The digital transformation of the security function
- Security Risk Management
- Investigations, Litigation and Forensics
Building a technology-enabled intelligence capability
As part of their drive to introduce technology into security risk management, many corporate security teams are assessing internal and external technology options to help them improve their ability to collect data, process information and generate and disseminate intelligence to support faster and more accurate decision-making. The convergence of physical and digital security threats facing organisations is rapidly compounding this need, with security functions increasingly expected to cover cyber and physical threats in a streamlined and comparable way so that executives and boards can assess them in their risk registers.
The COVID-19 crisis has turned that need from a nice-to-have into a must-have. Never before have crisis management, business continuity and security management teams required granular and near real-time intelligence about developments in locations around the world – and all at the same time. But despite an abundance of information in the public domain on COVID-19 related disruption, teams have had to spend long hours trying to piece together, process and analyse this to generate the intelligence required by their organisation to make decisions.
The reward is there
Having an intelligence capability that can rapidly collect, corroborate and validate data from a multitude of sources, while providing the context to assess and identify relevant security threats to the organisation would be a game-changer for most large global companies.
First, it can significantly improve the speed and effectiveness with which the organisation responds to a crisis by enabling crisis management teams to have at their fingertips the intelligence they need to make quick, informed decisions. A well-planned protocol for crisis reporting and alerting will save time and effort, allowing the team to focus on the crisis at hand. This will be particularly important as in-house teams already burnt out by managing the organisation’s response to COVID-19 try to grapple with a plethora of other potentially disruptive events, from wildfires and hurricanes to cyber attacks and civil unrest.
Second, having such a capability can easily demonstrate the value of the security function to the wider business outside crisis situations through providing regular and dependable intelligence analysis. This could support the smooth running of numerous business activities, from executive travel to shareholder meetings and pre-market entry threat assessments. As global supply chains come under increased security and political risks pressures, such an intelligence capability can also help to inform short- and long-term business plans by weighing the risks and rewards of the future threat landscape.
Third, and equally important, a well-integrated intelligence capability can support the convergence of security functions through correlating different types of security threat. From detecting threatening communications against the company online, to monitoring physical access controls to premises and suspicious traffic reaching IT networks, blending these data sources and contextualising them through a fused intelligence capability can significantly improve the proportionality, pace and timeliness of the response.
But mind the pitfalls
All of these benefits are compelling. However, implementing such a capability can present its own set of challenges.
First, and most important, technology is a means of addressing problems, not a solution to them. As many organisations have found to their cost when embarking on a digital transformation programme, the technology is only as good as the people and processes behind it. The wrong mix of these ingredients, or an overreliance on one over the other will end up creating more headaches than it cures. We often hear clients complaining, for example, that their teams are overwhelmed by the amount of information received from the technology platform they opted for; or that they have identified significant gaps in data availability for particular jurisdictions or languages; or that the technology aggregates and analyses a lot of data but the team struggles to translate that analysis into business decisions.
The key to creating a successful intelligence capability is first and foremost to define its goals and then to achieve the right balance between technology (aggregating data), skills (interpreting data), and processes (feeding that analysis into business decisions).
Secondly, organisations will vary significantly in terms of the resources at their disposal to implement such a capability. We operate in a world of limited resources and few companies in these times can afford to build large teams and invest in expensive technology. But the good news is that, as ever, less can be more if technology is implemented effectively. Our experience with clients shows that taking a threat-led, proportional approach supported by clear processes and prioritisation to guide operational protocols can effectively compensate for some resource constraints, allowing the organisation to focus effort and resource on monitoring threats to the most critical assets and areas of the business that are at greatest risk. Starting with a risk assessment and a rigorous assessment of intelligence needs will therefore be essential to ensure a balance between investment and reward.
Finally, organisations should be mindful that the past is not a good predictor of the future. A security function will often use incident monitoring and data analysis to provide robust tactical support and solid retrospective analysis but will not necessarily be able to forecast the next crisis around the corner. Identifying emerging threats is rarely effective through automated predictive analysis alone. Strategic (emerging) risk forecasts requires different skills and analytical methodologies, and are better outsourced to specialised analysts. Such strategic risk forecasts should then feed into the threats and scenarios monitored by your intelligence programme to give your organisation a real competitive advantage in the market.
To avoid these pitfalls, organisations should start to build such an intelligence capability by drafting a roadmap/scorecard that ensures that their solution:
- Achieves the right balance between technology, skills, and processes.
- Fits well with the organisation’s needs and culture.
- Is proportional to the level of threats the organisation is facing and focuses on critical assets.
Aiming for these three key objectives – or indeed, measuring the effectiveness of an existing intelligence capability against them – should allow your team to provide timely, accurate, relevant and actionable input into decision-making at all levels in the organisation.
Key steps to drafting a roadmap to an integrated intelligence capability
- Conduct a threat and risk assessment – what are the critical assets of your organisation that need to be protected and what are the main current or potential future threats to these assets?
- Define intelligence cycle requirements – what type of intelligence will be needed to support these stakeholders in their decision-making? Which sources of intelligence will be required? How will intelligence be aggregated, triaged, analysed, and disseminated back to the business?
- Identify the skills and technology required to collect, analyse, and disseminate intelligence – what technology and skills are required to meet your specific organisational needs? What level of training and/or recruitment or outsourcing is necessary to meet these requirements?
- Identify internal stakeholders – who in the organisation will benefit from this intelligence to perform their roles more efficiently and more accurately?
- Agree governance and processes – who in the organisation will ultimately be responsible for the quality and effectiveness of this capability, and what rules will govern internal engagement?
- Review regularly how frequency should intelligence, skills & technology requirements be reviewed and updated to ensure that the programme continues to meet organisational requirements?