Corporate Security Risk Management is a process to protect a company’s tangible and intangible assets from predictable and unexpected security events through preventive as well as corrective actions. A company’s tangible assets are its employees, building, infrastructure, supply chain, business travelers, business collaborators and customers. A company’s intangible assets include the company reputation, intellectual property rights, goodwill and brand equity. Company assets always need protection.
Having dealt with the ”what” aspect of corporate security risk management, we now need to understand the “how” aspect of it, that is, how to protect the assets of a company. Essentially it requires a good risk management plan, including a mechanism to assess the risk to its assets, developing and well-trained staffing, well-organized teams, establishing response protocols and report templates, designing record-keeping policies, staging post-incident reviews, and maintaining monitoring programs and the like. Although the detail in corporate security risk management can be an entire article in itself, we will focus on the aspect of “Intelligent Information”.
Simply defined, intelligent information in corporate security risk management is the real time manual and automated monitoring and analysis of impact-worthy security, safety and threat-related events and communications. The below incidents illustrate how intelligent information and assessment combined with timely communication could have possibly avoided damage to corporate assets.
MH17 Malaysia Airlines plane crash in Ukraine
Flight MH17 from Amsterdam to Kuala Lumpur was travelling over the conflict-hit region in eastern Ukraine, close to the border with Russia, when it crashed on July 17, 2014. One cannot deny the reality that the flight was passing over an area which has been impacted by severe violence over a period of time. Fighters from both sides in the region were also equipped with surface to air missiles. There were also previous reports of military aircraft being targeted during the recent bouts of fighting. Correlating this information could have led to a kind of forecasting that even commercial flights could be the victim of intended or unintended attacks. It is presumed that aviation industry leaders were aware of such possible threats but probably ignored it given the larger cost involved in diverting the flight routes. However, short-sighted thinking may very well have contributed to a crash and loss of human life that far outweighs the business cost calculation. In looking at this situation, it is reasonable to see that the deployment of dedicated Subject Matter Intelligence Analysts who can provide timely actionable intelligence to the right leadership within this industry may be a value-added cost.
General Motors Ignition Switch Issue
There were reports that Detroit-based GM was aware of the of faulty ignition switches on Chevrolet Cobalts and other small cars for more than a decade, but it did not recall them until 2014. To recall, the problem was related to some of the switches that were slipping out of the “on” position, causing the vehicles to stall, knocking out power steering and turning off the air bags. This situation caused the reputation of the company to be called into question and damage to its brand as the investigation related to the loss of human life unfolded. Timely monitoring of developments and actionable intelligence provided to appropriate leadership is the key to protecting company assets, including brand value.
Mumbai Terror Strike
Another incident for our analysis could be the Mumbai terror strike in India during November 26-29, 2008. There were reports alleging that despite the federal government receiving a series of intelligence alerts since 2006, indicating that the terror group Lashkar-e-Taiba (LeT) was planning sea-borne commando attacks on several Indian targets including luxury hotels in Mumbai, increasing the local police presence or strengthening sea patrolling and the like were not given the desired importance by the government. Authorities also reportedly ignored press reports that a suspected LeT vessel with terrorists on board was intercepted in March 2007 off the Mumbai coast. Besides this, other incidents took place in Kabul’s Serena Hotel in January 2008 and Islamabad‘s Marriot Hotel in September 2008. Putting the right information in correct perspective is essential. Had the hospitality industry been specifically made aware of such precise intelligent information, they may have been able to take preventive actions to lessen the catastrophe.
Monsoon related disruptions occur in many parts of the globe. The impact of a monsoon brings a rise in vector-borne and other water-borne infections. Flooding, transport and supply-chain disruptions are very common occurrences for companies operating in monsoon-prone countries. The aftermath of a monsoon can also bring forth a shortage in the labor force. Given such scenarios, planning is important. For instance, if external construction work needs to be completed, this must be done prior to the monsoon season to avoid delays and cost implications from storms and the potential of labor shortages. Companies also encounter increased absences in monsoon-prone areas as a result of monsoon activity. Higher absenteeism can impact productivity and increase security risks as some of the staffing shortage can be realized in security personnel. It is also prudent to undertake a health and sanitation audit of cafeteria service providers and food vendors in companies ahead of the monsoon.This preparation to reduce risk can only be possible when leadership within the organization is provided with the right information to aid in their decision making.
Upon the World Health Organization’s announcement on August 2014 of an international public health emergency for an Ebola outbreak, companies operating in the most impacted regions or employees traveling for business purposes in the impacted regions are under severe strain with an increased risk of contracting the virus. The risk mitigating solution does not lie in reducing business operations or restricting business travel. What is actually needed to address the risk is the right information gathering, timely identification of the disease and the impacted location, intelligent preventive and corrective actions, and timely alerting to appropriate parties in the company. With Ebola specifically, business leaders need to understand that transmission requires direct contact with blood, secretions, organs, or other body fluids of infected living or dead persons or animals. In a report published by Lockton’s International Risk Management Team on handling the Ebola situation, it was advised that “By staying informed on the latest developments, developing or activating contingency plans, educating employees to prevent the spread and infection of the disease as no full-proof vaccine is currently available , and using available insurance to mitigate the cost and complex logistics associated with evacuating an employee or providing emergency care, companies can reduce the impact of this outbreak.”
9/11 Terror Attacks in U.S.
Various media reports including the findings of the National Commission on Terrorist Attacks Upon the United States indicate that the information about key terrorists of the September 11, 2001 plot in the US. was already at the possession of the U.S. government prior to the attacks, and those terrorists were closely connected with each other in some form. Had the government acted on available leads when they were identified, the situation may very well have been different. There is data available in the U.S. pertaining to a number of foreigners applying to attend flight training schools there as part of their subversive planning. Based on this information, a model can be created that collects data on all of the future applicants to U.S. flight schools to ascertain whether any of them are foreigners, or share other characteristics. The aviation industry can benefit if it accepts the help of intelligence analyst who can connect the dots and based on the trends can predict.
Kidnapping for Ransom
Although accurate statistics are difficult to obtain, estimates indicate there are anywhere from 12,500 to 25,000 kidnappings a year globally, while many more cases go unreported. The kidnap for ransom incidents that had mainly been confined to Latin America in the last century have spread to other parts of the world including Africa, South Asia, Russia, and the Middle East. There have been several instances of corporate executives being kidnapped by Leftist rebels in rural areas of Colombia, Ecuador and Venezuela and by criminal gangs in Mexico, Guatemala, El Salvador, Honduras, Haiti, Brazil, and elsewhere in Latin America. Also there have been incidents of tribal gangs kidnapping multinational executives in Nigeria or the existence of protection racket syndicates in Russia and Eastern Europe. Islamic militants in the name of Jihad or to make a quick buck have also targeted business executives in the past. The gruesome beheading of freelance American journalist James Foley by a henchman affiliated with Islamic State in Iraq amplifies the concern. As the frequency of business executives traveling to high risk destinations has increased, so has the risk that they will be targeted by kidnappers.” In situations where the safety of travelers may be threatened, generally at short notice, it is essential that companies should keep trending security information always in mind and sensitize executives through pre-trip advice, safety check calls, location safety videos, and other risk mitigating measures. Especially when travelling to the destinations discussed. It is the intelligence analyst who can guide the organization to have relationships with a trusted service provider who can handle kidnapping situations involving clients if the need arises.
Companies often get surprised when they encounter security situations and regret ignoring possible warning signs. It is prudent for companies to establish dedicated resources that can generate intelligence out of hordes of information and make leadership aware of the risks associated with different scenarios. In the present world of information overload, the ability to quickly analyze and determine linkages between variables—pattern analysis—is the key to mitigating risk. Pattern analysis methods include statistical analysis to locational and geographical analysis, socio-cultural and political analysis, and more.
Certain sections of corporate security leaders argue that complete reliance on human capability can be expensive, labor intensive, and may lack in generating quality intelligence products on a consistent basis. They have been championing the cause of outsourcing a technology-driven intelligence platform which could significantly augment the capacity of dedicated intelligent analyst resources.
Technology-Driven Information Intelligence Platform-
Let us understand the efficacies of such a platform. There have arisen of late, several non-financial security risk management companies that are in the business of providing risk monitoring, identification, assessment, mitigation, and communication planning for corporate travelers, expatriates, and their security managers. They offer technology-driven intelligent analysis solutions for corporate clients. The technology not only provides timely automated and manual security information from across the globe but also provides quality analysis with predictive intelligence using visual representation and data science techniques of semantic, geo-spatial, data mining & forensic, and opinion mining analysis and timely dissemination of information in the form of instant alerts.
Through this single technological solution, service providers can track a client’s travelling executives, mobile and fixed assets, and carry out route planning, information gathering, analysis, and dissemination. In crisis situations, this platform can help security managers to identify temporary risk-free alternative operations sites or safe hotels, nearest fire offices, police stations, hospitals, etc. that are accessible and optimal to maintain critical business functions and ensure employee safety.
Some platforms, along with the above-mentioned services, are also capable of social media monitoring and analysis to bring popular sentiment closer to business intelligence. This web intelligence platform decreases the cost to produce intelligence, increases speed to refine this information, and improves analyst abilities to forecast. Broadly, such platforms allow heads of corporate security operations to evaluate information and intelligence, threats and overall risk in a centralized location, and view all the bits and pieces through a single lens, thereby helping in pro-active decision-making.
There are two broad ways of gathering and analysis of security information (a), open sources including that of print, broadcast, online media and internal sources including security consultants across the globe, service providers, internal and external subject matter experts (SMEs). No doubt, some confidential and classified intelligence can be available at the apex level of government authorities but day to day corporate business operations largely depend on information available in open sources.
Dedicated analysts using the platform discussed above are able to constantly scan thousands of web resources available in the public domain like that of news publications, blogs, social networking sites, financial databases, government websites, and much more. The scanning helps to identify text references to entities and events, and to be able to predict the likely occurrence of events and actionable insights. Additionally, use of the internal sources on the top of any prediction and assessment enhances the credibility of preventive and corrective actions.
Quick pattern analysis combined with sophisticated communication modules of the platform enhances the effectiveness of the delivery of intelligent information. Besides, the same platform’s ability to visualize the information in a simple manner using visualization tools like networks, word clouds, location markers, and theme bubbles help the analyst to present the input to leadership quickly and efficiently.
Companies should have a strategic approach to information gathering, analysis and dissemination. It will be an uphill task for organizations to gather desired intelligence without putting in place a robust information collection capability. Effective information gathering necessitates dealing with appropriate sources of information. If companies do not have a robust mechanism to analyze information correctly, it is likely that there will be information overload and confusion in prioritizing information and subsequent risks. Today, reputable companies, through their security risk management team, are adopting proactive, preventive, and reactive or corrective communication strategies for their employees, business leaders and clients, while engaging technical tools with visualization capability required for timely efficient and effective delivery and responses.
Disruptive activities cannot be predicted with certainty, but the possibility of damage remains very low, especially if proper precautions are taken through real time information and associated preventive and corrective actions. In the changing dynamics of the corporate world, the model of new security risk management leader needs a judicious mix of business leader and intelligence analyst.
Photo credit: Pixabay