Geopolitical risk is fastest-rising danger to corporate security New report
December 2023 by Clarity Factory
Geopolitical threats now represent the fastest-growing risk to the security and resilience of businesses, overtaking the likes of post 9/11 threats such as terrorism, according to a new report published today (Monday 11 December 2023).
Factors including US-China relations, Russian regional activity, Middle East tensions and war and conflict are all cited as specific threats contributing to the increase in the geopolitical risk. Geopolitical factors can impact everything from supply chains and operational resilience to personnel security and new market entry and exit, the report says.
The report, The Business Value of Corporate Security – compiled by surveying senior business leaders including CEOs, Chief Operating Officers and Chief Security Officers (CSOs) from leading multinational corporations – is published by The Clarity Factory, a company specialising in corporate security, cybersecurity and resilience.
Key findings include:
• Asked to rank the three biggest security risks faced by their organisation, cybersecurity ranks highest (named by 53% of respondents), closely followed by geopolitical risk (51%) and insider risk (40%).
• 88% of respondents say geopolitical risk has increased, compared to just 12% saying it had stayed the same or decreased, while 81% of respondents say the cybersecurity threat has increased.
• Other risks which the majority of respondents said are increasing rather than decreasing or staying the same are: extreme weather and environmental events (67% of respondents), civil unrest (66%), travel risk (63%), climate crisis (57%) and activism (57%). A significant minority (14%) of CSOs cite the climate crisis as a top-three security risk for their company.
• Risks that dominated post 9/11 like terrorism, and more traditional security risks such as kidnap or extortion, are becoming less of a threat for most companies – 88% of respondents say the risk of terrorism has decreased or stayed the same, and 84% say the same for kidnap and extortion.
• Most corporate security functions do not have responsibility or accountability for cybersecurity, even though ever-closer involvement is essential given the interdependencies between the two. Just over half (58%) of CSOs agreed that effective security risk management relies on corporate/physical security and cybersecurity converging into a single function, but only 15% of CSOs surveyed reported having accountability or responsibility for cybersecurity.
The report was undertaken to understand what trends in the global business operating environment mean for the corporate security function including its value proposition, areas of responsibility and relationship to the rest of the business. The project was sponsored by AstraZeneca, Barclays, CRH, Holcim, ICF, Johnson Matthey, Proman AG, Shell, Sibylline and Sky.
Rachel Briggs, CEO of the Clarity Factory, and author of the report, said:
“In a global business environment characterised by volatility and increased security risks, effective corporate security is non-negotiable for commercial success.
“Geopolitics is firmly back on the agenda and was ranked by business leaders interviewed for this report as the most important security risk facing their respective companies. Companies are grappling with heightened tensions in the Middle East, the Russian invasion of Ukraine, China’s influence in its near neighbourhood as well as Africa and the Middle East. With the highest levels of political risk and unrest for five years, business leaders face the effect of geopolitics on everything from supply chains and operational resilience to personnel security and new market entry or exit.
“However, in a more difficult business environment, growth requires companies to be able to identify opportunities and lean into more risk. Multinational corporations are now dealing with multiple risks concurrently, so business leaders increasingly need more nuanced insight to calibrate the risks they take, need trusted advisors willing to speak up when something is a risk too far, and require highly effective crisis management capability. The corporate security function is therefore now more important than ever.”
Other findings of the report include:
• Multinational corporations are increasingly impacted by a range of social changes that affect their risk profile and require input from corporate security. There is growing pressure on companies to not just do their business fairly and ethically, but to take an active stance on political and social issues, whether directly linked to their business or not. This can make companies and their staff a target for attack – 11% of CSOs surveyed say activism is one of the three biggest security risks for their organisation, and a majority (57%) say it is increasing.
• There is also growing expectation for CEOs to be the face of such public positions – 81% of investors globally say CEOs should be personally visible when discussing public policy with external stakeholders. This can increase the CEO’s risk profile, and one-third (32%) of CSOs surveyed say threats to senior company executives have increased over the past 2–3 years.
• The three biggest obstacles to the effectiveness of corporate security are identified as insufficient budget (44% of respondents), insufficient integration with senior executives (38%) and having to report too far down the chain of command (31%).
• Some CSOs reported diminishing support from law enforcement, which cannot match the capability of threat actors, finds information sharing difficult due to regulation and shifting geopolitical alliances, and has increasingly stretched resources.
The report highlights five critical ways in which corporate security is a business enabler that contributes to commercial success for today’s multinational corporations.
1. Corporate security is non-negotiable for commercial success. In a volatile, complex, high-risk operating environment, where security risks are rising, effective corporate security is non-negotiable, keeping the company safe and enabling business leaders to lean further into risk.
2. Corporate security is an integrator that promotes a unified view of risk. Corporate security tends to be one of the company’s most effective integrators. CSOs are leading efforts to promote collaboration across risk functions to provide executives with a more unified view of risk. Their function contributes across the value chain: as connected specialists, valued interlocutors on activities such as mergers and acquisitions (M&A) and new market entry or exit, and as the company’s complex problem solver of first choice.
3. Corporate security intelligence offers insight to enhance business decision-making. Companies that can harness data from across the value chain – including operations, the supply chain, corporate security, business intelligence, and cyber security – will tend to generate nuanced insights to drive better business decisions, allowing executives to lean into risk with greater confidence.
4. Corporate security’s external networks provide insight, support and an early-warning system. At a time when multinational corporations increasingly place a premium on external networks, business leaders interviewed for the report acknowledged the importance of corporate security’s external network. It not only delivers security outcomes, it helps leaders to understand what geopolitical trends mean for the company, offers insight, benchmarking and support, and acts as an early warning system. Effective corporate security functions invest in their networks, public–private partnerships, and membership organisations that support professional development, benchmarking and information sharing.
5. Corporate security’s crisis management expertise is business critical and can be used to enhance crisis leadership competency across the business. Corporate security functions are at the heart of their company’s crisis management capability. As well as applying these skills in response to group-wide crises, CSOs can put them to wider use to enhance crisis leadership capability across the organisation; to help leaders distinguish between an incident and a crisis, use crisis management procedures to help the business to make quicker decisions, and coach and mentor to develop executive crisis leadership talent.
Ms Briggs added:
“In the age of what has been termed ‘polycrisis’ – the simultaneous occurrence of several catastrophic events – crisis management is a business-critical activity.
“Many companies face a higher volume of crises that are more interconnected: extreme weather events, conflict, market volatility, reputational crises, geopolitical events and cyber-attacks, for example. For those used to operating in high-risk environments, this might not feel new, but for others, it requires a structural and cultural shift. Corporate security functions are often at the heart of a company’s crisis management capability.”