Travel Risk Management & Specialist Risk Consulting
Proactive vs. Reactive Corporate Security
October 20th, 2016   Van Bethea

During a recent client meeting, the CEO of a medical devices company informed me that he and two other top executives were going to travel to a moderate to high-risk country for important business. Since we deal with risk mitigation and have significant experience in travel risk management and responding to corporate global security issues, the executive asked me for my option on the matter.

I told the CEO that a risk vulnerability assessment of the country would be a good starting point. From there, a travel security and proactive emergency response plan could be developed specific to their travel itinerary. When I presented the cost estimate to conduct a proper travel risk assessment and provide response solutions, the subject was put on the ‘back burner’.

Having served in the law enforcement and private security industry for many years, it was another example of a recurring theme for average citizens and business executives alike. When weighing the cost of proactive safety measures against a potential threat that could have a dramatic outcome for the parties involved, the decision is often made to defer security needs until something happens.

In today’s world, companies conduct business in a global environment that can create real risk. International companies have to deal with potential threats to their overseas business travelers. Companies operating in politically volatile areas may be subject to local or regional conflicts or even terrorist activities that can cause a disruption in business or worse, create physical and personal security issues and liability concerns when it comes to duty of care obligations.

It does not matter if a company is a small local shop or a major international business, management must remain cognizant of potential threats and risk facing the organization. Risk refers to external danger, such as threatening behavior exhibited by an employee or ex-employee, a criminal threat against a company, a terrorist act, threats against an executive or a natural disaster to a facility.

Many decision makers often think that a potential risk is not that significant or that they will not be the ones victimized. As a result, they make up excuses to justify not spending the money on the remote ‘possibility’ that an incident would occur. Then, once a major security incident happens, these companies very quickly realize they are forced into a costly and time-consuming ‘reactive’ mode to deal with the problem.

The following are some common elements related to those who find themselves unprepared to deal with a critical incident or security related event:

  1. Putting off setting up proper security response until an event or incident has occurred.
  2. Establishing a minimum (or no) level of security defense instead of finding a more proactive posture and response to an event.
  3. Reluctance to bring in industry professionals who can evaluate potential risks and mitigate negative outcomes.
  4. A management mindset that the company can handle the problem themselves or with untrained in-house resources.
  5. Maintaining a ‘reactive’ response mentality.

Reactive Security

The approach to reactive security is to respond to past or current incidents rather than anticipate future threats. Whenever a company becomes a victim of a threat, management determines the level of threat, the level of damage and then installs measures to address the threat. The problem is that this leaves a huge gap as it opens the door for a wide range of vulnerabilities and does not provide for an effective response plan when it may be needed the most.

Many security companies support this style because it is easy to implement and provides a short-term answer for clients.

Proactive Security

Proactive security is a more complex process that requires logical and rational skill sets to address threats and prevent major incidents before they happen. Preventative measures taken by a company to anticipate potential situations can save them from experiencing devastating events that can lead to crippling losses. Some companies are employing proactive security procedures on both their physical assets and their sensitive data, such as intellectual property and customer records. As a part of this approach, many of these companies are hunting for hackers.

Concerning protective services, the key to a successful protection program is deeply embedded in its proactive work. While strong tactical skills and operational knowledge are necessary, relying on them alone would be a mistake. It is much more cost-effective and safer to proactively detect and resolve potential threats than to wait for them to occur and be forced to react to them as they happen.

A proactive security services provider will conduct a thorough risk assessment to determine any unique risks for the specific client(s) or entity. The security professional will develop a risk profile during the assessment analysis process to identify threats, risks, and vulnerabilities. Findings from this profile will then be used to conduct on-going intelligence and threat monitoring operations to ensure that any possible threats can be identified and neutralized. These activities fall under the umbrella of a larger client-specific program consisting of a wide range of risk management and crisis response strategies.

Those who participate in proactive security will find that this is a fundamental element in developing an effective and efficient contingency and response plan. When it comes to safety and security, being proactive is the key. Waiting for the next emergency is costly and a bad recipe for disaster.