The role of a 21st Century Corporate Security & Risk manager in Ireland has evolved at an exponential rate over the past 25 years. No longer is security management restricted to the indigenous small and medium sized enterprises (SMEs) and solely concerned about tangible assets surrounded by high walls and gates.
Data is the new asset to be protected. Dublin has taken over from London as Europe’s largest data hosting cluster, capturing 25 per cent of the European market, more than €1 billion was spent on data centres in Ireland during 2018 (Reddan, 2019).
The challenges faced by global Corporate Security & Risk managers during this growth have become very complex as the threats that organisations are exposed to, such as cyber-attacks, require greater depth of knowledge and awareness of the external vectors that may pose a threat. Greater physical and technical security strategies must be embedded into the organisation’s security posture to combat the myriad of emerging risks.
An effective tool of strategic planning to examine the strengths and weaknesses (internal matters) and opportunities and threats (external matters) of the organisation is a SWOT analysis (Syazwan Ab Talib and Bakar Abdul Hamid, 2014). To effectively meet the challenges of the macro environment to the corporate organisation, SWOT analyses should be carried out in regular intervals. In conjunction with the SWOT analysis, another very effective tool of strategic planning is the PESTLE analysis, which examines the Political, Economic, Sociological, Technological, Legal and Environmental factors that may directly or indirectly affect the organisation.
As advances in technology have made physical security strategies data/intelligence driven, 21st Century Corporate Security & Risk managers have embraced education, more so than their predecessors. The availability and ease of access to academic and professional courses have expanded the skillsets and paradigms of security professionals whereby they now provide security that is strategically congruent and inter-dependant with the organisation’s business strategy. The syllabus of security management training and education has also evolved to combat the nature of current and future threats to include risk management, crisis management and business continuity. Greater breadth of knowledge and more holistic paradigms are essential to mitigate against all forms of threat. For example, when you examine the 9/11 attacks in 2011, the subsequent report cited “imagination” as one of the four failures that led to the attack. The report found that America was taken by surprise when you consider the attack was “carried out by a tiny group of people, not enough to man a full platoon. Measured on a governmental scale, the resources behind it were trivial. The group itself was dispatched by an organization based in one of the poorest, most remote, and least industrialized countries on earth” (Kean TH, Hamilton L.,2011).
America was further taken by surprise in 2021 following the Presidential election defeat of Donald Trump. The nation that prides itself on its representative democracy witnessed a mob of over 2000 in strength storm and occupy Capitol Hill, one protestor was shot dead by police during the event.
When the most powerful country in the world is repeatedly compromised, security managers must realise that all threats are a possibility and therefore should be investigated and recorded on their risk registers accordingly. A risk register is a document used to record all identifiable risks and map them in accordance to their likelihood and expected consequences/impact. Thereafter, suitable proactive measures should be introduced to mitigate against the recorded risks and reactive measures should be identified to ensure effective business continuity after an event. Organisational response to an event should be tried and tested by means of crisis management exercises. All stakeholders should be identified and their roles and responsibilities explained. While exercising can be expensive and time consuming they may also be cost neutral when delivered as a table top exercise (TDG). Research of case studies (and lessons learned) from similar organisations is a good starting point to prepare exercise scenarios. For example, communications, or lack thereof, has often been acknowledged as a single point of failure in crisis management. Military folklore provides a perfect example of poor communications with the World War 1 story of a unit advancing against the enemy, the message was passed back to Headquarters was “send reinforcements we are going to advance” but in the heat of battle the message received was “send three and four pence, we are going to the dance!”. It is of paramount importance that Corporate Security & Risk managers take control of communicating an event to the stakeholders and the media to ensure people are correctly informed before social media misinforms them. The Boston Police Department are an excellent example of how social media (Twitter) was used to keep the general public informed and out of harm’s way. In the immediate aftermath of the 2013 bombings the Police Commissioner’s Twitter account was used to keep the public informed and used to disseminate the photographs of the suspect at large (Davis, E., Alejandro A. and Sklansky, D., 2014).
In conclusion, 21st Century Corporate Security & Risk managers have much more responsibility now that ever before. Risk as a probability has morphed into risk as an accountability and managers are the incumbents. Business functions of physical security managers have increased and require greater understanding of IT risk management, business continuity management and corporate governance. However, greater responsibility attracts greater reward as security managers now take their own seat on the Board, no longer in the shadows of facility managers or other departments.