skip to main content

With mounting competition and globalisation, you may be facing skill shortages, rising costs, and a more complex business environment than ever before. Add to that an increasing reliance on digital technology and a growing number of natural disasters, and you can see why small and middle market businesses need a risk management programme to minimise the risks they face.

If you don’t have a risk management programme in place already, here are some areas where your business may be vulnerable to risks, and recommendations for certain steps you can begin to take to prevent or minimise them.

  1. Your Operations and Property:

    • Install a sufficient number of smoke detectors for your facility and have a qualified contractor inspect and test them every 12 months.
    • Use, store, and dispense of flammable or combustible liquids properly.
    • Ensure electrical systems are working properly, including scanning the main junction box every three years, and replace any extension cords with permanent wiring.
    • Maintain clear, unobstructed walking and work spaces.
    • Make sure employees and guests utilise appropriate personal protective equipment as necessary.
    • Ensure machinery has appropriate guards and documented lockout/tagout procedures.
    • Provide a safe and controlled reception space for guests and customers.
  2. Your Employees:

    • Include background checks and employment history verification when hiring.
    • Train new employees and all employees annually on company policies, safety programmes, information management, and emergency response. Document when training is complete.
    • Make sure you have an ergonomic program in place.
    • Develop, review, and test your emergency evacuation plan every 12 months.
    • Establish policies and safeguards to protect against fraud and embezzlement.
    • Use a security system that easily removes access for former employees and contractors.
    • Train employees to properly use and maintain personal protective equipment.
  3. Severe Weather:

    • Develop a Business Continuity Plan and Emergency Response Plan and review them annually.
    • In a flood zone: Have appropriate materials on hand (sandbags, flood walls, etc.), move critical assets to at least one foot above Base Flood Elevation, and install controls to prevent chemical and pollutant release.
  4. Your IT Systems and Technology:

    • Create a Cyber Security Plan with assistance from a qualified IT security professional using accepted cyber security standards for your type of operation. Include communications and cyber connections with customers and vendors.
    • Design and test a Breach Response Plan and a plan to manage ransomware attacks.
    • Regularly back up critical data and system information and store off site and test its recovery.
    • Train your staff annually on strong passwords, social engineering/phishing, and protecting sensitive information.
    • Control access to sensitive data including personal, health, and business information.
    • Make sure manufacturing systems that rely on operational technology have dedicated cyber security control mechanisms to prevent intentional sabotage as well as accidental mistakes by employees and trusted third parties.

For more information about how we can help you mitigate risk in your business, visit our Risk Engineering section.

All content in this material is for general information purposes only. It does not constitute personal advice or a recommendation to any individual or business of any product or service. Please refer to the policy documentation issued for full terms and conditions of coverage.

Chubb European Group SE (CEG) is an undertaking governed by the provisions of the French insurance code with registration number 450 327 374 RCS Nanterre. Registered office: La Tour Carpe Diem, 31 Place des Corolles, Esplanade Nord, 92400 Courbevoie, France. CEG has fully paid share capital of €896,176,662. UK business address: 100 Leadenhall Street, London EC3A 3BP. Authorised and supervised by the French Prudential Supervision and Resolution Authority (4, Place de Budapest, CS 92459, 75436 PARIS CEDEX 09) and authorised and subject to limited regulation by the Financial Conduct Authority. Details about the extent of our regulation by the Financial Conduct Authority are available from us on request.