Liability Insurance Contributing Columnist


Is Your Business Continuity Plan Missing A Key Ingredient

Jim Brunker,CPCU, CIC, AIC
Partner, Senior Account Executive Property & Casualty
M3 Insurance

April 22, 2022

One of the first questions a potential employee asks when interviewing for a job with a dairy processors is: How much will I make?

Imagine if your response was, “We’ll pay you X amount. That is, until our payroll and time keeping provider gets hit by ransomware. Then, for several weeks we’ll struggle to figure out how to track your time, issue your paycheck, and account for overtime.”

Imagine how quickly that candidate would be heading for the exit.

Ransomware attacks and the effects on payroll
This scenario may seem far-fetched, but this very scenario played out at companies across the US after a well-publicized December 11, 2021 ransomware attack of a human resource and payroll management provider, resulting in major problems for many businesses and governments, including not being able to process employee paychecks for many months. A few weeks ago, employees at Tesla and PepsiCo filed class action lawsuits against the platform.

Operations impacted by the ransomware attack on their vendor’s system were forced to revert to paper and pencil to track their employees’ time. And, in some cases, paper checks were issued when direct deposit details were frozen. Many of the companies impacted had to resort to these emergency measures for several months.

Using a third party provider (like the platform mentioned above) does not diminish any employer’s responsibility for making payroll under the Fair Labor Standards Act. Therefore, potential insurance policies that could be triggered by such an event could include cybersecurity-dependent business interruption and employment related practices liability among others.

A typical business continuity plan accounts for emergencies such as fires, tornados, or product recalls. But, it’s fair to say that while some of these risks can be transferred contractually to insurance or third parties, it is a best practice to try to avoid risks via your continuity plan.

Is payroll redundancy included in the corporate business continuity planning process? If it hasn’t been included before, time to include this key ingredient.

Accounting for payroll redundancy in your business continuity plan
A well-developed business continuity plan considers the “what if’s” that could disrupt or completely up-end a business’s ability to function. The overall objectives of a Business Recovery Plan is to protect an organization’s resources and employees, to safeguard the organization’s vital records, and to ensure the ability of the business to function effectively in the event of a severe disruption to normal operation procedures.

A business continuity plan provides a framework for returning the operations to a normal state. Through the planning process, dairy processors identify and manage hazards associated with disasters; mitigating the effects of such an event should they occur. While, commonly, plans would include mitigating the impact from fires, or floods, or product recall – in light of the severe impact that can be caused by a critical vendor being hit by ransomware, it’s advised that dairy processors also consider vendor redundancy options within their business continuity plans.

According to Chris Halverson, M3’s director of rapid response and recovery, the following are the basic steps to creating a business continuity plan.

The development of a business continuity plan requires a significant investment of time, money, and other resources. It also requires the full support of senior management. Getting approval from senior management to develop the plan is the first crucial step.

Definition and Scope
The planning committee should define the scope of the business continuity plan. This makes it possible to identify priorities.

Data Collection
Once the planning committee’s priorities are clear and reinforced with the commitment from top management, the team should begin the data collection phase of business continuation planning.

Business Impact Analysis
This phase determines the impact of a disaster on each department and identifies resources needed to resume critical business functions.

Plan Development
This phase is to develop strategies to resume business functions – the heart of the business continuity plan.

In this phase, you will finalize the business continuity plan. In many ways, however, a business continuation plan is always a work in progress. To be effective, it needs to be continually tested and adjusted to reflect changes in the business.

Testing and Monitoring
Establishes procedures for testing the business continuity plan.

Develop a system to update names, responsibilities, and contact information in the business continuity plan. Establish procedures for the planning committee to review and revise the continuation strategies frequently.
Schedule quarterly or semiannual update meetings.

Key Takeaways
Traditional business continuity plans likely take natural disasters into account, but have you adjusted yours to include payroll redundancy in the case of a ransomware attack? Dairy leaders should take note of increasing cybersecurity issues within the industry and ensure you are able to keep your business running (and your employees paid) if a cyber event were to occur.

For more information, call (800) 272-2443 or visit


Jim Brunker

James Brunker CPCU, CIC, is a Partner and Senior Account Executive at M3 Insurance. M3 Insurance offers insight, advice and strategies to help clients manage risk, purchase insurance and provide employee benefits.
For more information, call (800) 272-2443, jim.brunker@m3ins.comor visit

Recent Columns

Softening The Blow of A Hard Insurance Market
October 16, 2020

'Sir, There's a Minnow in my Muenster': Recall Insurance Past and Present
December 13, 2019

Reducing Supply-Chain Rish Through Teamwork & Internal Communication
November 10, 2017

Your Product Recall Plan: A Tool For Improving Your Insurance Coverage
by Jen Pino-Gallagher
July 7, 2017

Food Grade Product Liability Insurance for Your Food-Grade Products
June 9, 2017


What do you think about 
Jim Brunker's Comments?*

Please tell us if you are a
Dairy product manufacturer 
Dairy marketer /importer/exporter
Milk producer
Supplier to manufacturer