The physical threat environment is increasing in both the U.S. and globally for businesses, but a recently released report says many CEOs are not prepared to mitigate the impact on operations and people. Many CEOs are aware of the physical threat levels around their business and they’re hearing more concerns expressed by boards and employees.
But only now are more of CEOs increasing their investment in mitigation technologies, says the Global Risk Impact Report released by critical event management provider OnSolve. The 22-page report outlines significant increases in three rising threats globally in 2022 when compared to 2021: infrastructure and technology (up 688% globally and 807% in the U.S.), transportation accidents (increased 211% globally and 296% in the U.S.) and extreme weather (up 72% globally and 42% higher in the U.S.).
“Each risk manager, whether they’re in business continuity or security, deals with their world of risk. And as I've heard many of my colleagues say, ‘There has been no blue sky for some time,’ meaning every day there's a new crisis,” says Chris Hurst, OnSolve’s Vice President of Value Engineering. “When you step back and look at the volume and frequency of the events, it’s really astounding.”
Little or No Planning
The report’s conclusions are based on an examination of more than nine million global events detected by OnSolve Risk Intelligence from Jan. 1, 2021, through December 31, 2022.
Data in the report was gathered using OnSolve Risk Intelligence, an AI-powered technology that monitors over 50 risk categories of physical threats across 159 countries in real time. OnSolve also commissioned a survey last January of 250 U.S.-based CEOs with more than 100 employees to analyze corporate approaches to physical risk mitigation alongside the physical threat data.
Even though threats such as tornadoes, train derailments or power outages happen globally every minute, 60% of CEOs surveyed had no plan to address the full range of the severe physical threats to their business. Forty-six percent have planned only for some significant threats. Some 37% of CEOs say they have a plan for extreme weather, but only 29% have a plan for infrastructure failures, and only a quarter of them have a plan to manage transportation accidents.
Perception of Stability
OnSolve wanted to focus on CEOs in the report because they’ve had to lead the dialogue in the C-suites to construct mitigation plans for threat such as COVID-19 and cyber-attacks. Hurst believes that in the private sector there’s been an assumption of stability in institutions such as law enforcement, North American Treaty Organization, the U.S. Centers for Disease Control and longstanding U.S. trade relationships, but that notion is being challenged as these institutions are being stretched.
“As a business founder myself, I could be thinking about driving revenue or hiring talent. And I don't have to think about, ‘Are the lights going to stay on?’ Are my employees going to come in?’ Because that's not my problem. That's a public sector problem. That's an institutional problem,” Hurst says. “Whether you sit at the far left or far right of the political spectrum, or anywhere in between, I think most people agree these institutions are being stretched.”
Hurst used an example of the recent gunfire attacks against power grids in North Carolina, Washington and other states. Executives learned that previous assumptions that setbacks and chain-link fencing to protect substations may be insufficient now. “This is a new normal,” Hurst says. “And so now, if your clients are in the space of designing security for substations, you’ve got to think about rifles. And that is a change.”
Here are three significant takeaways from the report, according to OnSolve:
- Physical threats have a cascading impact. The rise in physical threats is compounded by their interconnected ripple effects on other business operations. From road closures to power grid failures and chemical spills across entire communities, the ripple effects are the most challenging aspects of crisis preparation and management.
- More CEO involvement in mitigation strategies is needed. Every CEO believes its organization will face at least one physical threat in 2023. CEOs have noted that preparing for physical threats is now a top priority (38%) — even more than those prioritizing economic inflation (30%). While most CEOs (78%) delegate crisis management responsibilities, 18% admit they don’t have anyone in the C-suite overseeing physical security and duty of care.
- C-suite facing pressure from corporate boards, employees to address physical threats. Almost all (99%) corporate boards have asked executives for plans that combat physical threats. Meanwhile, employees are also concerned. Just over half of CEOs surveyed (51%) said their employees are sharing more concerns about physical security since the beginning of the COVID-19 pandemic.
Technology Not Utilized
CEOs acknowledge that utilizing proper technology will protect their organizations from physical threats. The report says 93% of CEOs surveyed believe technology would safeguard employees and operations, but only 26% have invested in technology for that purpose -- although an additional 48% are prioritizing such an investment this year.
Hurst says security teams face an uphill battle explaining the urgency of security systems to CEOs because it is difficult to quantify the value. But Hurst notes that financial reports clearly spell out how costly threats are to companies until the point there is a timely response.
Proper technology is crucial to detecting and responding to the “dynamic risks” that are happening today due to the interconnected nature of operations and global economy, he adds.
“Within technology, you need some way to monitor those assets wherever they're at. And you need a combination of humans and artificial intelligence looking, searching, filtering, finding, and saying, ‘Look here, we have a problem,’” Hurst says. “So dynamic risk ought to be part of all of our exercise planning.”
Progress with Cybersecurity
The report’s authors suggest those in the C-suite should take a cue from how business leaders have prioritized and planned for cyber threats.
According to Deloitte’s 2023 Global Future of Cyber Survey, 70% of survey respondents said cyber was regularly on their board’s agenda, either monthly or quarterly.
In addition, 86% of respondents reported that cyber initiatives made a significant, positive contribution to at least one key business priority.
“This tells us that cybersecurity is already a C-suite dialogue and proves a safety strategy works when it comes from the top,” the OnSolve report’s authors say.
John Dobberstein is managing editor of SecurityInfoWatch.com and oversees all content creation for the website. Dobberstein continues a 34-year decorated journalism career that has included stops at a variety of newspapers and B2B magazines.