Managing or mitigating risk to a level that is acceptable to all stakeholders is not an easy task. In fact, it can be especially challenging when C-Suite focus is on visions of ‘business specific’ operations and ingenuity as opposed to layers of physical or IT security. An August 17, 2012 article from CFO Magazine titled, ‘C-Suite Slipping on Information Security Study Finds,’ by Taylor Provost, focuses specifically on IT security yet could easily be overlaid across physical security applications as well.
It really does not matter what you call it; risk management, risk mitigation, thick and buttery risk mashed potatoes or sticky and sweet risk maple syrup, the driving focus for loss prevention professionals is to stay in front of negative impact to the business whether it be to people, assets or the brand. Our focus as loss prevention professionals is also to create systems, processes, policies and procedures that minimize impact to the business, people, assets and brand when an ‘event’ occurs. Because C-Suite leaders are in fact people, human beings, their focus is generally on that which accelerates bottom line growth, future strategic development and anything that sheds positive light on business and product. Safety, security and risk mitigation are typically not viewed as money generators and become simply a cog in the wheel that does not get attention unless it gets a bur in it.
Coming from Law Enforcement into the private sector demonstrated for me that patterns of behavior for people when it comes to mitigating risk or managing risk are truly the same—across cultures, across business formats, into personal environments and settings. For the most part, people would rather deal with the positives in life and do not necessarily see physical security or information security preventative measures as critical facets to maintain a healthy, productive, efficient and progressive business or life. So, as security professionals, it will always be a welcomed challenge to be strategic and innovative change agents presenting creative yet accurate return on investment business cases to C- Suite leaders outside of the peaks of investment made following a loss or a crisis.
Those energies, points of brilliance should never stay the same (even if the risks are similar yet different). Environment changes, deviant cognition and cleverness change, business changes, economy changes—the only real veins of consistency are that we are dealing with human beings and doing everything we can to lessen negative impact on the business, brand, people and assets if and when an incident occurs. It is up to us, not them, to peak C-Suite interest. It appears, based on the research in Taylor Provost’s article that interest has dipped yet again. Time again to sweeten their appetite, dress it up a bit whether it is with a sweet syrup topping or buttery batch of mashed potatoes—that is our job. KO Security Triage can help you and your business with some of that strategic heavy lifting and key ingredients.