Significance of Enterprise Security Risk Program

Jason Blumenauer, Senior Director Head of Security at FirstGroup America

Jason Blumenauer, Senior Director Head of Security at FirstGroup America

There is a new norm in business today and that is to be prepared for the unexpected and associates, customers, and clients expect a service that can sustain and manage through a crisis. This is a new way of thinking for a lot of businesses and if an incident or crisis is not managed properly it can have lasting negative effects. Having an emergency management program and a business continuity plan in place is nothing out of the norm, but the real question is do you have a strong security culture that supports these programs? That will make the deference between reacting to an incident or responding to an incident.

Reacting is when you have the basics of a security program and must scramble to provide what is needed to confront a problem at hand. You usually see many e-mail communications, meetings with many people from many different department asking questions and not necessarily engaging thoughts towards a solution. This practice uses valuable time and is not very efficient or effective. The other issue commonly seen is there is no accountability, no defined leadership, and destructive silos.

Responding provides a whole different flow to how you combat a situation. By responding you have immediate engagement from like-minded individuals that take a wholistic approach to managing through a problem. Prioritization is almost immediate and sharing of information allows for synergies to align with a focus of protecting people, property, operations, and brand. Doing it the right way makes a difference and minimizes the repercussion of claims currently and in the future, this is very important to the bottom line. We can try as hard as we can, but we will never be able to stop all crises’ from happening, but we can make sure we are prepared to manage properly. This is what allows you to be risk adverse.

It is very important to remember that today’s risk landscape is full of fast-moving sometime multiple threats ranging from civil un-rest, workplace violence, terrorism, natural disasters, health crisis, civil un-rest, internal and external criminal activity, and beyond. With a world of connected technology and instant linking to the masses an organizational incident can escalate quickly and in record time canbring reputational and financial devastations.Having the right leaders and culture in place to respond is more important than ever.

The opportunity in minimizing risk starts with a strong strategy around managing day to day securityissues and concerns. Taking a pro-active approach with a consistent program helps an organization not only minimize risk but also builds organizational health and maintains a risk adverse culture, which has also shown to help with retention problems and with today’s labor shortage this is very important. Workplace security issues are at a record high and claims that need to be managed take major toll not only on your brand reputation internally and externally but there is also a significant negative revenue implication. Imbedding a strong security culture with the right tools and resources can only strengthen an organization and minimize those losses.

Allowing for a more pro-active versus re-active approach to an incident saves time, money, and provides for more opportunity to invest into growth of the organization instead of always defending to sustain the operation. At the core of a best-in-class risk mitigation security program is a team that can champion the security resources and influence and engage the operations so that they can navigate successfully through concerns that may come their way. A business partner security strategy will need the following to show an ROI to the organization.

• Building the right brand that resonates with both internal and external customer

• Establishing security influence at every level

• Defining a best-in-class program that has a consistent flow and aligns with the overall business strategy

• Build a strong security story through metrics

• Maintain and grow consistent process controls

• Maintain constant communication across all pieces of the company

The approach is to focus on security from a holistic standpoint, considering the day-to-day reality of an organization and assessing the required security measures in this context. Proper RiskManagement practices can significantly reduce the potential for loss. It is very important to note, not every program will look the same. Each program must identify the business footprint and create a package that can overlay around the business initiatives and once imbedded can have influence on future business decision. The goal is to create something that is sustainable, flexibleto change with the business landscape, and ready to support growth.

Weekly Brief

Read Also

Leveraging Effective Communications for Strengthening Cybersecurity

Leveraging Effective Communications for Strengthening Cybersecurity

Grant McKechnie, Chief Information Security Officer, Endeavour Group
How To Think Digitally And Transform Your Organization To Win The Digital Customer

How To Think Digitally And Transform Your Organization To Win The...

Dobyl Malubane, CX Business Dev & Strategy Director, Oracle Africa
The Future Of Cloud Is Mobile

The Future Of Cloud Is Mobile

Rudi Strydom, Head of IT Operations, Technology and Architecture, Imperial South Africa
Exploring New Technological Impacts

Exploring New Technological Impacts

Melissa Orchard, Digital Hub & PDC Director, Marketing; CMI, Unilever Africa
The Human Reality Of Cyber Security

The Human Reality Of Cyber Security

Henry Denner, ICT Security Officer, Gautrain Management Agency
Zelle Fraud! Or is it?

Zelle Fraud! Or is it?

Karen Boyer, Vice President Fraud, People's United Bank, N.A.