With supply chain disruption, civil unrest, gun violence, global pandemics, catastrophic weather, war, inflation, and fear of recession, we are in a new era of risk. Organizations have never faced a more severe or uncertain threat environment. Business leaders need to stop asking questions when they face a crisis and prepare WHEN.
Most businesses are already doing this in the area of cybersecurity – which they see as the top business risk, according to new data from PwC’s Pulse Survey.
Today, CEOs must apply the same rigor to physical security as they do to cybersecurity. Business leaders must implement new operational strategies and develop new skills to protect their organizations. Specifically, this means creating new risk frameworks and implementing crisis plans to protect their organizations proactively. In short: Prepare now, or be caught unawares when the next crisis hits.
The threats are increasing
Leaders should start by assessing the current risk landscape and identifying the threats most likely to affect their business – especially if those threats rise to unprecedented levels. My company’s Global Risk Impact report provides a glimpse of the threat environment today.
For example, we found that in the US, two of the three most common risk events are related to murders and gun violence. The rate of growth in other categories is also high: From mid-2020 to mid-2022, threats related to transportation increased by 179%, fire threats increased by 150%, infrastructure risks and technology jumped 142%, and the risk of severe weather grew 61%.
Not only are threats occurring with greater frequency, they are also becoming more expensive. The National Oceanic and Atmospheric Administration reported that weather and climate disasters have caused billions of dollars in damages and countless hours of downtime – levels not seen since 1980. Most recently, the destruction of Hurricane Ian cost approx. $67 billion.
Executives have a fiduciary responsibility to ensure that their organizations are prepared to respond to events that occur in real time and that employees are safe. Unfortunately, according to PwCless than a third of leaders prepare for supply chain bottlenecks, extreme weather events, critical infrastructure attacks, and public health crises — all of which derail many businesses for the past few years and continues to do so.
The case for prioritizing physical security
Protecting an organization’s people, places, or assets from physical threats is often overlooked, and physical risk mitigation is often under-resourced. But the consequences of physical threats are dire. These include unplanned downtime, product loss, customer attrition, brand reputation damage, vendor or supplier relationship breakdown, and loss of investor confidence. The risks may even involve personal injury or loss of life.
At a time when the national discourse remains focused on a possible recession, many businesses are taking another look at their P&Ls. As they consider current budgets and possible future expenses, the investment in physical security is likely to be questioned. But threats to physical assets do not stop because of an economic downturn. The storm approaching your coastal HQ doesn’t care that there’s a recession.
It helps to view the physical security investment as more than just a cost center. Instead, it can be a strategic advantage. Companies that proactively deal with uncertainty create a culture that is more agile and resilient in all circumstances, according to PwC. With this in mind, business leaders who proactively respond to physical threats can not only make their employees and operations safer, they can make their company more resilient to recessions and able to outperform unprepared competitors.
Understanding dynamic risk
Another aspect of creating organizational resilience is the ability to see dynamic risk: the possibility that one crisis may escalate into another. When organizations fail to account for ongoing threats, crises can lead to unexpected costs or damage. Let’s look at some examples.
In 2021, when the large container ship Ever Given ran aground and blocked the Suez Canal for six days, there was a clear impact on the ship, its owners, and the normal functioning of the canal. However, if there is a significant impact on a major road in the global supply chain, the effects go far beyond the canal and the ship itself. Because of this event, there is global effects where some companies and markets are still recovering more than a year later.
On a smaller scale, a grocery store franchise in the US dealing with flooding issues in one of their stores. This created cascading effects: There was excess water in the store and flood damage to the store itself, but the water also destroyed the inventory. Therefore, the unexpected cost of fixing the leak and the store increased because the store also lost revenue.
These examples highlight the importance of proactive planning. Business leaders should collaborate with stakeholders to regularly assess the main threats to their organizations. This may include analyzing historical events in employee communities, crises faced by similar organizations, or increased threats in certain geographies. It is important to get as granular in the analysis as possible. Stakeholders can then see the various impacts that have occurred, both direct and indirect, as a result of a particular threat.
When a threat occurs, business leaders have a dual obligation: First to take care of their people, then take care of their operations.
Plan now to avoid pain later
To ensure that your company remains strong during a crisis, adequate preparation is paramount. Every employee needs to trust that every person, from leadership to entry level, knows what to do in the event of a crisis.
First, try to determine which physical hazards are most important to your operations. Identify the five biggest threats to the organization and then rank them based on severity and likelihood. These risks are dictated by the company’s industry and the complexity of the operation. For example, if you are a trucking company or distributor, a tornado or heavy snow storm that affects warehouses and major highways may be at the top of your list. If your company is headquartered in Los Angeles, wildfires can be a priority. If you are a manufacturer or financial company with call centers or factories in the Philippines, you should consider prioritizing severe weather, protests, or even landslides in the area. Identifying these threats provides a framework within which businesses can analyze threats cross functionally — that is, account for how a threat may affect different parts of the business in different ways. way.
After you’ve assessed potential threats, it’s time to create a risk mitigation plan. Your plan may include roles and responsibilities during a crisis, travel protocols, and communication procedures. The plan should also emphasize the alignment of crisis response to reduce confusion when a threat occurs and consider all possible impacts of the threat across the enterprise. Although risk mitigation plans should involve stakeholders from multiple departments, there should be one person with clear ownership of physical security, with an easy way to monitor threats. as it happens. After you identify this team member, create a reporting structure to minimize confusion about who is in charge if a threat becomes real.
The plans should also include the formation of crisis management teams. These individuals must be able to communicate where to go, what to say, and what to do if certain events occur during the threat. To help crisis management teams act quickly in a crisis, business leaders may also want to remove procedural friction points so that an emergency response can be streamlined. This could mean, for example, providing quick access to emergency funds or preauthorizing overtime for employees.
Remember to regularly update mitigation plans as risks unfold and make those plans accessible throughout the company. It may help to implement a tech solution that can process new risk data faster and help ensure plans remain current and relevant. In addition, AI can help automate updates and minimize errors in the face of a crisis. It can detect threats by processing millions of data points, so organizations can make smart, quick decisions when every minute counts.
Also, remember that practice makes perfect. In preparing for a crisis, it is important to run tabletop exercises to practice responses. This ensures that plans work and stakeholders are prepared in the event of a real event.
After a crisis, debrief and hear from all stakeholders about their experience. This will help avoid possible mistakes in the future. It is also important to remember that work operations may need to change for a period after the threat, giving people time to recover and return to work. This will show employees that their welfare is the company’s top priority.
Benefit from organizational stability
It is impossible to avoid all risks. But businesses can use organizational structures, processes, and technologies to create organizational resilience in the face of unprecedented threats. According to a study from Bain, successful companies find profitability even in the midst of an economic downturn. In other words, achieving stability actually creates a return.