Security risk management in the digital age | Deloitte UK has been saved
Limited functionality available
Security teams have often relied on manual processes to assess an organisation’s operational risks and controls – think traditional site security risk assessments done with a clipboard. This has proven to be costly, time consuming and difficult to implement on a large scale. Manual processes are also less flexible, difficult to change or re-design and stifle innovation. They can produce rigid, less attractive working conditions, for example requiring staff to be located in a particular place at a particular time to carry out their work or deliver a service. Over the last few years, digitisation has become essential for many organisations to remain competitive. In this blog, we will explore how this applies to security risk management.
Embrace data to make better calculated decisions
Transitioning to digital solutions increases efficiency, reduces cost and allows organisations to scale their operations far beyond what would be operationally or financially possible with legacy methods. It also improves communications with customers or geographically dispersed teams and allows business units to collaborate more effectively, accelerating the sharing of best practice.
The flexibility of digital platforms allows for greater innovation, while instant access to current and historical data creates better insights and more informed analysis.
Adapt to digital processes or be left behind
Many global companies have embraced digitisation as a primary business enabler.
In 2006, a major automotive company undertook a digitisation process that simplified their product offering and created a unified global approach. This resulted in a 30% reduction of the organisations IT spend, freed up resources and enabled greater focus on expansion and innovation.
Applications for security risk management
In the corporate security field, digitising operational processes, such as site protection, is now an essential activity to keep pace with the constantly evolving threat environment. In 2019, total economic losses from natural and man-made disasters were US$140 billion. However, corporate security teams struggle to move away from legacy processes in order to enhance efficiency and scale operations effectively across organisations.
Corporate security leads are often faced with the challenges of providing coverage over a large portfolio of critical assets and locations, while constantly battling to increase, or merely retain their operating budgets.
Organisations relying on manual processes can suffer from a lack of oversight of how each business unit or geographical region is managing security. They can struggle to align investment in security controls with the specific geographical risk, and they often rely on a small team of specialists to conduct site security risk assessments. This makes adherence to best practice standards, global or regional regulations and even internal company policy difficult to measure. It can also make them slow to react to changing risk environments, putting the organisation at risk as new threats emerge.
Digitisation and automation could drive cost reduction and efficiency, while making security risk management practitioners more informed and better prepared, enhancing decision making on security issues and enhancing process around site protection and site risk assessment. It also allows security risk management practitioners to easily track historical trends in security and preparedness, as well as adherence to internal and external standards and regulation across a much larger portfolio. Ultimately this enhances an organisation’s ability to protect its critical information and physical assets, as well as its people, enabling it to fulfil its business objectives more effectively.
Creating a unified approach
In our recent experience working with organisation with both a global and national footprint, there is a need for a user friendly, intuitive solution that can help provide security practitioners with a holistic view of their global locations, providing the risk context and allowing control maturity to be measured and compared more easily. With new ways of working and reduced travel, there is a requirement for a solution that can be flexibly and centrally managed, reducing the requirement for security risk management specialists to be in every location, and allowing opportunities for upskilling local teams in conducting site security surveys and site risk assessments. Such a tool will help organisations scale their security risk management operations consistently and cost effectively across their entire portfolio.
Agnieszka leads our Corporate Security Team within Risk Advisory. She has over 10 years of experience delivering projects in security risk management, helping clients evaluate the maturity of their security functions, design and implement security strategies, develop security risk management frameworks and enhance organisations’ overall security culture. Agnieszka has led and delivered several corporate security projects for organisations across a range of industries, including Financial Services, Technology and Media, Retail, Critical National Infrastructure (CNI) and the Public Sector. She helps companies prepare for and respond to known and unforeseen disruptive risk events.