Skip to content

Photo by iStock

Six Steps for Incident Prevention Amid Growing Physical Threats

With companies evaluating return to office plans, vaccinations slowing across America, terrorist attacks occurring in France and Austria, gun sales spiking, and mass shootings and homicides stacking up, business leaders and physical security teams need to prioritize protective intelligence in order to proactively identify, assess, and mitigate harmful threats.

The challenge for many CSOs is convincing management that the threat landscape is different today than before the pandemic struck. Psychologically, executives will want to believe that things will go back to normal, but COVID-19 has changed that for the foreseeable future. Due to our new period of heightened tension, divisiveness, and rage, as well as mental health concerns due to the lockdowns, stretched law enforcement resources around the United States also pose challenges for corporate security. In the life-safety space, one never wants to react to a threat if instead you can be proactive. A comprehensive protective intelligence solution is needed to help protect executives, the workforce, company property, assets, and the brand.

Here are six steps every organization should take to ensure they are in the best position possible to mitigate the risk of a major security incident.

Have an Incident Response Plan in Place and Test It

Nobody likes to think that bad things could happen in the workplace (especially the C-suite). But you need to gameboard potential scenarios. This should be a detailed plan that includes “if/then” or “what/if” scenarios of threats, as well as any employees who may be involved in responding should a crisis occur. Having this plan in place will allow you to mitigate the impact of an incident with a quick and effective response, with all employees playing their parts.

While the first aspect of this is creating the response plan and having it in place, it is useless if your key stakeholders don’t understand how to execute it quickly and effectively. Therefore, all relevant stakeholders—C-suite, HR, legal, security—need to know exactly when, where, and what they should be doing in the event of a crisis. This requires running thorough test scenarios and addressing potential situations that could occur, allowing organizations to iron out the kinks and be ready to act should a threat materialize.

Detail an Audit Trail

Who did what and when is critical if a physical security threat should surface and turn into a crisis. You will want to ensure you have your company’s safety and compliance efforts detailed and accounted for in an audit trail. Technology can help. Assuming it is properly maintained on a consistent basis and all actions are accounted for, the audit trail could be used as an insurance policy should your company’s actions ever come into question.

An audit trail that is developed in collaboration with legal, compliance, HR, cybersecurity, and physical security, reduces company liability as it can illustrate that the organization operated in the best interest of its employees to maintain their safety.

Use Technology to See Around Corners

Technology can be your best friend in preventing physical threats from manifesting if used appropriately. Implementing an automated, always on, data-driven software platform that structures physical threat intelligence in a way that is beneficial to security teams is key, freeing up personnel to perform more nuanced tasks and essential decision making.

In the past, security teams have had to rely on disparate feeds, logging onto multiple platforms such as social channels, Dark Web, news sites, and company records to collect and try to connect patterns in intelligence. With a platform that can provide a single holistic view of your organization’s threat landscape, security leaders can more easily identify physical threats to the organization and stop them before they occur, saving enormous amounts of time and money.

Identify Known and Unknown Physical Threats

Baseline and living threat assessments are critical. Baseline threat assessments are foundational tools that protective intelligence teams use to establish the threat posed to a specific person, company, event, or facility. These are responsive, living documents that reflect changes in the potential target’s situation and environment. The living document is constantly changing, whereas the baseline is the center of gravity.

In order to be effective at stopping physical threats, you need to understand what types of threats you face. Is it the anniversary of the termination of a disgruntled employee who could endanger a current employee? Are there protests or activist movements happening near your office locations that could potentially cause building damage? Do you have a clear understanding of the vendors with which you work and how their actions may affect your brand? Are there concerning conversations happening on social media or the Dark Web that may indicate an attack is being planned? These are the types of questions corporate security teams should be asking and adding to their living threat assessment when trying to get ahead of the potential threats they could face.

Couple this with technology that consolidates data feeds, and it becomes easier to understand and identify the unknown threats as well.

Investigate and Assess

Knowledge is key. With a better understanding of the organization’s physical threat landscape and the ability to make connections regarding key pieces of intelligence, it becomes much easier to investigate whether a threat may come to fruition.

Large global enterprises may face multiple threats a day, but not every physical threat is a risk to the company at a certain moment in time. Security teams must be able to prioritize these threats and assess them with a formal methodology in place to mitigate risk to their business. This can involve identifying concerning behaviors or pre-incident indicators early to better understand potential outcomes and how you might address them. Indicators could range from activity on social media or online forums, time and distance variables to a target location, having a history of mental illness, or having a record of criminal activities. With this understanding, it becomes easier to prioritize threats, make an informed decision about how to handle an incident, or prevent disruption from occurring.

Automate Alerts and Notifications

While it may seem obvious, security teams are often running from task to task, putting out hundreds of little fires.

While it is necessary to have security personnel in operation centers, it is not ideal to have them constantly monitoring several screens waiting for something to happen when there are other tasks that require human assessment. Having a technological system in place that will free up personnel while also providing custom notifications based on the business’s physical needs, geography, supply chain, and global footprint is essential for teams to act quickly to prevent a crisis or respond to one. Furthermore, security teams are often mobile, on patrol, traveling with executives, or addressing situations across an organization’s property, therefore teams need to receive these alerts wherever they may be so that the right people can be notified in the event of a harmful scenario unfolding.


Fred Burton is one of the world’s foremost authorities on protective intelligence, security, and counterterrorism. As executive director of the Ontic Center for Protective Intelligence, he spearheads strategic consulting to physical security leaders at major corporations, advising how to optimize their security programs, streamline protective intelligence initiatives, and keep their people safe. Burton previously served as Chief Security Officer at Stratfor, was a former police officer, special agent with the U.S. Diplomatic Security Service (DSS), and New York Times best-selling author.