Why do organisations find it difficult to understand threats and risk

The current business landscape is moving at a faster pace than it ever has. Technological advances combined with political, sociological and environmental instability has meant organisations have rapidly had to change the way they operate, 'giving many CEOs a deep sense of unease' (Harvard Business Review, 2011). Failure to keep up has caught many organisations on the back foot and sent some of the UK's biggest brands into liquidation.

In amongst so much instability, changing and developing markets, organisations have not only had to react and adapt their operation to meet their current business climate but also ensure a solid strategy is in place to future proof their business. This has led to many organisations not fully understanding the market that they are now operating in so realistically to try and understand the associated threats and risks that accompany the new business model is at best guess work at times.

Many organisations have become complacent and rigid in the way in which they manage security with the same security strategy and plan in place that they had a decade ago. Security is often seen as a hindrance, something that stifles new growth and when the business landscape is changing so quickly delay is not an option. Therefore security has been left behind in this new world environment and is constantly playing a game of catch up. But with so much fluidity, as soon as you have caught up, you are already out of date.

For the security professional the issues faced are trying to have influence at senior management and executive board level so that security is firmly embedded in the strategy of a rapidly moving organisation. Instead of being a hindrance it is seen as an enabler and by identifying and mitigating risks early you can actually progress quicker than companies who failed to do so and are now having to address them.

As security rarely generates profit for a business, and with many organisations having to streamline costs to stay competitive, trying to get a budget allocated in order to future proof the business from security perspective, in line with the new and emerging threats, can prove difficult. For many companies security has become reactive and the threats associated with the new business landscape are only addressed when they have triggered an event. This in the long term can prove costly and for the security professional cost benefit analysis should be used to try and change this reactive mindset to put a solid proactive plan in place to address emerging threats before they trigger an event.

Realistically business change is only going to get quicker, global instability is unlikely to become more stable, so security professionals must focus on providing influence at a senior level and establishing a clear future proof security strategy to address emerging risk but that is also flexible enough to manage un-forecastable and inevitable events.

References

Reeves, M and Deimler, M. (2011) Adaptability: The New Competitive Advantage [online]. July 2011. Available from: http://hbr.org/2011/07/adaptability-the-new-competitive-advantage/ar/1 [20 October 2014].

Comments

Write a Comment

You must be logged in to leave a comment. If you do not have an account with The Security Advisor you can signup here.