Keeping a company safe from all possible threats – including physical risks to its employees and facilities, as well as cyber risk – is complicated even if that business only operates from one location. As firms expand around the world, the job of providing adequate security becomes even tougher. Each new region comes with its own risk factors, and the supply chains that connect all of an organization's assets provide danger of their own.
"Competition favors companies willing to pursue optimized strategies."
The solution to this growing complexity isn't to shun international operations. Competition in today's high-speed and digital-enabled business climate favors companies that are willing to pursue optimized strategies, and that often means splitting responsibilities between numerous facilities far from one another.
Coming up with comprehensive security strategies, both overall company policies and localized processes for each relevant region, is a high-priority objective. The following are a few of the considerations companies and their third-party allies will have to consider.
A mixture of factors
The sheer number of elements that need to be accounted for in any security strategy is large and growing. Facility Executive recently analyzed the results of the latest FM Global Resilience Index, which ranks the level of danger in various countries around the world. The study's array of scales on which regions' viability is measured can be an instructive tool for leaders wondering about potential risks to their facilities and supply chain links.
For example, each region differs in its risk of political instability, as well as the chance of suffering a natural disaster. Some countries are also more susceptible to cyber attacks, with varying amounts of digital infrastructure and different active groups of potential hackers. From general supply chain visibility to the balance between urban and rural areas, every country in the world has its own unique profile for leaders to plan around.
A global example
To see how a major organization is balancing the pressures of security in the global era, Security Info Watch spoke with Dave Komendat, chief security officer at aerospace giant Boeing. He observed that departments focused on risk and security can serve in business enabling roles, dealing directly with organizational leadership. When a new operational strategy is proposed with security risk involved, it's up to professionals in this space to create strategies that allow the organization to reach its goals, rather than to stop it from making progress.
"Security leaders and their teams have to be flexible and adaptable."
Komendat also explained that there is value in being extremely responsive, and being willing to pivot to crisis situations as they erupt, no matter where they occur. This is an essential consideration because it acknowledges that no risk-mitigation plan is ever good enough to not require direct attention when something goes wrong. Security leaders and their teams have to be flexible and adaptable, ready to act whenever a problem presents itself.
As for actually putting together risk avoidance strategies, Komendat warned against some of the traditional approaches. For instance, when organizations build out procedures that are inflexible and ingrained, filling innumerable printed pages, they may not be addressing the actual threats they'll face. Inflexible and overly detailed procedures are hard to learn and difficult to execute. While in planning, leaders may believe they're giving their companies the best chance to survive any possible crisis, but unless a plan can be executed, it's not helpful.
A job for third parties
Third-party security consulting services are one possible source of assistance for companies struggling to create or revise risk-prevention policies that take their global operations into account. Finding a balance between comprehensiveness and utility, flexibility and reach, is a specialty of trained consultants. Organizations can also bring in these outside professionals to audit their present policies or train their team members for maximum effectiveness.
