by Simon Webb

The Role of a 21st Century Corporate Security and Risk Manager

Executive Summary

Pre 9/11, professional security and risk management was the domain of state actors and their special forces leadership. At the point of impact of the third plane into the Pentagon the corporate landscape of risk mitigation changed in an instant and changed forever. The concept of commercial entities now needing to identify, mitigate and manage risk to prevent further total loss events highlighted the need for potential risk managers to collaborate with and embrace potential organisational impacts ensuring that these organisations are future proofed and risk ready throughout every echelon.

The past

The outdated modality and appearance of risk managers who entered the arena post 2003 to capitalise and generate vast incomes whilst exploiting client’s fragility must be condemned to history. As the need state of risk management evolves, so must the professional ability and mindset of the practitioners who are employed to mitigate the potential of harm to the individual, corporation or corporate reputation of the client.

21st century thinking for 21st century landscapes

It is the opinion of the author that globally we have never been more exposed to risk at the present than we have in modern history. The SARS COV-19 pandemic has created new opportunities for nationalism and society is now once again exposed to the rise in radicalisation. For over two years communities were told to silo, to bunker and create division in society. The stay-at-home message limited interconnectivity and promoted the creation of borders at the micro level.

In addition, the vacuum created by the withdrawal from Afghanistan in 2021 has now provided a platform for a significant humanitarian crisis not only in central Asia but far and wide. Low level kinetic skirmishing in sub–Saharan Africa and significant shifts in global weather conditions provide perfect context for exploitation. At the time of writing, there is an ongoing land war between Russia and the Ukraine, which creeps ever closer to a prolonged and extracted conflict in central Europe. This will destabilise many supply chains across multiple markets and create pressure on global financial institutions.

The national, regional and government elections in 2022 will prove to further destabilise any green shoots of post Covid recovery and the impact of food security, supply chain integrity and commodity pricing only compound these risks further. Any risk mitigation manager must realise that any of these global concerns create complexity within the risk register of an organisation. The fact that they are all current and ongoing suggests that the risk manager must now revaluate all practice, protocols and planning to ensure that the horizon remains in sight.

Experience vs behaviours

The modern forward-thinking manager must not be reliant on experiences however hard earned. They must utilise and embrace all the data and intelligence at their disposal. It would be counter intuitive to suggest that experience should be discounted completely as this is the basis of our skill set, however not all experiences provide currency.

In (Aven 2015) we learned that “a 21st century manager is not only tasked with the duty to keep a constant check on possible threats but also to analyse them” (“Risk Analysis Terje Aven 2015-09-28).

Suggesting that the risk manager must fully immerse themselves in the way in which organisations or individuals may attempt to cause us harm. This awareness and understanding coupled with the experience and industry best practice thinking, helps us to formulate possible outcomes – and plan for them.

In a human scenario (MMA – Terrorism Incident – failure of infrastructure) we have the tools to consider the threat, create mitigation policies and act accordingly. This however is somewhat abstracted when we are dealing with scenarios resulting from natural disasters where there perhaps may not be the warning signs in advance of the phenomenon.

The modern manager must therefore fully anticipate all relevant eventualities within the risk register. It might have been remiss of the state government in Texas not to include mortality because of hypothermia and other related illness during the 2021 snow fall as holistically, this would have had a low acuity expectation. The reality resulted in 246 deaths attributed to the power outage caused by significant snow fall. Could the risk manager argue that this was unprecedented? or was it a failure?

When identifying the risk, the likelihood and the impact are the basic building blocks that we must understand. Understanding these potential hazards and determining the risk as a result are the foundations of this role. In isolation, the Texas snowstorm may seem unprecedented however there is a history of events including The North American storm 2017, Storm Goliath 2015, San Antonio 1985, Houston 1960 and the Pan handle snowstorm 1957. So, whilst significant snow fall is not common in this state it does present as a risk, albeit with a low likelihood of actuality. The process of understanding and planning for eventualities, allocating the appropriate resource and exercising and testing may have prevented the high mortality rate associated with these extreme weather conditions.

Terrorism in the 21st Century

In the concept of operations associated with terrorism incidents we are still besieged by this threat daily and the security and risk manager must fully understand their position in the relationship. From the winter of 2015 to early 2019, the sensationalism of terror news reporting was in decline. On the face of it the “world was becoming a safer place once again”. (www.visionofhumanity.org) However, within the community of crisis management we knew this not to be the case. The polarising impacts to the indices suggested that peaceful countries became more peaceful whilst fragile countries became more violent. During the period 2008 – 2021 “The 25 least peaceful countries deteriorated in peacefulness by an average of 12.1%, while the most peaceful improved by 4.3% ...” (www.visionofhumanity.org).

The threat of terror related incidents still exists but the data suggests that the countries who have been able to invest in the mitigation of the threat have developed more robust systems to manage that threat. In January 2020 Covid 19 impacted the national budget of many established “more peaceful countries” and budgets including the prevention of terrorism were immediately diverted. This must drive future medium term implications that the risk and security manager must allow for within their planning. Since the evolution of policing and military operations to combat terror organisations has positively progressed, so has the Modus Operandi of the terror organisations evolved.

The associated risk of cyber security and threat is significantly concerning, and the manipulation or theft of commercially sensitive information can bring an organisation crashing down far faster than an active shooter. The modern security manager must liaise with the ICT function to protect the confidentiality, integrity, and availability of data.

This “CIA Triad” (Securityscorecard.com) helps to sanitise critical information exchange from corporate espionage, malware and ransom and multi-dimensional attacks.


Now, more than ever the 21st Century Security and risk manager is exposed at a multi-level, multi depth and multi-dimensional front. To provide the layers of protection that our clients crave, we must respond with a multi-functional delivery that creates understanding around all aspects of corporate risk.

To provide this gold standard of service we must be the analyst, the operator and to some degree the oracle. Our service must span from the rudimental, dynamic “on the ground” provision of physical or asset security through the spectrum of analysis and understanding that formulates recommendations and business continuity solutions, whilst pro-actively identifying the future needs vs the future realities of the operations and activities that our clients contract us for.

The security manager of the future will be a security department rather than an individual, encompassing analysis at the forefront of all thinking prior to any concept of doing.

To conclude on a well-known military saying, “fail to prepare – prepare to fail”. (Anonymous).




  • Risk Analysis Terje Aven 2015-09
  • www.visionofhumanity.org
  • Securityscorecard.com