It’s annual report season, which means analysts and investors are poring over 10-Ks and other government filings to see who met expectations in 2023, who fell short and what’s to come in 2024. As an independent home improvement operator, you may not need to report your financials to the Securities and Exchange Commission like your big-box competitors, but you should have a process in place to address financial performance, operational performance and operational risk. Every publicly traded company in the U.S. is required to assess its potential risks and report them in its financial filings. In an analysis of the risks big boxes included in their 2023 annual reports, themes certainly emerged.
To help you navigate a risk assessment in your operation and to break down some of the common big-box risks, Hardware Retailing spoke to Scott Reynolds, president and CEO of American Hardware & Lumber Insurance.
8 Themes of Big-Box Risks
Each company organizes and categorizes risks a little differently, but these are some common themes that emerged from 2023 big-box annual reports.
- Changing consumer needs
- Cybersecurity and technology
- Economy and housing
- Labor management and company culture
- Store safety and loss prevention
- Supply chain
- Extreme weather events
- Debt management
Breaking Down Risk
At its core, Reynolds says risk mitigation is an evaluation of whether a business occurrence is insurable or non-insurable. What makes the difference is whether there is an accident or “incident of peril,” he says.
“Every business faces a whole host of risks, and those risks can hit the bottom line,” he says. “It may result in an injury to a customer or an employee, it could be a marketplace downturn or a competing store comes in.”
Some of the risks big boxes identify in their annual reports have many layers, and some of those layers are insurable while others are not.
For example, risk in the supply chain is very broad. Reynolds says if your distributor runs out of product and can’t deliver your order, that’s an uninsurable risk. But, if there is a fire at the distributor’s warehouse that prevents you from receiving your order, that’s potentially insurable.
“You may have a valid business interruption claim covered on your property policy because fires are covered peril, even if it didn’t happen to your store,” he says.
A Matter of Policy
One risk area Reynolds says has grown significantly in recent years is cybersecurity and technology. He says just 15 years ago, cybersecurity insurance coverage wasn’t common, but now every big-box company certainly has insurance coverage, internal staff and likely an external service provider to address cybersecurity incidents.
“Not too long ago, cybersecurity just wasn’t a concern,” he says. “Now it’s taken on a life of its own, and there’s specific insurance available for cyberthreats and cybersecurity.”
Reynolds says small business operators often overlook this coverage because they don’t think their operations are at risk. The truth is, threat actors have started targeting small- and medium-size businesses because they are less likely to have protective systems in place.
Another policy area that Reynolds says only about 10% of small business operators have is employment practices liability insurance. This type of coverage protects a business in the event of a lawsuit from a current or former employee.
“A store owner tends to rely on their workers’ compensation insurance or their general liability insurance, but that coverage doesn’t apply if there isn’t an accident,” he says. “So if an employee broke their arm or was exposed to disease or something like that, yes, that would be covered. But if you wrongfully terminate someone, there was no accident, nobody’s hurt. If they file a claim and you don’t have the employment practices liabilities policy, you could be on the hook for attorneys’ fees and potentially damages.”
All Hands on Deck
The first step to mitigating risk in your operation is to involve all critical decision-makers in risk assessment. Reynolds says he recommends having several key people involved in the process: the business owner, the IT manager, the risk manager and an insurance agent.
Reynolds says he understands that many small business operators may not have those specific roles.
“Internally, in many cases for a small business, one person is going to have all those jobs,” Reynolds says. “In these cases, I recommend bringing in the store manager because two sets of eyes is better than one.”
Reynolds says if you have never performed a risk assessment for your business, you can ask your insurance agent for a template. Completing the risk assessment template will help you determine where you may need additional insurance coverage or make you aware of potential safety gaps.
Another tool you can use to get the entire team involved in risk assessment is to perform a SWOT—strengths, weaknesses, opportunities and threats—analysis. Reynolds says including additional team members in this exercise can be fruitful.
“I love SWOT analysis,” he says. “When you bring in a sales associate or anybody in your organization, it’s highly likely that you’re going to hear about things that you hadn’t even thought about. It’s good to bring them in.”