How to turn security risk into a competitive business advantage

By Rudy Neefs, Director of Corporate Security EMEA at Tech Data Corporation

Today’s world is more complex and interconnected than that of our parents or grandparents. We are truly living through so-called VUCA – volatile, uncertain, complex and ambiguous – times. 

Whilst simple (security) risks are comparatively easy to identify, quantify and understand, there are three areas in particular that I’d suggest organizations should devote more attention to, namely: 

(1) high-impact, low-likelihood events or ‘black swans’, 

(2) interconnections between risks and 

(3) culture, compensation and fraud. 

The latter continue to be major drivers of value loss in firms. I try to show companies that competence in enterprise risk management is paramount to business survival and success and that it offers true strategic advantage

It should be a critical part of any business continuity plan. In this regard I always like to refer to organizational resilience management, which is not a single discipline, but rather a blended consideration of the risks facing an organisation. 

It is both a forward-looking and backward-looking approach to managing risk to achieve an organization’s objectives. It is about maximizing opportunities and minimizing likelihood and consequences by removing the silos and finding the appropriate balance of adaptive, proactive, and reactive strategies.

I also often emphasize the use of proven asset protection methodologies, concepts and theories and how they can help to mitigate specific security risks. This approach, in combination with key metrics (what cannot be measured cannot be managed), demonstrates the relationship between effective security and company profitability. Security executives must understand how to bring these elements together to meet company objectives and succeed in the current global business environment.