Average annual number of tornadoes reported by state; the darker the color, the more twisters. (Click for larger map)

There is a somewhat ridiculous premise underlying American football that nobody talks about. After the ball carrier is tackled, the game’s officials make a rough estimate of where the player fell. The offensive team then starts another play from that spot. It continues like this, play after play, until the referees believe the offense has progressed 10 yards. If uncertainty exists, officials bring out a 10-yard measuring stick that can determine where the ball is within a fraction of an inch. Essentially, they take a precise measurement on guesswork and consider it gospel.

There is an analogous situation in the world of tornado tracking. Even in the United States — by far the world’s most frequent victim of twisters — detailed records only go back to 1950. Since then, there has been an average increase of 14 reported tornadoes per year. But any attempt to tie the rise to the weather would be an exercise in analyzing guesswork. Most experts believe this rise is due to advances in science, technology and observational techniques — not to mention the number of homes and businesses that are hit — rather than any objective trend that proves more tornadoes are occurring.

Really, nobody knows — now or then — how many tornadoes occur each year. “Socio-economic factors provide a better explanation for this trend than meteorological ones,” states a report by Lloyd’s of London.

Those who lost loved ones during 2011, a record-setting year for twisters, are unlikely to take solace in this fact. But “despite the anomalous 2011 season,” says the Lloyd’s report, “there is no trend in the number of strong to violent tornadoes between 1950 and 2012.”

The study does note, however, that an objective increase is irrelevant when it comes to the insurance industry’s exposure to the risk. One of the main reasons there are more reports of tornadoes is simply because more homes and businesses are in their path. More people are there to become victims.

“Although the number of violent tornado losses may not be increasing, insured losses are,” states the report. “There is a clear trend of increasing annual aggregate losses to the insurance market, and billion dollar losses are becoming more common.”

Worse still for the industry, there may be a further increase due to rising temperatures. Then again, like judging a first down, that is more guesswork than anything. The increase is measurable, but those doing the counting aren’t exactly seeing the field accurately.

From 1950 to 2011, Florida was hit by 12 major hurricanes (Category 3 or higher). Though it has been spared—even by smaller storms—since 2005, some believe this means the state is due for another blow. (Click for larger map.)

Hurricane season starts June 1, and forecasters believe it will be an active year for storms. Philip Klotzbach and William Gray of Colorado State University have become the world’s foremost experts when it comes to predicting tropical depressions in the Atlantic, and in April, they forecasted 18 named storms this year. Of that total, they believe nine will become hurricanes and four will become major hurricanes, with an above-average chance of at least one of these making landfall in the United States.

Regardless of the predictions, many Floridians were already expecting to be hit. The state that is geographically most vulnerable to Atlantic storms and has the longest coastline among the lower 48 (1,350 miles) has been spared each of the past seven years. Hurricane Wilma, one of seven major hurricanes that made landfall in the United States during the historic 2005 season (the year of Katrina), was the last storm to punish Florida.

Statistics and probabilities do not account for the “we’re due for one” factor. But many of those living in the Sunshine State feel like there will be a return to the onslaught that came in 2004 and 2005, when seven storms made landfall in Florida (Charley, Frances, Ivan, Jeanne, Dennis, Katrina and Wilma).

Given that Katrina and Sandy each rewrote the book on how the public perceives hurricanes, it is easy to forget that Charley, when it hit in 2004, was the second-costliest hurricane in U.S. history, causing $8.8 billion in insured losses (in 2011 dollars). Even this paled in comparison to the worst storm on record at the time: Hurricane Andrew, the 1992 havoc-wreaker that killed 26, caused nearly $23 billion in insured losses (2011 dollars), changed the way the country prepares for disasters and gave rise to the reinsurance market in Bermuda.

Then there is the still-unseen worst-case scenario in a state that, as of 2007, had some $2.5 trillion in insured coastal property. Cat modeling firm Karen Clark  and Co. estimates that if a repeat of the 1926 Great Miami Hurricane occurred today, it would cause insured losses of $125 billion.

Really, there is no science that makes the state more vulnerable to storms in 2013 just because it’s been so long. But with the vast potential for death and destruction, does it really matter? Every year is one that Floridians should spend preparing for hurricane season.

Today, that approach has been replaced by one that is 140 characters long, and social media websites like Twitter and Facebook have become the most active and volatile method of dispersing information in a crisis. These sites not only offer a platform for organizing crowd actions, they also provide insights into how a situation might morph and develop.

In short, social media can now affect business continuity planning in countless ways. But through the following steps, all companies can improve their response to any crisis:

Recognize Increased Speed and Volume

The first inkling of a crisis event is now far more likely to occur through a Twitter feed or Facebook posting than a story on a cable news network. It is important to establish proven, well-organized strategies and tactics that allow you to respond on a dime when needed.

Beware of Pervasive Inaccuracies

There is no editorial process to moderate either the pace or accuracy of the information conveyed by social media. The commingling of fact, opinion, speculation and repetition creates a whole new class of information. You must be prepared to respond not only to the real crisis but also to possible fears generated by rumors or false information.

Be Transparent

Social media audiences seem to feel a right to know anything and everything about a crisis and the people and companies behind it. Any hesitation to communicate the latest facts risks being seen as a cover-up.

Create a “Listening Post”

A “listening post” is simply a term for the electronic platform used to synthesize news about your company across all types of media, including traditional print, blogs and Twitter. It is an all-in-one method of monitoring this new flow of information to learn what people are saying about your company or the crisis situation, in real time.

Monitor Emerging Threats

Often, social media venues now are the first place people go to share thoughts or vent. Careful monitoring of social media may allow you to identify emerging problems, spot disgruntled employees or address risks prior to a crisis hitting.

Customize Solutions

Comments made in the social media realm often contain emotion that is absent in objective journalistic stories. This allows you to read, in real-time, the specific emotions people are experiencing about a given situation or your company in particular. You can then craft the best support solutions to address those concerns.

Evaluate the Impact of Your Response

Establish baselines regarding the number of conversations that typically occur about your company or a situation. Note how many people talk about it, how often and for how long. This will help you quickly gauge the impact of a crisis—especially if there is a swift uptick in chatter—and assess the impact of your company’s response. You also will be able to track how the tone of conversation changes—positively or negatively—throughout a crisis and tailor your response tactics.

Make it a Team Effort

Find ways to coordinate with marketing or public relations to gauge how social media impacts your business continuity. Although the roles of threat assessment and communications are very different during an actual crisis event, the team’s combined efforts can address trouble areas, share accurate information and calm those involved.

When disaster strikes, how a company responds—and how the public perceives its reaction—can have a lasting effect. A poor response can ruin a reputation, alienate customers, affect sales and even spur a push for new regulation. On the other hand, a convincing response can actually enhance the company’s reputation.

Two trends make disaster planning more crucial—and more complex—than ever: the growth of foreign investment and the explosion of social media. Over the last 25 years, the value of U.S. overseas investments has risen more than fifteen-fold, reaching $4.1 trillion in 2011. While the operations driving this increase may be distant in geographical terms, in the virtual world, they are right next door.

When a catastrophe occurs, the global reach of social media means that news and pictures can spread around the world in seconds. A salacious photo sent from an iPhone in Cairo can appear on television and websites in New York minutes later. A company that is not ready for the media onslaught may find itself unable to repair the damage done by rumors and misleading information spread through social media.

Think about a food company whose pancake batter is found to contain contaminated ingredients. An inept response would incite a drumbeat of negative media attention that will only get louder if graver details come to light. And with the 24/7 onslaught of modern media, by the time the issue fades from the news cycle, the damage may be irreparable.

Or, what if a violent incident occurs at a store, and the owners have to handle both the incident and address the public safety concerns? If the community isn’t satisfied with the answers and customers avoid the location, that will clearly have an impact on business going forward.

By contrast, a response that engages the public and highlights the company’s efforts to help the victims can add some positivity to a negative story. When a group of miners was trapped in a collapsed Chilean mine in 2010, for example, underground video footage showed that the men were safe. Attention turned to the innovative—and ultimately successful—plan to rescue the workers.

While companies cannot predict when or where a catastrophe will happen, they can prepare for such a scenario ahead of time. Should a disaster occur, a proactive company can put a crisis management plan into action to handle the incident and manage the media coverage. The basics are easy: monitor trends, develop protocols and practice, practice, practice.

Following certain key steps steps will help any company weather a catastrophe with its reputation intact.

1. Get Everyone on the Same Page

When disaster strikes, executives, managers and employees in every location need to follow the same playbook. Companies should develop a communications infrastructure and ensure everyone learns the crisis response plan.

Whether the incident involves a food-borne illness, a stadium collapse or an oil-rig explosion, everyone across the organization should know what to say and what to do to conform to the disaster management plan. A well-thought-out plan will have a much higher likelihood of success than one made up on the spot.

2. Build a Response Team

Managers on site will have to deal with the disaster when it happens, but they will quickly need reinforcements. That includes people to manage the catastrophe response and the media. In overseas locations, companies should make the best use of local and international staff. Employees with the requisite language skills, for example, should be trained to work with local residents, government and media.

Because a crisis may last for weeks, it is crucial to designate back-up teams and develop transition plans so that the hand-off goes smoothly. It is already too late if the team waits until a disaster happens: experts may be unavailable or may charge far more for their services than they otherwise would.

Line up the appropriate vendors ahead of time and make sure their contracts are up to date. Outside experts should also be included in the planning process to develop the most effective response. During a crisis, companies should be prepared to monitor vendor billing and to track invoices and financial records for insured expenses, even if it means filing receipts in a shoebox in a pinch.

3. Designate Facilities 

A crucial part of planning is finding and securing facilities, such as a command or media center or housing for victims and their families. In cases involving large numbers of claims, the company will want to make sure it has the facilities, personnel and equipment available. And ensure that the insurer can handle the high volume of claims. The speed and efficiency of the claims-handling process will have a significant impact on the public perception.

4. Develop a Public Relations Plan

A crisis communications plan should be developed with the help of specialized public relations professionals. To avoid delays when minutes matter, the legal team should review the communications plan ahead of time. Press kits in local languages that provide a clear and consistent message should be prepared for every region in which the company operates.

5. Provide Media Training

The best communication plans include media training for executives. Even seasoned execs may stumble in front of the press if they are unaware of the impact of their words or do not recognize the risks of off-the-cuff remarks to reporters.

Media training should include mock press conferences to prepare company leaders to handle a flurry of questions under the spotlight. Because regional and site managers may also be called upon to speak to the press or local officials, they should also receive training. Communication best practices should include developing and conveying consistent messages, cooperating with the media and local officials, providing regular, fact-based updates and avoiding simply saying “no comment.”

6. Engage Social Media

Because rumors and misinformation about a disaster are likely to spread over social media along with the news, the company should be prepared to communicate its messages in real time. Those messages should be developed and approved by the legal team in advance, so that the company can respond quickly when information about a crisis starts spreading. The company should monitor social media to gauge public opinion and correct misinformation or rumors.

7. Manage Costs

Because the expenses of responding to a catastrophe are likely to be far higher than anticipated, companies should make sure that their insurance coverage responds to any extra costs. The expenses are likely to include public relations consulting fees; travel for executives; emergency third-party costs such as psychological counseling for victims and their families; temporary living quarters for families if the victims are hospitalized; and emergency medical evacuation and repatriation if adequate medical care isn’t available locally.

Then there are industry-specific costs. Companies entangled in a food-borne illness crisis, for example, may want to hire an independent laboratory to run tests on their behalf. If a high-profile group stays at a hotel and contracts a food-related illness, the hotel will want to determine who is responsible for the incident right away so they can take the appropriate actions to contain the situation and prevent any other customers from getting sick.

8. Watch for “Neon Swans”

Companies need to continually monitor loss trends to predict catastrophes. But, they also need to leave their forecast comfort zones. So-called “black swan” events may be highly difficult to predict, but risk managers need to take them into account.

Risk managers also need to consider events that common wisdom says shouldn’t happen but still do: what Jason Zweig of the Wall Street Journal calls “neon swans,” events that are “unthinkably rare, immensely important and blindingly obvious.”

9. Practice Drills 

It’s not enough to prepare. Companies must practice. Every organization should run regular global preparedness drills where appropriate. Because a facility may be more vulnerable during a crisis, the company should consider frequent drills to test the plan.

10. Debrief

After a disaster, it is crucial to hold a frank and honest discussion about the root causes of the catastrophe and how all aspects of the response were handled. The ultimate goal for an organization will always be to avoid a future catastrophe, but that may not be possible.

Companies must determine how the crisis could have been handled better—and how the next one will be. By surviving the storm, the company and its staff will have learned valuable lessons. If these lessons are not used to enhance the disaster response and crisis communications plans, it will be a missed opportunity.

Risk managers aren’t known for their ability to captivate a crowd. They shine behind closed doors, running the numbers on countless scenarios and planning for the unforeseen. But when it comes time to communicate the upside and downside of any decision, their message can fall on deaf ears.

It doesn’t have to, according to Amy Jen Su and Muriel Maignan Wilkins. Authors of the new book Own the Room: Discover Your Signature Voice to Master Your Leadership Presence, Su and Wilkins are executive coaches who have taught even meek, introverted Excel masters to find a way to reach jet-setting, millionaire executives in power suits.

We recently sat down with Su and Wilkins to explore how risk professionals can become more empowered communicators, even if it isn’t a skill they were born with.

RM: What are the most common problems people have communicating with colleagues?

Amy Jen Su and Muriel Maignan Wilkins: They just don’t listen. To effectively communicate, you have to be able to understand where others are coming from, what is top of mind for them, what keeps them up at night. You can only understand what is making others tick by listening to what they say.

By listening, people can mitigate a second common problem: they don’t frame their message in a way that is relevant to others. This is the classic “what’s in it for them” adage. If you can’t make your message relevant to others, it makes it that much harder to influence them.

A third problem is that people don’t know how to state their point of view in a clear, concise way. Too many times, individuals share their perspective by rambling about data, analysis or processes for how they got to an answer rather than stating their conclusion up front in a tight, pithy way. We often tell people, if you want to communicate with confidence, add structure to your messaging. Be clear on your message. State it up front, and support it with two to three critical data points rather than an ongoing monologue.

How do the best executives communicate risk to those they lead? 

The ability to communicate risk is a critical leadership skill for all executives—not just those in risk management roles. And those who do it exceptionally well do a few things in particular.

First, they know how to communicate the right amount of information at the right level. For example, if they are communicating risk to other executives—or even to someone more senior—they frame it as part of the overall business context. If they are communicating to staff, they frame the risk in terms of implications for the critical activities and impact on the group’s day-to-day work.

Executives who communicate risk well are also able to offer a line of sight. They not only communicate the risk, but they also clearly articulate the “so what?” of the risk and the possible pathways forward. In essence, they don’t just raise the flag around the risk; they also bring a perspective on how to lower the flag.

Lastly, exceptional executive communicators about risk are multi-lingual—they can speak data, and they can speak business. While they are well versed in the numbers, the distinct value they bring in communicating is bridging their knowledge of the data to the overall business context. We like to think of these folks as being led from the perspective of “what’s good for the enterprise” first and foremost rather than “what’s good for my risk function.”

Risk managers tend to be analytical and involved in technical work. Some great CEOs and leaders, like Bill Gates, who you call a self-proclaimed introvert, are the same way. How does someone who may not be programmed to enter a room with a “signature voice” begin to cultivate that ability?

Over the years, we have worked with hundreds of leaders who “grew up” in technical worlds: risk managers, scientists, economists. And they all carry this same assumption that someone who is an introvert or technically oriented can’t “own the room.”

The good news is that we’ve worked hard to debunk the myth that having an effective leadership presence, your “signature voice,” means being extroverted, gregarious and that it’s something one is born with. This is simply untrue. Cultivating your presence requires you to leverage the technical abilities you bring to the table while also rounding out your communication repertoire. We suggest that all individuals, no matter what level, leverage three areas to more deeply build their presence: mind-set (how you think about yourself), communication skills (what you say) and physical cues (what your non-verbals say). By being able to look at all three areas, anyone—introvert and extroverts alike—can build an authentic presence that is truly their voice.

Al Gore is a technocrat who learned to talk directly with the public after he left politics. Are there lessons risk managers can learn from his public transformation?

Al Gore is a great example of a leader who transformed from the “inside-out.” Rather than spending time trying to mimic Bill Clinton or puppet someone else, he connected to a cause he really cared about and had conviction for. Audiences could see that and resonate with it.

Like Gore, technical managers risk being perceived by others as aloof, out of touch, robotic or unable to relate to the business. Yet, our clients who find themselves in this position are quite convicted. The problem is there is a mismatch between their belief in their message and their delivery. There is incredible integrity in the work that goes into risk analyses, assessments and priorities. A key lesson from Gore then is to tap into that authentic conviction and purpose that underlies something like the risk management work you do. Allow that conviction to help you bring greater energy and enthusiasm to your message.

Best Buy and Target, two brick-and-mortar retailers identified in a recent study as being at high risk of losing sales to showrooming, have adopted the same solution. They are both offering customers a price-match guarantee.

Certainly, for consumers, showrooming is a godsend in this era of renewed frugality. But price matching may be an inadequate response by Best Buy and Target, according to David Shim, founder and CEO of Placed, a mobile analytics company that conducted the study.

Companies go to great pains to establish product markups justifying specific profit margin objectives. Once everyone is aware that prices can be instantly lowered for goods at Target, Best Buy and other retailers, margins will become slimmer and slimmer. The question then becomes: Who’s really running the store—the retailers or the e-tailers?

“Price matching could backfire,” said Shim. “If you train the customer to scan every product’s price because they know the store will match the lowest one charged, the financial impact becomes more and more problematic.”

It becomes a game of “how low can you go,” he explains. “Brick-and-mortar retailers can’t match Amazon’s margins when they have salespeople on the floor and big premises,” said Shim. “This is a very reactionary way to handle the risk.”

Interestingly, Best Buy and Target are not the retailers at highest risk of showrooming, according to the Placed study, Aisle to Amazon, which draws wide-ranging data from a panel of 14,000 mobile phone users. This dubious distinction, in order of ranking, went to Bed Bath & Beyond, PetSmart and Toys “R” Us. Others on the “high-risk” list include Sears, Barnes & Noble, Kohl’s, Costco and JC Penney.

While these traditional retailers are vulnerable to showrooming risks, Shim concedes the financial impact is small relative to these companies’ overall business volume. “It’s impacting their bottom line, but not to a point where it is really significant—not yet,” he said. “As the trend of showrooming increases, they may enter the problem zone. Frankly, retailers that match the prices of online e-tailers virtually guarantee this. The more consumers that ask for a price match, the greater the margin shrinkage.”

Competition is sure to heat up in the aftermath of the showrooming price wars. Best Buy, for example, not only will lower prices against 19 online competitors, it will also reportedly match advertised prices from brick-and-mortar competitors.

Target, which tested an online price match policy this past holiday season, decided to extend it year round. It will even match the online price on an item previously purchased. Just bring in “an original Target receipt and proof of a current price to Guest Services,” said Target spokesperson Eddie Baeb in an email.

Costco, on the other hand, has no intention of entering the price-matching fray. “We stand by our commitment to pre-select items of great quality and then mark them up as little as possible,” said Costco CFO Richard Galanti. “People come to our stores for all sorts of product purchases, from electronics to gas to fresh foods, knowing our mark-up, on average, is 11%.” According to Galanti, that compares to supermarkets in the mid-20s, Home Depot and Lowe’s in the low- to mid-30s, and 50% to 200% markups at department stores.

Asked if potentially lower prices on items such as televisions from Amazon or another e-tailer are having an impact on sales, Galanti says “not in the least.” Costco’s TV sales are “up from the mid-to-high single digits in the last nine months.”

He adds, “I don’t want to sound like we’re putting our heads in the sand, but I just don’t think [showrooming] is as big an issue for us as it is for others.”

Given their decision to match online prices, Best Buy and Target evidently believe this issue is significant for them. Are the big box stores rushing toward an obvious, albeit financially risky, solution? Shim thinks so. He suggests retailers go on the offensive rather than become reactionary. “Enhance customer service, provide customer loyalty programs, offer discounts for volume buys and provide other value-adds that won’t have as much impact on the bottom line as price matching,” he said. “There is more than price to empower consumers to make the best decisions.”

Preventable errors rob profit and resources at every level of an organization. They undercut quality, safety, IT security and customer service. They create waste in otherwise useful systems and negate the return on investment from training, processes and procedures. To add insult to injury, the media may quickly discover an error and broadcast your embarrassing failure around the world, permanently damaging your brand and reputation in a matter of minutes.

In the April 2011 issue of Strategic Finance, Mark Frigo and Richard Anderson define strategic risks as uncertainties “that could inhibit an organization’s ability to achieve its…strategic objectives with the ultimate goal of creating and protecting shareholder and stakeholder value.”

Using this definition, there is little doubt that human error fits the bill. The question then becomes, how can companies reduce the frequency of human error?

The Loss of Error

“Every day in America, 13 people go to work and never come home,” said Secretary of Labor Hilda Solis in a speech on Memorial Day in 2012. “Every year in America, nearly four million people suffer a workplace injury from which some never recover.”

There are few business resources as dear, both socially and financially, as the people we work with. There are even fewer that have as great an impact on productivity when unavailable. Workplace injury not only takes an enormous human toll, it also leads to staggering costs. A director of research for a leading writer of workers compensation insurance said that “though risk management strategies have reduced the frequency of workplace injuries and fatalities, they continue to represent a huge burden for U.S. businesses at over $50 billion in annual direct costs.”

Other errors also cost money—lots of money. The global analyst firm IDC, in a 2008 white paper, examined human error in the form of “employee misunderstanding” and its financial impact on 400 U.K. and U.S. businesses.

“Large enterprises are each potentially losing tens of millions of dollars to what is termed employee misunderstanding,” stated the paper. It defined employee misunderstanding as actions by employees who have misunderstood or misinterpreted company policies, business processes, job functions—or a combination of the three.

The average cost of this misunderstanding, at a company with 100,000 employees, is $62.4 million per year. Combined, U.K. and U.S. enterprises are losing an estimated $37 billion every year. The cost of intangibles—like reputation or customer trust—could have even greater consequences.

The health-care industry knows these costs all too well. More than a decade ago, the Institute of Medicine issued a now-famous study on medical error (“To Err is Human: Building a Safer Health System”) that revealed dramatic statistics. At least 44,000, and up to 98,000, preventable deaths occur annually as a result of medical errors in U.S. hospitals.

These numbers, if accurate, would make hospitals the eighth-leading cause of death in America—and this figure does not even include medical errors in the outpatient setting. This would rank the lethality of U.S. hospitals ahead of motor-vehicle accidents, breast cancer and AIDS. In the last 10 years, these estimates have escalated to over 200,000 per year, according to various studies by Health Grades, a U.S. company that develops and markets quality and safety ratings of health-care providers.

Another error-related threat comes from cybersecurity. After massive attacks on corporate giants like Google, Amazon, Citibank, JPMorgan, Sony and Lockheed Martin, strategic risk managers have realized that IT security is as much their concern as financial performance is.

While most of the buzz in the IT industry remains centered on sophisticated hackers, multiple studies show that the vast majority of data breaches are caused by human error. A 2011 study from the Ponemon Institute, a tech research nonprofit, revealed that organizations lose an average of $332 million in brand value in the year following a data breach.

This fact is compounded by Cisco findings that younger workers do not consider themselves accountable for IT security. The company’s 2011 “Connected World Technology Report” found that 61% of the college students and young professionals surveyed do not think they are responsible for protecting corporate information. Worse still, 70% admitted to violating company security policy, and 80% think restrictions on use of social media in the workplace are outdated (or that they don’t know that they exist at their job). “This is our future workforce,” said Scott Olechowski, Cisco’s security and threat research manager.

Of course, not all brand setbacks are tech-based. Recent years have given us a host of spectacular brand breakdowns related to human failings (Penn State football, BP, Apple maps). And reputation disasters do not even have to be spectacular. In December, 2011, for example, a funny-but-sad clip of a FedEx delivery man pitching a computer monitor over a fence attracted nearly 200,000 viewers on YouTube in a single day. It became fodder for late-night television comics and forced FedEx to launch a costly public relations campaign.

White Flags of Surrender

Surprisingly, even with huge related losses, human error remains below the radar. To understand why, look at the culture of malaise. What have companies been taught to expect from human capital? Not much.

The most basic problem is that the battlefield needed to wage the struggle against human error is strewn with an attitude of defeatism and decades of techno-hubris; companies have a belief that they can technically engineer away the effects human error. To some degree, many have already capitulated to the idea that “to err is human” and current losses are simply “the cost of doing business.”

To challenge the status quo, organizations must challenge the premise that the human is the weakest link in the workplace. On the contrary, when properly prepared, people are not something to be protected against; they are the strongest part of the performance equation. While technology, technical training and culture are important, the individual mind is more critical.

Not everyone believes this. There are reams of evidence—in recent writings and public statements given by highly respected professionals (who will remain nameless here)—that this view has become pervasive. “People will always make mistakes, that’s a given.” “Trying to stop human error is a fool’s errand.” “It’s easier to change situations than people.” “It is easier to manage error than to prevent it.” “Unfortunately, we are forced to work with the crooked timber of human fallibility.”

While there is a ray of truth in each of these opinions, the general premise is a flag of surrender. The alternate view, however, will help companies improve the vigilance and attention to detail of their workforce. Many are doing so already.

From Tactical to Strategic

Until recently, human error has been approached indirectly, if at all. Throughout the industrialized world, there have traditionally been a few different responses.

They can be broadly lumped into the following five categories:

1. Punish the individual who made an error and create remedial training
2. Emphasize accountability by blaming the leader for failures that occur on their watch
3. Create teamwork strategies to capture or contain errors through better communication
4. Establish systemic approaches that put multiple layers of protection in place to avoid or respond to errors (the so-called “Swiss cheese” model)
5. Introduce cultural approaches that focus on creating and sustaining social factors

In spite of these efforts, human error remains responsible for 60%-80% of failures, accidents and incidents in most high-risk industries. Human performance experts continue to struggle to find a broad-spectrum antibiotic to cure the human error “disease.”

If we extend this metaphor, we can shed some light on why it is not working. Human error is not a common infection that can be fought with a broad-spectrum antibiotic; it is more like a virus that the immune system must handle from within. And when you’re fighting a mutating virus, every battle is an inside job, won or lost at the individual level. As we continue to search for a more effective remedy against human error, individuals must be taught to see and defend against common error-producing conditions.

In recent years, organizations as varied as the U.S. Marine Corps, Federal Express and the FBI have begun to embrace “empowered accountability,” a concept where individuals are trained to recognize common error types and mistake-producing conditions. They are then urged to study their own performance—on and off the job—to recognize the types and frequencies of errors that they make. By making error control “a life skill first and a job skill second,” the new information and skills cross the work/home threshold and consistently reinforce themselves. The early results of this approach have been promising.

Another productive attempt to curb error is quality, safety, security and customer-service analytics, which are mined for patterns of errors. In a broad sense, this approach is reminiscent of W. Edwards Deming’s “the data will set you free” mind-set that revolutionized the quality movement in the 1980s.

Most critically, where organizations are having success, the issue of human error is no longer treated as an embarrassment. It is viewed as another ever-present risk that must be managed strategically.

A Short History Lesson: 216 BC 

On August 2, 216 BC, the two largest armies in the civilized world stood face to face on an open plain near the mouth of what is now the Ofanto River on Italy’s east coast. The fate of the civilized world hung in the balance.

The Romans held the better ground and had almost twice as many troops as their adversary. Nearly 80,000 armed men stood in three bristling lines of attack. Opposing the Roman juggernaut was a far weaker adversary in an inferior tactical position. With the river on one side and the ocean to the rear, an estimated 49,000 Carthaginian forces—mostly mercenaries who did not even speak a common language—prepared for what appeared to be a crushing defeat from the Roman sledgehammer.

But the Carthaginian general Hannibal Barca knew his adversary, a hot-headed Roman general named Varro, and through a series of maneuvers designed to embarrass his rival, he drew the entire Roman center into an unwise advance.

Less than four hours later, nearly 60,000 Roman soldiers lay dead or dying on the ground near the village of Cannae. They were the victims of poor decisions born of the common human errors: ego and anger. Perhaps even more important than the errors committed is the fact that the Carthaginian commander predicted and induced these errors to defeat a far superior force on unfavorable terrain.

Therein lies the lesson for today.

In 216 BC, Hannibal was one of the few leaders in the world who understood the intricacies of human error and how to leverage them to his advantage. Today, that information is becoming available to all. Over the past two decades, human error research has expanded exponentially. The causes and effects of error have been studied and codified. The next step is behavioral change for all—individuals, team players and leaders. Human error is no longer the shadowy, ill-defined foe it once was, yet few have utilized the new discoveries to strategically attack error as a part of an enterprise risk management system.

In the near future, companies that continue to let human error rot their strategy from the inside-out might face a similar fate as that of the Romans. Conversely, those that realize that this area is ripe for improvement may be able to outmaneuver their rivals—no matter how large the adversaries in the industry might seem.

If the suit is substantial enough, a policyholder with cash-flow problems may be put out of business by its insurance company’s refusal to cover a settlement opportunity. This scenario is what some in the insurance industry refer to as “death of company.” But even if a policyholder has the wherewithal to fund a large settlement without its insurer’s contribution, challenges remain in the pursuit of an eventual insurance recovery.

Challenging the Settlement Conditions

If the underlying case is settled, the insurance company will question the extent to which it is bound by the settlement. After the policyholder settles and requests a payout from the insurer for that amount, the insurance company will often contend that the policyholder was not liable to the claimant or that the settlement was unreasonable.

In essence, it tries to force the policyholder to relitigate the case and prove its liability in the coverage action. Even after such efforts, the insurance company may reverse course and try to evade its coverage obligations by arguing that the “true liability or exposure” is for uncovered liability (e.g., “uncovered dishonest acts” vs. covered negligent or reckless acts).

Insurance Companies that Just Say “No”

A second type of all-too-common dispute occurs when the insurance company simply withholds its “consent” to the settlement. In this situation, it may simply try to avoid coverage on the basis that it did not consent to the policyholder entering into a settlement — irrespective of an analysis as to whether the settlement reached by the policyholder was prudent and covered by the insurance policy.

Policyholders need to act carefully when dealing with the lack of consent argument. For example, a federal trial court in 2000 allowed an insurance company to void coverage after the policyholder failed to obtain the insurer’s written consent to settle. The court reasoned that even though the insurer sent a “preliminary” denial of insurance coverage, that fact did not relieve the policyholder of complying with the clause requiring written consent from the insurance company prior to reaching a settlement.

Play It Smart

While many courts hold that policyholders dealing with a denial of coverage (whether “preliminary” or not) are permitted to protect themselves in a suit by entering into reasonable settlements without forfeiting their insurance coverage, there are still ways to reduce insurance coverage litigation risk with an insurance company that just refuses to cover settlements.

First, even if the insurance company denies coverage, it is still wise to keep it (and any applicable excess insurance companies) abreast of settlement negotiations and developments. This reduces the amount of Monday morning quarterbacking that insurers sometime play — arguing that they would have handled things differently if they had been informed of settlement issues. Also, providing this information may lead the insurance company to revisit its claims position where there had simply been some miscommunication during the claim process.

Second, if there is an imminent deal with the claimant, ask the insurance company to consent to the settlement. If it refuses, at least ask that it agrees to waive any coverage defense based upon its lack of consent. Many insurance companies will do this while they “preserve” other potential coverage defenses.

Third, given the lengths that a “claim investigation” can go — especially one conducted by a law firm “on behalf of the underwriters” — it is important to be mindful of statute-of-limitation issues. Policyholders can get preoccupied with channeling all of their attention to resolving the claim. While it certainly may be desirable to resolve the claim before proceeding to coverage litigation, policyholders still need to ensure that their litigation options remain open during this period.

Things may be improving, however. From 2011 to 2013, the insurance industry jumped from 58.5% to 65.0% in research firm Temkin’s annual “Experience Ratings,” which attempt to quantify customer experience approval rates.

Perhaps even more revealing is the fact that only six listed industries rank higher than insurance (hotels, banks, retailers, parcel delivery services, fast food chains and grocery chains). Among those that are now regarded more poorly than insurance are wireless carriers, health plans, airlines, auto dealers and appliance makers.

However, there remains a large disparity between how the best and worst companies are regarded. USAA, for example, leads the industry at 77% (a four-point jump over 2012) while 21st Century finished last among insurers in the study (and 242nd overall in the list of companies) at 49%.

High-profile companies including MetLife, Travelers and The Hartford also finished below the industry average. The seven-point drop over the past year for The Hartford was the largest decline in the study of insurers.

According to a survey of IT professionals by Lieberman Software, a Los Angeles-based software provider, 88% believe that a portion of their data hosted in the cloud is vulnerable to being lost, corrupted or accessed by unauthorized individuals.

As a result, almost as many respondents (86%) eschew the cloud for their company’s most sensitive data and instead choose to keep it on their own networks. One of the main reasons why respondents avoid the cloud is a fear that government and legal interference could make it difficult to keep data protected.

“If a government or official body wanted to see what data a company was holding in the cloud, the cloud host involved would be legally obliged to provide them with access,” said Philip Lieberman, president and CEO of Lieberman Software. “This means there is very limited privacy in cloud environments.”

Nevertheless, 56% pointed out that the move to the cloud has saved their company money, meaning that the cloud is still a viable alternative, especially for less-sensitive data.