Risk at High Velocity

February 1, 2012

In last month’s column, we argued that the next generation of security leaders will be challenged more than previous leaders to run their function as a business; they will be expected to align with the organization and build value through security. As they work toward these goals, they will also be faced with new risks, some of which have the potential to escalate at a stunning pace.

For example, communication on the Internet has been a boon to business, but it has created an online environment that can be dangerous to corporate reputations. Consumers, employees and often partners habitually share opinions and information through social media and viral posts to popular sites, which can turn a single person’s comment one day into a media firestorm the next.

At the time of this writing, news has recently broken that actor Alec Baldwin was kicked off an American Airlines flight for reportedly verbally abusing the flight crew after refusing to turn off his phone when asked. It’s interesting to note that within 30 minutes of Baldwin’s first notorious tweet about the incident, AA had tweeted a response stating they were looking into the incident, and within 24 hours their Facebook page had been updated with a refutation of Baldwin’s version of the events and a defense of AA’s actions. The book is still open on the incident, but at the moment it looks like Baldwin may have come out the worse in this fight. Not all companies are able to deflect socially driven bad press in the same way. The damage that harmful YouTube videos, tweets, or Facebook comments can do to an organization’s stock price can add up to millions of dollars in brand equity, and how these incidents are handled can either minimize or maximize that damage.

Of course, it will not do to focus on newer threats like online security while neglecting the basics. Burgeoning security leaders must remember that physical security remains critical in managing risk, and the increased value of information actually makes physical protection even more important than before in many cases. Information – intellectual property as well as private employee and customer data – is a high-dollar asset in itself. When the assets on which information resides are compromised, the damage is therefore compounded.

The healthcare industry may serve as a telling example. Privacy Rights Clearinghouse data recently showed that more publicly disclosed data breaches occur in the medical industry than in any other, and most of those are due not to hacking, but to loss or theft of portable data devices. The next generation security leader must be prepared to protect information and brand from cyber threats and physical threats to information assets.

Protecting not only information but the enterprise at large will also require a solid strategy for preparedness and resilience. “Brand confidence and loyalty are intrinsically tied to responsibility before a crisis,” says Francis D’Addario, emeritus faculty member of the Security Executive Council and former vice president of Partner and Asset Protection for Starbucks Coffee. D’Addario evangelizes for security leaders to build preparedness and crisis management capabilities by, among other things, enhancing the social responsibility initiatives of the organization. A company’s investment in social responsibility in the good times, enabled by strong security and risk management, allows the CEO to stand in front of the media and the community after a disaster and say with sincerity that the company cares about the community and is truly doing all it can to help. There is significant intangible value to that kind of sincerity, according to D’Addario.

Building local alliances and attending to global preparedness guidelines and regulations is also critical. Numerous partnerships and partnership organizations have arisen to assist individual communities in developing preparedness and response plans that leverage the resources and knowledge base of both the public and private sectors to better protect communities and the businesses that reside in them.

Threats and risks will continue to pick up speed, and the next generation of security leaders will need to be quick enough to build security functions that can match them – functions that rely on solid protection strategy as a foundation for nimble, resourceful and creative response.

Marleah Blades is senior editor for the Security Executive Council, an innovative problem-solving research and services organization. The Council works with Tier 1 Security Leaders™ to reduce risk and add to corporate profitability in the process. To learn about becoming involved, e-mail c ontact@secleader.com or visit www.securityexecutivecouncil.com/sm. You can also follow the Council on Facebook and Twitter.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.