How to Anticipate Pandemic-Influenced Risk Developments
Security directors have long been the masters of recording and reporting data: numbers of incidents, resolved incidents, visitor credentials, trainings, security checks performed, thefts, and so forth. As measures of the past, these are lagging indicators. Combine them with experience (aka, gut feel), and perhaps some industry guidelines or best practices, and they can be useful tools to help secure facilities and the people who work, live, or use them. But if security directors want to take the next step in driving value in their organizations, they need to look for different data sources. They need leading indicators.
According to Marco Leijnse, who leads the North American enterprise security risk management, security program development and implementation, and security master planning and design practice for Control Risks, leading indicators enable security directors to see the risk landscape as its first developing. And as organizations deal with all the uncertainties surrounding the COVID-19 pandemic, it’s never been more important.
“Forward-looking risk management is where you offer the most value,” Leijnse says. “Leading indicators are predictive in nature and allow you to put preventive measures in place to protect an organization’s assets.” Leijnse adds that with the increased role security has as part of the crisis management team, pivoting to a more strategic role now can help solidify security’s standing in leadership post-crisis.
So where does security turn to find leading indicators that can help their organizations as this crisis continues to unfold?
One area is in health-related data sources. The biggest disruptions have been closures. Many parts of the world are in various stages of reopening stores and facilities. It’s possible that as regional pockets of infection occur, that places may need to close again to contain outbreaks. Unfortunately, with its asymptomatic spread potential, the number of COVID-19 positive tests is not much of a leading indicator in terms of possible interventions an organization might use to protect its workforce.
One possible leading indicator tool, at least in the United States, is Facebook’s COVID-19 Interactive Map & Dashboard, which shows the number of people with COVID-19-like symptoms at a county level. In addition, Google’s Community Mobility Reports, which provide mobility breakdowns for every country, could indicate places where outbreaks are more likely if the virus is introduced. Finally, contact-tracing apps could also provide leading indicator data; although there is no public-facing aggregate data yet, and there may never be from this source.
Leijnse notes that in addition to health indicators that may provide insight into possible government interventions, there are other, more traditional security functions to monitor. One is the potential for workplace violence. “Security leaders have to help the organization figure out how it can deliver on its duty of care responsibility,” he says. “Remember, it’s about addressing reasonable, foreseeable risks.” Leijnse says the potential for workplace violence is heightened as people emerge from lockdown situations. As for leading indicators that could possibly portend an environment where workplace violence is more likely, Leijnse suggested such things as alcohol sales, use of employee counseling services, and reports of domestic violence.
Yet another traditional security area to monitor is the potential for the pandemic, and resulting economic distress, to cause civil unrest. ASIS has pointed to this danger several times (access this article and this podcast). Catalysts for these kinds of events can be shortages of goods, discontent of or rebellion against government policies or actions, and groups seeking to use the crisis as an opportunity to increase their power or influence. Security leaders should be on the lookout for these catalysts in areas of strategic importance to the organization, whether that’s facilities they run or important links in their supply chains.
“When instances of unrest occur, you need to figure out first if the protests are directed at your organization,” says Leijnse. “Next, you want to look at how the event can impact your employees and other assets. You may need to act to strengthen your perimeter, or you may need to assess whether or not your employees can safely travel to and from work.” He notes that using any leading indicators that may be a harbinger of unrest that might affect your organization can provide that critical moment of preparation that can help mitigate negative impacts.
Security brings value when it is anticipating how unfolding events could affect the organization. “A high-functioning security team emphasizes its role in risk management, which is identifying security risks to critical assets and developing risk mitigation plans,” Leijnse says. “Crisis management is keeping the impact to a minimum, and I think what we are seeing with COVID is that these areas are blended. As we look forward to a recovery phase, it’s important to look forward and continue to take a risk-based approach.”