This article considers the challenges that the modern day Corporate Security & Risk Manager (CS&RM) faces in context of how the world has changed and the response and consideration required to mitigate current and future risk and threats.
When considering the role of the modern Corporate Security & Risk Manager (CS&RM), the current risk and threat landscape compared to the one that existed 25 years ago creates a much different challenge and response, both at the personal and the organisational levels.
The world has changed significantly since the 1990s. OFCOM identifies the four most important inventions as Wi Fi, smartphones, online banking and online search engines such as Google.[1] Other inventions used by modern day criminals and those seeking to exploit a major incident or crisis, are data encryption, GPS and Facebook (amongst many other social media platforms).
The Modern Threat Landscape
Whilst examining modern threats, we must look at terrorism in its new and emerging forms. For example, the ‘marauding terrorist’ and the targeting of non-combatant, neutral or randomly chosen people in public and private spaces and the need to respond to this threat.
Organisational response to cyber-attacks is now being tested on a daily basis globally. This is perhaps one of the most significant threats to business of all sizes whether it being state sponsored or from organised crime groups, who have demonstrated the capability to infiltrate the IT systems of national infrastructure, aviation, shipping and education (amongst many others), for the purposes of causing major disruption and financial gain.
Social engineering of targeted individuals through social media sites such as Facebook and LinkedIn provide the access to devastating outcomes for many companies just from the click of an email in addition or perpetrating modern day, misrepresentation, fraud and theft through online banking and other financial facilities.
The proliferation of the insider threat also presents a significant problem in risk management. Whether it be the malicious or careless insider threat, the consequences of fraud, intellectual property theft, access to IT systems, espionage and sabotage, it has an almost immeasurable risk on potential disruption, financial and reputational loss to a business.
Systemic Threats
These threats are of course not in isolation, and we should consider the broader factors influencing global systemic threats which impact how risk and crises are managed by a CS&RM, who perhaps has responsibility for a global entity, whether it be in the pharmaceutical, financial, construction industries or another global supply chain company.
These factors are generally categorised as
- Demography
- Economic
- Environmental
- Geopolitical and Societal
- Technological
Demography
The estimated world population in 1997 was 5 9 billion of which 2.6b (46%) was urbanised. In 2020 it was 7.7 billion of which 4.3b (56%) was urbanised [2]. An increasing population continues to place pressure on existing resources and services and as urbanisation increases, existing transport and other infrastructure may not be able to meet society’s needs. As life expectancy grows so will the vulnerability of the elderly to disease (such as has been demonstrated in the recent pandemic) and mass migration, issues already challenging the economies, services and resources of many countries.
Environmental
Global warming caused by an increase on the global population and economic growth affects various continents differently. Rising sea temperatures and pollution are noticeably having an effect on the marine based food chain and it is anticipated that by 2025 two thirds of the global population will live in water shortage. With 1.4 billion people unable to access drinking water and 3 billion using unsafe water purification plants, this is likely to weaken population health and increase infectious disease[3]
Geopolitical and Societal
McKinsey and Company frame the heightening of political frictions and regional tensions where “a broader range of actors will compete to advance their ideologies, goals, and interests.” as companies “walking a geopolitical tightrope”[4] Political events such as the separation from the EU by the UK was in itself a driver for significant challenges and arguably a potential crisis within many companies who found themselves unable to trade due to issues such as regulation, industrial action at the ports and arguably a lack of preparedness. A global workforce also presents challenges with differing views on human and workers’ rights, data privacy and other forms of exploitation. The recent conflict in Ukraine has demonstrated the unprecedented effect on the global economy, in terms of food and energy supply chains. The rising cost of living for many people will result in levels of poverty and division that will impact on risk in many areas.
In respect of the societal factors, we should also consider that the consequences of a modern-day crisis impact a business at lightning speed. For example, within minutes social media is shared globally. The proliferation of satellite and terrestrial media organisations regularly demonstrate a competitiveness that manifests itself not only in informative and important information sharing but in sensationalism, inaccurate reporting and a desire to apportion blame or guilt and make judgement long before true facts of the incident emerge, all of which presents yet another risk and crisis management challenge.
Technology
The technological evolution will continue with new tech superseding old. Whether it be Amazon drones delivering goods, pilotless aircraft or technology that will result in the redundancy of many workforces or a change in the environment, all will present and influence new risks. Regulation will drive much of this requiring further risk management. Technology in medicine has already prolonged the life of expectancy of the average person, which will place pressures on society, and we see the emergence of robots, promoted by people such as Elon Musk, that may become the new fighting armies of the future.
In summary, arguably new world challenges and the need for a new style of risk mitigation and management, has perhaps never been greater. For many, it will be “when and not if” and should now provide the driver for the cultural change required by companies and organisations to identify and prioritise risks impacting on them and implementing control measures to reduce or mitigate the identified risks. So, for the CS&RM and their team, taking all these factors into account, embedding this crisis resilient culture in one’s organisation is critical, and this must start at board level. Without this, there is a significant risk that the regime will fail. Jonathan Hemus refers to the four essential pillars of preparedness Assess, Plan, Train and Exercise[5]. These are the fundamentals to ensuring a robust crisis management framework and programme. History has demonstrated that a company that can demonstrate this will engender the confidence and capability to executing a well written and rehearsed crisis management plan. The Alton Towers incident of 2015 in which two young people suffered life-changing injuries is one example of this. “Its response was exemplary and played a major role in protecting its reputation and value. The nature and speed of its actions and words indicate clearly that it was based on a well-conceived and rehearsed crisis management plan”[6]
A Critical Role
The role of the 21st century CS&RM will be a continually challenging one and will require a constant review of risk appetite, the risk register and all that naturally flows from this to ensure a robust framework is maintained. Persuading the Board to understand that the consequences to a business are now greater than they have ever been, where a cyber or other attack that significantly disrupts business can mean serious financial and reputational loss is an imperative. The executive must respond for the need of investment in preventative measures, encourage the building of an effective crisis management team and promote the deep embedding of crisis resistant culture within the organisation. The value that an effective CS&RM can add to a business or other entity may never be truly measured until a crisis strikes, but a CS&RM who is empowered and who is effective, will provide the confidence within the organisation that it has the capability to respond and succeed when the time comes.
___________________________________________________________________________________
[1] OFCOM – Top Inventions of the Past 25 years – and what they have in common
[2] Source: Worldometer (www.Worldometers.info). From 1950 to current year: elaboration of data by United Nations, Department of Economic and Social Affairs, Population Division. World Population Prospects: The 2019 Revision
[3] Emerging Risks of the 21st Century – OECD
[4] How global companies can manage geopolitical risk – July 15, 2021, Article
[5] Crisis Proof – How to prepare for the worst day of your life (2021) Jonathan Hemus
[6] Crisis Proof – How to prepare for the worst day of your life (2021) Jonathan Hemus