Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceFire & Life SafetyPhysical Security

Enterprise Services

People risk management and operational resiliency

Mitigating insider threat in any enterprise calls for the right tools and a nearly 360-degree view of risk.

By Nada Marjanovich, Bruce McIndoe
risk in security

skynesher / E+ via Getty Images

February 9, 2022

Ask security leaders or senior managers what they worry about most, and the answer will probably be “people.” This will be all the more true this year, as the root of those worries becomes amplified by the risks posed not just to our people, but from them to the organization as well.

Operational resiliency (OR) is an organization’s ability to navigate and thrive through myriad challenges that threaten organizational objectives. Achieving OR is not an endgame, but a journey. People are the solution to achieving it, but they also are its biggest obstacle. 

An “insider threat” is generally regarded as any threat that an employee or contractor poses to the organization, whether wittingly or not, by leveraging unique knowledge or access to practices, data or systems. While insider threat is usually considered to be related to cybersecurity, the concept is just as relevant when applied to other asset categories. Because the potential for insider threat is rapidly increasing, an integrated, cross-functional team is key when developing a framework for protecting the organization’s people, resources, profits, objectives and assets. 

Let’s consider the most likely ways organizations can be impacted by threats from their own people in 2022.



MENTAL HEALTH WELLNESS

Threats: Absenteeism, Impeded Productivity, Employee Turnover

Solutions: Foster a positive, supportive work environment and proactively sense behaviors.

Teams required: HR, EHS, Legal, Security



Roughly 23% of American adults reported experiencing mental health issues in 2020, according to Mental Health America. This was reported to be a 40% increase over 2019. Anxiety and depression increased 93%. For most Americans, 2021 was just as challenging as the previous year, if not more, and employees are bringing those stresses back to the workplace with them.

Many companies have seen success with mental wellness programs or similar initiatives that normalize the discussion surrounding mental health. Often, these programs leverage existing benefits — like employee assistance program (EAP) hotlines, team building, events and positive messaging — that cost the company little incremental budget but bring a considerable return in employee safety, productivity and retention. One example is Jacobs Engineering, which invested $2 million in these programs in 2019 and reported a return of more than $8 million in improved health and productivity of their workforces. 



ACTIVE THREAT AND WORKPLACE VIOLENCE

Threats: Irreparable Danger to Lives, Safety, Objectives and Reputations

Solution: Prepare for the worst when it comes to workplace violence.

Teams required: Sites/Facilities, HR, Police or Law Enforcement, Security



The motivations may be personal, political or professional in nature, and the targets can be an individual or a group and be triggered by an event or simply a perception, but active shooter situations or threats and workplace violence can derive from employees carrying out their grievances at the workplace. Often, active shooters exhibit a noticeable change of behavior in the weeks beforehand, and some have told at least one person of their plans. Thus, there may be some hints for detecting the potential for an active shooter event.

That’s why many organizations are finding the best course of action is to foster an environment that is proactive rather than reactive. Mental wellness programs, like those noted above, are a start. Other effective measures include better communication on the issue and repeated training. According to Gun Violence Archive, there were 693 mass shootings and 44,828 gun violence deaths in the United States in 2021. Every one of these incidents opens the door to messaging from management that encourages employees to seek support during these increasingly stressful times.

Active threat response training led by local law enforcement is also crucial. When the Oxford High School shooting happened in Michigan in November 2021, the students and faculty were trained in life-saving measures and many knew what to do (barricade themselves in classrooms, hide and jump out of windows when appropriate). “The

school made sure that we knew where to go, who to call and how to act…If we didn’t have this [active shooter] training I don’t know what would have happened,” Eva Grondin, a 15-year-old sophomore, told the New York Times.

Similar to repeated fire drills, these scenarios should be practiced two to three times per year to ensure everyone understands the “avoid, deny, defend” actions that are their best path to safety.



CYBERATTACKS

Threats: Fraud, Theft, Espionage, Sabotage

Solutions: Increased sensing and threat detection and an advanced understanding of objectives and vulnerabilities can prevent cyberattacks.

Teams required: IT, Security, R&D, HR, Sales, Finance, Supply/Logistics



Cyber threats have become so pervasive that it is almost impossible to measure the actual impact. Experts anticipated the global cost of cybercrime to be $6 trillion for 2021, and that doesn’t include attacks that go unreported or have yet to be calculated. For U.S. companies, IBM Security and Ponemon Institute issued a joint report indicating the average cost of a breach to be about $4.2 million. There are also the insurance increases, reputational damage, ramifications with consumers and other stakeholders, long-term loss of competitive advantages when sabotage and copycats occur and countless other ripple effects. According to a Verizon report published last year, 60% of small- and medium-sized businesses close permanently within six months of a cyber incident. There is also, of course, the harm caused to individuals when their personal information is stolen.

Though IT cannot be expected to have a crystal ball — and the bad actors are becoming more sophisticated and better funded — there are ways to ensure security teams are better equipped. Educating staff, conducting audits and fighting technology with technology are the foundation. Employing integrated teams that federate data on changes in policy, new initiatives and objectives give IT and cybersecurity teams a more robust understanding of where future vulnerabilities may happen so they can take more proactive measures. These can be small, such as enforcing firewalls as part of work-from-home standards, or go deeper, such as holding vendors and third parties to a higher standard to protect the organization’s secrets, whether past, present or future. 



SUPPLY CHAIN

Threats: Fraud, Theft, Disruption

Solutions: Investing in technology and threat intelligence can secure supply chains.

Teams required: Logistics/Supply, R&D, Sales, Security



The global supply chain teetered on the brink of collapse for the better part of 2021 — and, in fact, did fail more than once last year — and 2022 stands to be no better. Most of the threats to supply chains that made the headlines focused on worker shortages, changes in consumer demand patterns and disasters. However, the risks start well before the product is distributed, and the threats cascade well before it arrives to its destination.

Deloitte’s CFO Signals Quarterly surveyed CFOs from nearly 100 firms that report $1 billion or more in annual sales. According to Bloomberg, 44% of those CFOs questioned said that the disruptions increased costs by 5% or more; and 32% of those same CFOs indicated that sales fell due to delays and other shortages. In addition, CNBC reported that China’s “industrial activity rose less than expected in September,” falling short of Reuters projections by about 1.4% for that period. This combination amounts to myriad impacts, with the most significant being a shift in sourcing that will temporarily alleviate bottlenecks in some regions before causing them in others. Additional vulnerabilities are sure to follow, creating new and unforeseeable instabilities.

Empowering a supply chain takes more than investing in the right technology and keeping a diversified pool of suppliers. Natural disasters, political instability, civil unrest and climate change are making it harder to procure goods and materials at the source. Understanding the geopolitical landscape that influences regions is crucial to gauging what may go wrong and instituting the redundancies to get ahead of them.

Threat actors, who are increasingly government-backed, are casting a wide net that targets governments, think tanks and public and private companies through malicious tradecraft, and supply is a casualty. This means thousands of entities are compromised whether or not they and/or their suppliers are the primary target. Most directly, the increased negativity among individuals can foster a breeding ground for insider threat that can result in theft, sabotage and worse.

COVID-19 will continue to add complications to organizations as well as create further access points for insider threats. The aim for companies of all sizes to achieve OR is a good start. Those who take it a step further to employ frameworks that continuously monitor, learn and adapt are moving toward a 360-degree view of risk, one we like to call agile operational resiliency. To get there, it takes the right tools used by a multi-functional team of stakeholders sharing knowledge and working together.


KEYWORDS: employee safety enterprise security insider threats risk management workplace violence

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Author1

Nada Marjanovich is a Partner in McIndoe Risk Advisory, LLC. The firm guides enterprises on the journey to achieving agile operational resiliency by developing strategic frameworks for people risk management that focus on protecting assets and operational priorities. Image courtesy of Marjanovich

Author2

Bruce McIndoe is Partner in McIndoe Risk Advisory, LLC, and a recognized leader in risk management, technology and intelligence. Image courtesy of McIndoe

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Resiliency

    How to Add Resiliency to Your Risk Management Strategy

    See More
  • disaster

    Situational Intelligence: The Foundation of a Risk and Resiliency Management Strategy

    See More
  • man at subway

    A new era of travel risk management

    See More

Related Products

See More Products
  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!