Posted: 29 Oct. 2020 2 min. read

Security risk management in the digital age

Security teams have often relied on manual processes to assess an organisation’s operational risks and controls – think traditional site security risk assessments done with a clipboard. This has proven to be costly, time consuming and difficult to implement on a large scale. Manual processes are also less flexible, difficult to change or re-design and stifle innovation. They can produce rigid, less attractive working conditions, for example requiring staff to be located in a particular place at a particular time to carry out their work or deliver a service. Over the last few years, digitisation has become essential for many organisations to remain competitive. In this blog, we will explore how this applies to security risk management. 

Embrace data to make better calculated decisions

Transitioning to digital solutions increases efficiency, reduces cost and allows organisations to scale their operations far beyond what would be operationally or financially possible with legacy methods. It also improves communications with customers or geographically dispersed teams and allows business units to collaborate more effectively, accelerating the sharing of best practice.

The flexibility of digital platforms allows for greater innovation, while instant access to current and historical data creates better insights and more informed analysis.

Adapt to digital processes or be left behind

Many global companies have embraced digitisation as a primary business enabler.

In 2006, a major automotive company undertook a digitisation process that simplified their product offering and created a unified global approach. This resulted in a 30% reduction of the organisations IT spend, freed up resources and enabled greater focus on expansion and innovation.

Applications for security risk management

In the corporate security field, digitising operational processes, such as site protection, is now an essential activity to keep pace with the constantly evolving threat environment. In 2019, total economic losses from natural and man-made disasters were US$140 billion. However, corporate security teams struggle to move away from legacy processes in order to enhance efficiency and scale operations effectively across organisations.

Corporate security leads are often faced with the challenges of providing coverage over a large portfolio of critical assets and locations, while constantly battling to increase, or merely retain their operating budgets.

Organisations relying on manual processes can suffer from a lack of oversight of how each business unit or geographical region is managing security. They can struggle to align investment in security controls with the specific geographical risk, and they often rely on a small team of specialists to conduct site security risk assessments. This makes adherence to best practice standards, global or regional regulations and even internal company policy difficult to measure. It can also make them slow to react to changing risk environments, putting the organisation at risk as new threats emerge.

Digitisation and automation could drive cost reduction and efficiency, while making security risk management practitioners more informed and better prepared, enhancing decision making on security issues and enhancing process around site protection and site risk assessment. It also allows security risk management practitioners to easily track historical trends in security and preparedness, as well as adherence to internal and external standards and regulation across a much larger portfolio. Ultimately this enhances an organisation’s ability to protect its critical information and physical assets, as well as its people, enabling it to fulfil its business objectives more effectively.

Creating a unified approach

Deloitte’s Experience

In our recent experience working with organisation with both a global and national footprint, there is a need for a user friendly, intuitive solution that can help provide security practitioners with a holistic view of their global locations, providing the risk context and allowing control maturity to be measured and compared more easily. With new ways of working and reduced travel, there is a requirement for a solution that can be flexibly and centrally managed, reducing the requirement for security risk management specialists to be in every location, and allowing opportunities for upskilling local teams in conducting site security surveys and site risk assessments. Such a tool will help organisations scale their security risk management operations consistently and cost effectively across their entire portfolio.

For more information on Deloitte’s site assessment and risk management solutions, visit the SecureHub website and request a demo.

Sign up for the latest updates

Key contact

Agnieszka Eile

Agnieszka Eile

Director

Agnieszka is a Director in the Risk Advisory practice, where she focuses on Cyber, Digital & Data risk. She works predominantly with Financial Services clients, including banking and capital markets, and private wealth management. She has over 13 years of experience advising organisations on non-financial risk management. Specifically, she helps clients evaluate the maturity of their technology and cyber security risk and control functions; design, develop and implement risk and controls management frameworks; and enhance organisations’ overall risk management culture. Agnieszka has led and delivered several information security risk and controls assessments, internal audits, maturity reviews and regulatory reviews for organisations across a range of industries and sectors, helping national and global companies prepare for and respond to known and unforeseen risk events.

Alan Fraser

Alan Fraser

Manager

Alan is a Manager in Deloitte’s Cyber Practice and SME in the area of Corporate Security and Geopolitical Risk. He is experienced in the fields of physical and cyber security risk management and corporate intelligence. Alan works across sectors, with significant experience in financial services. He has led workstreams as part of major security transformation projects in both financial services and the public sector. He has spent extensive time living and working in the Middle East and North Africa and speaks a number of Arabic dialects. Prior to joining Deloitte, Alan was a Director at a risk management consultancy.