Increasing Risk Appetites Put Security Front and Center as an Influencer
What does the next decade look like for business leaders? Volatile.
A new research report from The Clarity Factory, The Business Value of Corporate Security, found that the majority of business leaders today believe volatility will characterize the next decade, driven in part by geopolitical tensions, technological innovation, economic downturns, and cross-border migration. The research found that 57 percent of board directors expect to increase their risk appetites (or they have already done so) in response to rising volatility and uncertainty, which presents an opportunity for security leaders to contribute essential data and serve as a trusted advisor on risk decisions.
“Multinational corporations increasingly manage risks that fall outside the remit of any individual function, and are dealing with multiple risks concurrently,” the report said. “Interconnected risks are not just harder to predict and manage; research shows they produce larger losses. In this context, silos create missed opportunities, obscure risks, and create blind spots.
“This makes business leaders more focused on the connections between risks, as well as on the risks themselves, and they seek a more unified, functionality agnostic view of risk,” it continued.
This is a new operating model for many organizations, and it requires careful navigation.
“Whether or not you subscribe to the concept of ‘permacrisis’, companies are facing a higher volume of crises that are more interconnected, including the global pandemic, Russia’s invasion of Ukraine, the resulting energy crisis, increasingly extreme weather events, mass shootings, and ransomware attacks in recent years,” the report explained. “For companies used to operating in high-risk environments—oil and gas, and media, for example—this might not feel new. For many others newly navigating complex and interconnected risks, it requires a structural and cultural shift.”
Corporate security is in a unique position to guide companies during this period, says Rachel Briggs, OBE, cofounder and CEO of The Clarity Factory, and author of the report. Security is usually one of the most connected functions in an organization, and it is seen by some executives as “corporate glue.”
In the current global business operating environment, “things are going from 0 to 100 miles an hour in a way that is just so much faster than in previous periods—in what I would call almost a pinball effect on the risk environment,” Briggs says. “What starts in one area can quickly migrate into another area, blindsiding risk leaders across the business.”
This state of polycrisis—the simultaneous occurrence of multiple catastrophic events—puts crisis management in the spotlight. Only 1 percent of the corporate security professionals surveyed for the report have no role at all in crisis management, while three-quarters are responsible or accountable for the capability. The report concludes that crisis management is a required skill set across the entire company, and CSOs with exceptional crisis management capabilities can be of wider value in their organizations.
As a result of their work in crisis management so far (especially during the COVID-19 pandemic and the Russian invasion of Ukraine), 89 percent of CSOs surveyed said the visibility and profile of corporate security has risen, and business leaders now better understand and appreciate the structure and discipline that CSOs and security teams bring to crisis management. Seeing the team in action also shifts perceptions and dispels stereotypes about corporate security.
According to one CSO who was surveyed, “We showed people through how we responded to that crisis that we could be agile, whereas I think some people think of security as rigid. We were the ones who stepped up to the plate and really morphed in order to meet the demands of the pandemic.”
Security’s ability to consistently and effectively respond to crises and incidents builds trust in the function and increases security teams’ circle of influence in the organization.
Security leaders’ crisis management capabilities are “one of their superpowers as a function and in a world where business leaders are faced with heightened risk, interconnected risk, grey zone risk, and pinball risk type activity,” Briggs says. “Leaders right across the business need to be crisis confident, because there’s going to be stuff coming their way that doesn’t quite get to the level of needing to be delegated to the crisis management team. A number of the CSOs I interviewed are now starting to ask themselves quite interesting questions about how they can take their crisis management capabilities and translate them into leadership capabilities right across the company. I think that’s going to be one of the things that really starts to elevate the contribution that the corporate security function can make.”
CSOs already have effective intelligence gathering and reporting capabilities, for example. They are able to gather and synthesize disparate pieces of information, distilling it into something simple and usable to enable leaders to make better, faster decisions when situations are evolving. These skills have clear applications within security, but volatile operating environments heighten the value of these skills across the business, Briggs says.
This can be particularly valuable in difficult business conditions, while organizations are seeking opportunities in riskier environments or markets.
“If you’re doing business in difficult times, you need to lean into risk more than you do in easy times because the gains are that much harder to reach,” Briggs says.
What does this mean for security, though? Firstly, it makes it crystal clear how much security matters—unless corporate security does the basic functions of the role properly, the business cannot survive.
“The message to CSOs is ‘Get your house in order,’” Briggs says. “Make sure that you’re doing all of those things that should be bread-and-butter basic activities that you’re involved in. Make sure you’ve got coverage, that you’re doing them competently, and you’re going for excellence in those core basics. Only once you have managed to achieve that should you be venturing outside of your domain.”
The most effective corporate security functions dedicate most of their time to executing these core tasks. CSOs interviewed for the report said their teams spend an average of 75 percent of their time on this work.
“Effective CSOs recognize that competence within their circle of control earns them the trust needed to extend their circle of influence, which in turn allows them to make an enhanced contribution along the value chain,” the report said.
Leveraging that influence, the corporate security function can help business leaders take risks, providing intelligence and assessing potential threats. However, security leaders need to be careful around their desire to “get to ‘yes,’” Briggs says.
Business leaders told Briggs during her research that in these kinds of times, of course getting to “yes” is a positive goal, but “we really need those trusted advisors who can speak truth to power and tell us when it’s a risk too far,” she says. “There’s this important tightrope that CSOs have to walk between being really good at the bread-and-butter job they’re there to do while also being trusted advisors to business leaders to help them take risks, but having the confidence, the gravitas, and the courage to stand up and say ‘no.’”
CSOs will need to be able to own that “no” and justify their decision to refuse to support a risk, but that viewpoint is essential when helps bring a sense of checks and balances to a more risk tolerant business model.
Part of making those decisions is having a circle of influence both inside and outside the organization that can lend expertise and perspective. The report noted that business leaders place a premium on external networks while they navigate the complex business environment and address tricky issues like reputation management. CSOs’ external networks are particularly valuable.
“The security community is one of the best connected communities out there in terms of professional groups,” Briggs says. “For most professionals, your external network helps you to get the next job, but for security professionals, they use that network day in and day out. They’re making phone calls, they’re emailing about what’s happening in this palace, what are you doing about that… It’s part of your toolkit as a corporate security practitioner.”
In the research report, business leaders also touted the value of security networks—it was one of the most cited points when interviewees described the value proposition of CSOs. “It not only delivers for corporate security, but increasingly for business executives seeking to understand geopolitical trends and what they mean for the company,” the report noted. “Corporate security’s external network adds value to core business decisions.”