One of the most fascinating, important, and often underappreciated pillars of a robust corporate security program is a sophisticated threat management toolkit.
For executives and corporate security professionals, understanding what threat management is, why it matters, and why it is taking on an increasingly prominent role in the corporate security playbook is extremely important — particularly at a time when the evolving nature of workplace threats presents a more challenging and complex risk landscape.
Why take a proactive approach to threat management?
Threat management uses proactive, preemptive, and protective measures to identify, assess, and manage potential security threats. An effective threat management approach can make it possible for organizations to decrease risk and protect their employees and their brand more effectively.
While organizations face a wide spectrum of risks, from theft to supply chain disruptions, threat management is primarily occupied with anticipating and mitigating behavioral threats. By focusing on the origins of the pressures and priorities that can lead to things like workplace violence or employee malfeasance, threat management can avoid many threats before they manifest as a costly or even tragic incident.
The growing need for proactive threat management
Threat management is a topic that is increasingly of interest to organizations facing a proliferating range of threats, from financial and inflationary pressures to labor issues. More importantly, organizations and corporate security professionals are recognizing the importance of evaluating the impact of those pressures on individual employees. And against the backdrop of a seemingly endless spate of headlines highlighting incidents of workplace violence, decision-makers in the corporate security space are disinclined to minimize or ignore things that may have been dismissed in the past.
An employee making negative statements about a company on social media, for example, is something that security experts with experience in threat management now understand needs to be addressed. A strategic threat management approach recognizes both the sensitive legal constraints on employers and the value in understanding the origins of these sentiments and value in determining the most effective way to address them — even if that means turning to a mental health professional instead of a security pro.
Engaging new and different stakeholders in threat management
Engaging with new and different stakeholders with skills and experiences that may fall outside of the traditional security space is an important piece of the threat management puzzle. Experienced threat management experts may be coordinating with a chief medical officer, a mental health professional, or with HR personnel. Tapping into the specialized expertise of individuals who know how to identify and address problematic stresses and pressures can be an invaluable complement to more traditional security skillsets and methodologies.
Asking the right questions to develop an effective threat management program
What are the key components that need to be part of a threat management program? The first step is asking and answering the fundamental question: what are the objectives of the organization and what is the ultimate goal of this program? Is it to prevent violence, or is it to check a box and minimize liability exposure?
What’s important is understanding your enterprise objectives for managing threats of violence. Do you want to have what is essentially a militarized security force in your facility, or do you want to have a free flow of incoming information to help prevent issues? To better manage your threats, you first need to better understand your threats — and that means asking and getting answers to a large number of questions. That requires involving key stakeholders and having critical conversations about the threat landscape and the most effective ways to address pain points and potential threats.
It also means understanding what constitutes an acceptable level of risk and sometimes making tough decisions about security ROI. Those conversations can feel very different with someone from Legal than with someone from HR. Those differences need to be accommodated and reconciled in a way that yields a coordinated and cohesive approach. Because the inherent nature of threat management is that threats are constantly emerging and evolving, this is not a set-it-and-forget-it event, but an ongoing process.
Understanding where corporate threats originate
The best and most effective threat management strategies apply to many different contexts and introduce valuable and previously often missed perspectives on risk.
In this way, diligent threat management supports more traditional security measures by understanding (and potentially monitoring) the groups and individuals involved. Whether it’s a disgruntled employee or an outside group with an axe to grind, the majority of security threats to any organization originate with people — for very familiar motivations.
The modern approach to proactive threat management
Today, organizations are paying more attention to mental health. They are implementing different or more rigorous practices in their hiring and screening of both prospective and existing employees. They are keenly aware of concepts like foreseeable liability, and they are increasingly focused on compensating employees well and making employee happiness and job satisfaction a priority. These are all welcome and valuable measures that facilitate effective threat management.
Analysis and assessment are just as important as investigation. Fundamentally, threat management is about information: specifically gathering and leveraging valuable information about the potential threats you are facing and the security toolbox that is available to you. Without the right information, it’s impossible to make smart and informed decisions. Knowing what the issues are, who to approach to address them, and the most effective and cost-effective ways to address them makes threat management a largely proactive process. The proactive approach is ideal, because the best and most thorough threat management program is one where the threats are essentially eliminated or mitigated before they come to fruition.
Ultimately, threat management is something that all organizations should be engaging in. It touches essentially every area of the business and requires decision-makers to think differently about staffing, assessment, investment, and the security measures they take to protect their employees’ physical and mental wellbeing — and to subsequently protect the company and its assets.