbying Congress in the current session to extend TRIA for two more years. Otherwise, insurers threaten that they will start underwriting property and casualty policies, beginning in September 2004, which will exclude terrorism coverage once TRIA sunsets.