An Effective Threat and Risk Assessment Involves Anticipating and Planning for New Challenges
Risks to corporate security and growth in 2019 and beyond include threats new and old, and to be prepared for them, business leaders are advised to ensure threat and risk assessments are a standard part of policy and procedure.
Risks include ignoring relatively recent social changes such as the ‘Me Too’ movement that protect an employee’s right to work in a safe environment, and more established concerns like privacy and security issues. Identifying potential risks is a step in the right direction.
“Consider what you define risk to be. A common definition of risk is any event that negatively influences your ability to achieve your business goals. Risks affect a company’s ability to survive, successfully compete within the industry, and maintain its financial strength and positive public image as well as the overall quality of its products, services and people,” advises Molly Corbett for Gen Re.
Risks to be considered should include insurance threats, natural catastrophes, workplace safety, cyber security, strategic and operational concerns, she continues. And, she adds, it should be an ongoing process.
“The risk assessment is a living process and should be conducted on at least an annual basis, and certainly more frequently if there has been a substantial change in your company’s risk profile. Additionally, it is a valuable exercise to re-visit the company risk library annually, as risks and definitions may develop and change from year to year.”
Ensure Everyone on the Team is Aware of Plans to Mitigate Threats and Risks
Staying current with changes to the Occupational Health and Safety Act is also a priority to mitigate risk, as is ensuring a safe work environment and having employees on the same page when it comes to concerns like cyber security, says David Perry, CEO of Investigative Solutions Network (ISN) and Crime and Security Analyst for Global News.
“We have to be focused on corporate awareness so that everybody is aware of the cyber security plan. It takes one simple mistake such as somebody finding a flash drive and inadvertently plugging it into a corporate computer, to give a hacker access to your system,” he advises.
“Gaining access to corporate files could expose data such as client lists, including personal information. That could run afoul of laws designed to protect privacy, including new Canadian privacy rules. Companies have to be aware of the new privacy legislation and they have to write policies in keeping with that legislation.”
An effective threat and risk assessment should be designed to:
Identify threats to a facility and its assetsAssess the risks associated with threats in terms of likelihood (probability), impact, vulnerability and consequencesMake recommendations to avoid, reduce, spread, transfer or accept the impact(s) should the threat(s) be carried out.
When it comes to performing risk and threat assessments, research suggests that the message is not resonating with some business leaders. The costs of failing to do so can be extreme. In Ireland, for instance, only forty per cent of businesses are conducting assessments. Losses due to economic crimes totaled more than €4 million over two years. Conducting a thorough threat and risk assessment is a first step in preventing such fraud.