Geopolitical and Economic Headwinds Force CEOs to Rethink Long-Term Strategies
It’s not looking good for static business models. According to PwC’s 26th Annual Global CEO Survey, 39 percent of global CEOs believe their organization will no longer be economically viable in 10 years—unless it significantly changes course. This pattern is consistent across sectors, including technology, telecommunications, healthcare, and manufacturing. No sector seems immune to the rapid changes affecting global economies and operations.
So, what does this change mean for security?
“Corporate security is a function of the business, and like any function, it should be concerned with commercial strategy and the priorities of the C-suite,” says Rachel Briggs, OBE, CEO of research firm The Clarity Factory. “It’s vital that CSOs, like all senior leaders, are servants of the business—not their profession. Yes, they have skills to bring to bear and deserve respect as subject matter experts, but ultimately decisions about risk lie with the C-suite.”
Half or more of CEOs in the PwC survey said that changing customer preferences, regulatory change, skills shortages, and technology disruptions are most likely to impact their industry’s profitability in the next decade. More than 40 percent also flagged supply chain disruptions as a large potential influence.
“Underlying these figures, we believe, is consciousness among today’s leaders that we are living through extraordinary times, with five broad megatrends—climate change, technological disruption, demographic shifts, a fracturing world, and social instability—reshaping the business environment,” the PwC report noted. “Although none of these forces is new, their scope, impact, and interdependence are growing, with varied magnitude across industries and geographies.”
The impacts of climate change are looming large for many CEOs. In the next 12 months, a majority of CEOs expect to see a climate-related hit to their cost profiles and supply chains.
Economic factors are also weighing on CEOs’ minds. Nearly three-quarters of PwC survey respondents predicted that global economic growth will decline over the next 12 months, dramatically reversing the optimism from 2022, when 77 percent of respondents anticipated improvement.
“Last year’s optimism, reflecting hope that economic conditions would continue improving as the global pandemic eased, was dashed in 2022 by shocks such as Europe’s largest land war since World War II, knock-on effects like surging energy and commodity prices, and accelerating general wage and price inflation,” the report said.
Briggs notes that security professionals are battling similar headwinds, and they will need to change gears to succeed.
“Companies are going through one of the most consequential periods of change any of us has experienced; geopolitics is back on the boardroom agenda and impacting everything from supply chains to operational resilience and leading some to de-globalize their firms to withstand these risks; data is considered by 60 percent of senior leaders as the most important driver of growth; new technologies, including AI and generative AI, are revolutionizing how we work and who does the work; and post-pandemic work patterns have fundamentally changed our approach to work, place, and home,” says Briggs, who is wrapping up an in-depth research project into the business value of corporate security.
“The corporate winners over the next decade will be those companies that can pivot and change. Corporate security—like all functions—does not operate in a vacuum,” she continues. “CSOs must adopt an innovation mindset, be ready to adapt, embrace technology, and avoid be wedded to processes simply because ‘that’s how we’ve always done it.’ Corporate relevance relies on being in sync with the business. Some corporate security functions are adapting well, but some lag behind, afraid to embrace technology and reluctant to change the ways they work. They will find themselves less and less relevant if they continue to adopt this posture.”
However, she adds, “Much of what corporate security does and always has done remains relevant—this isn’t about throwing out everything and starting again. I’d point to two things as being especially important. First, diversity of talent—we know this is correlated to better productivity, higher levels of innovation, and enhanced decision making. It’s a no-brainer to ensure your talent strategy prioritizes diversity in all its guises—I can’t remember a time when productivity, innovation, and decision making are more important than now. Second, technology. Too many corporate security functions remain a largely analog function. Not only does this mean processes take longer to complete, it also means these functions can’t make best use of their data. Ultimately, corporate security functions should be seamlessly and automatically be sharing data with colleagues in supply chain, M&A, ESG; but first they need to get their own data sources aligned within the function. Shared data will be the thing that brings ultimate business value add.”
Without bringing measurable value to the organization, security functions might find themselves in the budgetary crosshairs. CEOs are taking action to cut costs and spur growth in the near-term, the PwC report found. More than half of CEOs said they are already cutting costs, 19 percent are implementing hiring freezes, and 16 percent are reducing the size of their workforce. However, those headcount changes are significantly less drastic than PwC noted during the economic downturn of 2008.
CEOs are also taking a close look at contingency planning, resilience, and antifragility as geopolitical risks are on the rise. In response to geopolitical conflict, 46 percent of PwC survey respondents are adjusting their supply chains or adjusting their presence in current markets/expanding into new markets. More than 40 percent are diversifying their products and services. But some are relocating—10 percent indicated they were shifting their workforce’s location in response to geopolitical risks, and 9 percent said they were relocating physical assets.
“Senior executives are worried about the geopolitical situation—Russia/Ukraine, China’s posture in the South China Seas, the Middle East on a knife edge, to name but a few of the challenges in their in-tray at the moment,” Briggs says. “These concerns are not theoretical; C-suite executives are making consequential business decisions as a result. They are reorganizing supply chains, pulling out of some markets all together, and de-globalizing their technology infrastructure to insulate themselves from risk. They look to the corporate security department for insight on the implications of geopolitics and practical assistance as they reorganize commercial activities.”
Cyber risks are particularly top of mind. The top action taken by CEOs in the PwC survey in response to geopolitical conflict was to increase investments in cybersecurity or data privacy (48 percent).
This makes complete sense, seeing as multinational conflicts often result in a spike in cyberattack activity, with malicious actors taking advantage of conflict, chaos, and fear to circumvent safeguards or attack specific targets. A University of Cambridge research paper published last week documents how hactivists and cyber attackers launched campaigns against Israeli websites in the short period since the 7 October attack on Israel by Hamas militants and the Israeli counterattacks in Gaza.
A fifth of PwC-surveyed CEOs expect to be highly or extremely exposed to cyber risks in the next 12 months, and a quarter expect to be exposed to cyber risks in the next five years. But this difference in short-term vs. long-term concern is a potential blind spot.
“The disconnect across time horizons begs the question of whether CEOs run the risk of being blindsided in the near term as they focus on here-and-now threats,” according to the PwC report. “In the case of cybersecurity, it’s easy for important business technology investments—launching a new consumer-facing app, developing a business line built around AI, expanding into a new market—to inadvertently create cyber vulnerabilities.”
Physical security professionals are increasingly aware of how cyber risks can derail organizational initiatives. In a recent survey by Genetec, 31 percent of end user respondents said their organization was targeted by cyber threat actors in 2023, and 36 percent of respondents said cybersecurity vulnerabilities were a top challenge facing their organization this year. Healthcare end users in particular were grappling with cyber threats.
Organizations are being more proactive around unified physical and cyber security, trying to mitigate risks posed by cyber risks in physical infrastructure, the Genetec report found—42 percent of end user respondents said their organizations are deploying cybersecurity-related tools in physical security environments this year, compared to just 27 percent in 2022. However, there’s still a long way to go.
“Debates about convergence—bringing corporate security and cybersecurity together under single leadership—have raged for well over a decade,” Briggs says. “Ultimately, I don’t see a future where the two are not converged, but very few companies have achieved this in practice. Cybersecurity is certainly a major concern for boards—survey after survey shows that. And there are so many linkages between cyber and physical security incidents. It seems to me like the elephant in the room—and a challenge I’d love to explore with the CSOs who are willing to try.”