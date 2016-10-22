Today the security set-up of an industrial or business enterprise is no more a minor adjunct of the establishment that employs a certain number of watchmen and their supervisors to protect the physical assets against pilferage or forced encroachment by outsiders. It is now a comprehensive domain in itself, whose mission is to safeguard the human, physical and information resources of the organisation, study the threat spectrum, and strive to constantly improve the professional skills of the security personnel. In the age of proxy wars and ‘covert’ offensives economic entities of strategic significance for the nation may be on the radar of the adversaries who know that economic damage inflicted on the targeted country weakens the latter’s national security as well.



Security has conceptually advanced in three ways. First of all, it has to measure up to the description of being strategic, integral and systemic. Security set up understands the big picture behind an incident, does not miss the wood for the tree and works within a strategic plan. Security is integral in the sense that it covers the entire length and breadth of the enterprise. Also, security has to be system-based not individual-centric as it has to run on SOPs, protocols and tradecraft.



Secondly, security now is not a standalone function but a part of the mainstream management. The first step of ordering a ‘security survey’ is itself taken by management, which is the owner of this report. A function of increasing importance for security is the ‘insider threat management’, which can be handled only when the security set-up has free and complete access to every segment of the enterprise where the subverted insider might be hibernating. Those in charge of security must therefore be in easy relationship with all the heads within the organisation.



Thirdly, in view of the vast expansion and empowerment of the security domain, it is now accepted in principle that security would function on the direct authority of the top man of the enterprise. In all major establishments one of the deputies of the CMD directly oversees the security set-up.



The emerging thinking is that security should be viewed not as a liability but as an ally of the profit centre. There are multiple reasons for this. First, security buys its value from the cost of what could happen if security risks were ignored. Second, the ‘risk’— wherever it may be — is now handled in a manner that productivity was not hindered. And third, security is a productivity enhancer itself since in an unsafe world the employee needs a secure work place to do his job with greater concentration in order to produce more in the same time. Large enterprises located in risk-prone territories try to establish residential complexes for their employees to give them security at home also.



Perhaps the most important development in the security domain is the conceptual shift from ‘security risk management’ to a more comprehensive ‘enterprise risk management’ in which the approach is to identify and mitigate all the risks that the enterprise faced. In these times, the litany of universally interdependent risks is almost endless. Events happening thousands of miles away can affect us. Viruses fly across geographical boundaries to damage information systems. And environmental issues can topple business plans.



Apart from the hardcore security issues revolving round the safeguarding of people and property against a probable ‘attack’ from outside with or without the involvement of a subverted ‘insider’, risks such as damage to reputation or brand, adverse impact of social, economic and political environ, and unpredictable threats ranging from earthquakes to pandemics are amongst the major non-traditional security concerns of a business entity now. Security leadership therefore has to get deeply involved with evaluating and mitigating non-traditional security risks facing the organisation, as well. For this it will have to have a complete understanding of the business across the board as it exists in the enterprise. Corporates have realised that ‘mainstreaming’ enables security to perform at its best.



It is desirable to move from ‘security as a cost’ to ‘creating value from security’ for the shareholders. An integral risk management brings in all conventional security threats and the non-traditional risks under one umbrella. Security helps the management in the handling of both geo- political and internal risks and coordinates with all the departments of the enterprise for this purpose. A great dividend of ‘mainstreaming’ is that it mitigates the cost as it facilitates multi-tasking for both security personnel and the management people, helps generation of ‘early warning’, and leads to a cost-effective response to an emergency by creating a grid of understanding within the entire enterprise. The holistic approach to risk management helps to build up cross-culture teamwork. Since security is anchored on intelligence, which enables one to see the danger or an opportunity that lies ahead, it helps not only to mitigate risk but also explore the opportunity for responsibly taking on more risk. Security’s new story therefore is that as part of the larger risk management it contributes to profitability. It cannot be looked down as an avoidable financial burden any more.



(The writer is a former director, Intelligence Bureau)



