There have been many examples from my career – from advising the International Monetary Fund on security matters during the Arab Spring through responding to humanitarian crises prior to the European Refugee Crisis - where I had hoped there was a need for a more well-funded and re-purposed security apparatus.
The security incidents that have occurred over recent years have caused immeasurable damage (financial loss, the damage to organizations’ reputations and the loss of lives). The threat landscape that organizations face is changing rapidly. For instance, the Solar Winds Cyber-attack from February 2021 was estimated to have cost insurers 90 million U.S. dollars. Emerging risks for corporate companies include those of far-right terrorist groups developing the sophistication and capabilities to seize senior corporate staff, or the vulnerabilities stemming from the growing risks of disinformation attacks against executives and companies across the world, which could cause irreparable damage to company share prices.
Increasingly, senior security leadership of multinational companies will have to think about the impact of an array of physical, cyber and digital risks to their organizations.
With the financial, reputation and legal costs all so high, it seems likely there is going to be a renewed emphasis on how to restructure corporate security teams and how to reframe them within corporate structure. Here are some practical considerations on how to reframe the traditional corporate security team.
Structural adjustments to prepare for the changes.
- There is a need to restructure security teams and to retool them with the skills, training and forward-thinking mentality required to implement changes to reflect the changes to the situation. No longer can security be a “lock and key” infrastructure, but instead it must become innovative, flexible, adaptable and robust considering the changing nature of security risks and the existential risks that they can pose across organizations.
- Spotlight your hiring practices. The typical staff-member hired within corporate security teams will increasingly need to be reimagined. The importance of women, diversity, and the need for an array of technological and physical security skillsets needed to ensure wide-ranging perspectives and approach should be encouraged. There is a clear need to include effective communication skills, so that staff can communicate technical terms and the impact of risks occurring in clear, concise language and matrix.
- Focus on skill developments. Increasingly, analysis should drive risk management decisions. And there is a growing synergy between cyber and physical security teams and the importance of training to ensure that corporate security teams can become increasingly able to plan and react to the evolution in the security threat environment. It will become increasingly important that organizations retain and reskill those they hire and promote them within their organizations
- Redraw the lines to senior leadership within organizations. When decisions are made about new policies, communication and the adoption of new technologies, or decisions within the framework, there needs to be more representation from the security teams in terms of how these issues may impact the safety and security of employees and the organization, so that the risks of such action can be balanced with the opportunities that the decisions may represent.
- The data which is used by security professionals to make decisions and recommendations must be given a second look. Increasingly this should be the use of a mixture of qualitative, quantitative and proprietary information which can help professional in other parts of organizations improve their understanding and trust around security risks.