While most CSOs tell me what they love most about their jobs is that something different happens each day and it never becomes boring, recent events on the world stage are sure to challenge that notion. Protecting and supporting stakeholders on a global scale through investments in security operations centers (SOCs), intelligence services and travel support companies has become a best practice for leading security programs.
Proof that leading security programs are identifying and mitigating risks is the “business as usual” approach during the recent Ebola outbreaks in West Africa; Malaysian Airlines flight MH17; and the Israel/Gaza conflict. These events are not forcing security to become the voice of “No” in most organizations.
Perhaps the best example of politics, war and risk not standing in the way of business was ExxonMobil’s announcement on August 9, as reported by Reuters, that they would start digging in Russia’s Arctic that weekend, despite Western sanctions imposed on its Russian partner Rosneft. Hailed by Vladimir Putin as a model of “cooperation” Putin appeared in a photo opp with ExxonMobil CEO Rex Tillerson. Glenn Waller, ExxonMobil’s lead manager in Russia, stated, “Our cooperation is a long-term one.”
While U.S. sanctions are designed to ban Russian companies, like Rosneft, from access to financing and modern technology, they are not meant to halt joint projects between U.S. and Russian companies. The business and human risks can be (and have been, one would assume) understood, weighed and evaluated to assure and enable business.
A recent article in Haraatz, Israel’s oldest daily newspaper, titled, “Business as usual with Gaza, despite war and blockade,” noted that despite the conflict, “Gaza is big business for Israel, and Hamas has to allow it to take place.” An Israeli customs agent was quoted: “We’ve been working with exporters from Gaza continuously since Operation Protective Edge began, even during the shelling. We’re releasing all the goods that arrive for them at Israeli ports, we’re conducting money transfers and have even paid some of the customs fees ourselves, because we know they’ll pay us back when things calm down.” Ironically, the repeated conflicts and property destruction result in strong demand for building products in Gaza, which are imported from Israel. The article notes that at least 50 percent of all products entering Gaza are produced in Israel.
Hardest to see, measure and mitigate, for any enterprise or government are pandemics. SARS (severe acute respiratory syndrome) first appeared in China in late 2002, at a time when U.S. companies were eager to do business with Asia, requiring frequent travel to and from the region. Within a few months, SARS spread worldwide, carried by unsuspecting travelers and travel restrictions became the norm. Today, Ebola is devastating to those in West African countries fighting the disease. But how businesses and governments are responding to the outbreak is mixed. The Center for Disease Control issued a high alert, but stopped there.
Some businesses, such as airlines, have either suspended service or increased passenger screening in the area. British Airways suspended service to both Liberia and Sierra Leone. Air France and Brussels Airlines increased screening procedures and warned that service could be cut at any time.
None of the above scenarios give security leaders a hard and fast recommendation or policy to point to or adopt. Navigating these organizational challenges is perhaps the most daunting aspect of the leadership role. In a business as usual culture, being seen as the voice of “No” might result in recommendations being ignored. And placing the responsibility on one’s own shoulders with an overzealously promised “Yes” might not be realistic. Rather, the key is to appropriately present the risk scenarios to business leaders so they can manage their own risk/benefit decisions. And it would appear that is exactly what is happening. Making appropriate recommendations as the “trusted advisor” so those that own the risks can decide the best course.
As Steve Hunt recently wrote in his post, Security’s New Focus on Value, not Risk: “Upper management thinks in terms of business development, not security. What people will be needed? What headcount can we reduce? How much will it cost? How much will we save? What new revenue can we earn as a result of this investment? And they think not in terms of security risks, but in terms of credit risk, market risks and operational risks. That’s where security professionals can shine.”
And Exxon Mobil is not the only organization shining. Taglit-Birthright, a Jerusalem-based organization that offers free 10-day trips to Jews ages 18–26, is continuing its program during the conflict, and very few participants have canceled their participation. Enabling the mission is becoming business as usual.