Home » Industry News » How to Approach Risk Mitigation Like the Big Boxes Do
risk management

How to Approach Risk Mitigation Like the Big Boxes Do

It’s annual report season, which means analysts and investors are poring over 10-Ks and other government filings to see who met expectations in 2023, who fell short and what’s to come in 2024. As an independent home improvement operator, you may not need to report your financials to the Securities and Exchange Commission like your big-box competitors, but you should have a process in place to address financial performance, operational performance and operational risk. Every publicly traded company in the U.S. is required to assess its potential risks and report them in its financial filings. In an analysis of the risks big boxes included in their 2023 annual reports, themes certainly emerged.

To help you navigate a risk assessment in your operation and to break down some of the common big-box risks, Hardware Retailing spoke to Scott Reynolds, president and CEO of American Hardware & Lumber Insurance.


8 Themes of Big-Box Risks

Each company organizes and categorizes risks a little differently, but these are some common themes that emerged from 2023 big-box annual reports.

  • Changing consumer needs
  • Cybersecurity and technology
  • Economy and housing
  • Labor management and company culture
  • Store safety and loss prevention
  • Supply chain
  • Extreme weather events
  • Debt management

Breaking Down Risk

At its core, Reynolds says risk mitigation is an evaluation of whether a business occurrence is insurable or non-insurable. What makes the difference is whether there is an accident or “incident of peril,” he says.

“Every business faces a whole host of risks, and those risks can hit the bottom line,” he says. “It may result in an injury to a customer or an employee, it could be a marketplace downturn or a competing store comes in.”

Some of the risks big boxes identify in their annual reports have many layers, and some of those layers are insurable while others are not.

For example, risk in the supply chain is very broad. Reynolds says if your distributor runs out of product and can’t deliver your order, that’s an uninsurable risk. But, if there is a fire at the distributor’s warehouse that prevents you from receiving your order, that’s potentially insurable.

“You may have a valid business interruption claim covered on your property policy because fires are covered peril, even if it didn’t happen to your store,” he says.

A Matter of Policy

One risk area Reynolds says has grown significantly in recent years is cybersecurity and technology. He says just 15 years ago, cybersecurity insurance coverage wasn’t common, but now every big-box company certainly has insurance coverage, internal staff and likely an external service provider to address cybersecurity incidents.

“Not too long ago, cybersecurity just wasn’t a concern,” he says. “Now it’s taken on a life of its own, and there’s specific insurance available for cyberthreats and cybersecurity.”

Reynolds says small business operators often overlook this coverage because they don’t think their operations are at risk. The truth is, threat actors have started targeting small- and medium-size businesses because they are less likely to have protective systems in place.

Another policy area that Reynolds says only about 10% of small business operators have is employment practices liability insurance. This type of coverage protects a business in the event of a lawsuit from a current or former employee.

“A store owner tends to rely on their workers’ compensation insurance or their general liability insurance, but that coverage doesn’t apply if there isn’t an accident,” he says. “So if an employee broke their arm or was exposed to disease or something like that, yes, that would be covered. But if you wrongfully terminate someone, there was no accident, nobody’s hurt. If they file a claim and you don’t have the employment practices liabilities policy, you could be on the hook for attorneys’ fees and potentially damages.”

All Hands on Deck

The first step to mitigating risk in your operation is to involve all critical decision-makers in risk assessment. Reynolds says he recommends having several key people involved in the process: the business owner, the IT manager, the risk manager and an insurance agent.

Reynolds says he understands that many small business operators may not have those specific roles.

“Internally, in many cases for a small business, one person is going to have all those jobs,” Reynolds says. “In these cases, I recommend bringing in the store manager because two sets of eyes is better than one.”

Reynolds says if you have never performed a risk assessment for your business, you can ask your insurance agent for a template. Completing the risk assessment template will help you determine where you may need additional insurance coverage or make you aware of potential safety gaps.

Another tool you can use to get the entire team involved in risk assessment is to perform a SWOT—strengths, weaknesses, opportunities and threats—analysis. Reynolds says including additional team members in this exercise can be fruitful.

“I love SWOT analysis,” he says. “When you bring in a sales associate or anybody in your organization, it’s highly likely that you’re going to hear about things that you hadn’t even thought about. It’s good to bring them in.”

About Lindsey Thompson

Lindsey joined the NHPA staff in 2021 as an associate editor and has served as senior editor and now managing editor. A native of Ohio, Lindsey earned a B.S. in journalism and minors in business and sociology from Ohio University. She loves spending time with her husband, two kids, two cats and one dog, as well as doing DIY projects around the house, coaching basketball, going to concerts, boating and cheering on the Cleveland Guardians.

Check Also

RH-ISAC Holiday Cybersecurity Report

Retail and Hospitality ISAC Releases Holiday Season Cyberthreat Trends Report

The holiday season is here, which means online shopping and activity is at its peak. …