6 Considerations For Legal and Compliance Teams As Physical Threats Escalate
It seems like corporations today are in a never-ending cycle of unique challenges – challenges that are being fueled by wars abroad, social justice issues and ongoing health and safety concerns.
Almost everyone within the business is impacted by these issues, but certain teams responsible for managing risk pay particular attention. Those business leaders guiding legal and regulatory matters are keenly focused on those challenges.
In the Ontic Center for Protective Intelligence annual survey of physical security directors, corporate attorneys and physical security decision-makers, 85% of physical security, legal and compliance leaders agreed that due to the unprecedented increase in physical threats, 2022 is a significant turning point in prioritizing physical security. Additionally, 83% percent of respondents also agreed that unmanaged physical threats are increasing corporate risk and could have a financially crippling effect that negatively impacts business continuity.
With such a drastic increase in the level of physical threats, we asked survey respondents what issues keep them up at night. Here are their top five concerns.
With corporate security programs increasingly the responsibility of the legal team, these leaders are in a unique position to ensure everyone across the enterprise is informed and that there is a shared view of the potential risk to the organization. It means creating a unified, holistic system of record and a coordinated initiative to proactively identify and forecast risks so you can protect assets, infrastructure and reputation.
Additionally in our 2022 State of Protective Intelligence Report, among compliance, risk and regulation issues having an impact on physical security strategy, a majority of executives (64%) acknowledged corporations are targets that cannot rely on others for protection. The changing profile of insider threats to corporate activists, increased personal liability for CEOs and C-level executives and the increased potential for financial losses are also cited by more than half of respondents as compliance, risk and regulation issues.
What does this signal? Not only that you are on your own – something we have increasingly known to be true – but physical security threats are inherently connected to compliance, risk and regulation issues.
So, what tactics should legal and compliance teams consider to best address these physical threats? Take a look at the list below but keep in mind that these are merely factors that could help improve a company’s ability to protect its physical assets — the failure to take any of these steps does not necessarily mean that your organization will be more or less vulnerable to threats.
- Solidify a response plan. In the event that an incident occurs, having an effective response plan in place can be instrumental in mitigating the impact. Once you formulate your response plan, make sure your team runs it through a tabletop exercise to ensure its effectiveness and identify gaps. You can almost bet that the plan will not exactly address the incident, but better to have a starting point than to invent a plan in the middle of an incident.
- Train employees on the response plan. Employees across all relevant departments (human resources, legal, security, etc.) need to be trained on the response plan once it is in place. Run through different scenarios with the team members responsible for addressing the threat to help identify additional gaps in the plan, and then update accordingly.
- Collaborate with your security team. One of the largest challenges organizations face is effectively tackling intelligence risks and physical threats that cut across departments. Threats across cybersecurity, human resources, legal and physical security often stay in silos. Establish policies for cross-departmental collaboration before you need to build a policy during an incident. You may even want to consider having your corporate security team report directly to the CLO due to the complexity of threats faced today.
- Review your policy with your insurance provider. Talk to your broker to make sure your organization’s coverage is sufficient given today’s dynamic and complex physical security threat landscape. Your insurance provider should play a role in helping you put your response plan in place (and don’t forget to add “notify carrier” in your response plan). While this may seem a given, it is a critical step that is often overlooked.
- Adopt a technology-driven approach. In order to best “see around corners” and help automate processes, leverage technology that best fits the needs of your business. With the right system in place, both legal and security teams are able to access physical threats in real-time, allowing them to stay one step ahead of potential risks and to better protect their employees, assets and infrastructure.
- Maintain a reliable and robust audit trail. If your safety and compliance protocols ever come into question by clients, employees, authorities or shareholders, an accurate and thorough audit trail will allow you to demonstrate that the appropriate measures were taken by your organization to uphold its duty of care.
Once you fully understand the legal and compliance implications of physical security and the impact potential threats may have on the business, the legal team will be able to take their full-scale approach to fulfill risk and vulnerability management for the organization.
Yes, the world continues to present new challenges to the security industry and legal teams. But with alignment and continuous adaptation including leveraging new technologies to improve visibility of the threat landscape to minimize risk, you will build a more secure environment.
Looking for more data on today’s threat landscape? Download the full 2022 State of Protective Intelligence Report here.