Polycrises are the new normal - how corporate security must adjust its strategy

Corporate security and crisis management has changed drastically in recent years. No longer can organisations plan for a crisis happening on an annual or biannual basis – instead the new norm in today’s corporate world is to be constantly on watch for multiple crises happening simultaneously. Indeed, the term ’polycrisis’ has emerged as the key descriptor of today’s corporate risk environment. 

A recent survey that we undertook of CEOs, COOs and Chief Security Officers in some of the world’s leading multinationals bears this out. Its findings, outlined in our report The Business Value of Corporate Security, seeks to understand what such trends in the global business operating environment mean for today’s corporate security function.

Significantly, our survey found these business leaders identified geopolitical developments as the area of highest risk. With US-China relations, Russian regional activity, Middle East tensions and war and conflict all cited as specific threats contributing to the increase in the geopolitical shift, many businesses are therefore addressing high impact risk on several fronts.

Geopolitical shifts tend to not only have direct impacts in supply chain breakdowns but also have a knock-on effect into other areas. Russia’s invasion of Ukraine, for example, had both an immediate and long-term effect upon businesses, including the impact of sanctions which cut off western firms from their Russian markets. In the wake of the invasion, some companies realised that they did not have the full picture of how their assets, supply chains, and business operations would be affected. This lack of preparedness for an event that has seemed a reasonable prospect since 2014 demonstrates once again the necessity of staying aware of the impacts of global affairs. In the wake of the war, a more holistic and centralised approach to risk is a clear necessity - in consultation with security professionals some corporations have changed their method of managing assets, or even extended their definition of assets to better reflect the realities of today’s market.

As well as modern security risks like cyberattack remaining a constant threat, our research also revealed new concerns among organisations. Increasingly, companies are expected to take moral stances on social issues, which brings its own risks. CEOs, previously only required to manage the operations of the company, are now seen as the public representations of businesses. Senior leadership are expected to be thought leaders, speaking on issues including the recent Israel-Hamas conflict, the Black Lives Matter movement, and others. Tim Cook, the CEO of Apple, for example, has been vocal on issues such as privacy, human rights, and environmental sustainability. He has advocated for strong privacy regulations and has spoken out on immigration policies, expressing support for comprehensive immigration reform.

If the views of a CEO, or the actions of the company are thought to be out of step with their customer base, today’s consumers are likely to take their business elsewhere, and in some examples, boycott companies en masse for political affiliations, whether perceived or real. A recent example of this is the social media-fuelled global boycotts of western brands McDonalds and Starbucks in recent weeks for the actions of franchisees and leadership that indicated support for Israel, though both companies have publicly issued statements announcing that they do not support or donate to Israel’s military or government, to little reaction from boycotters.

This climate also leaves companies vulnerable to misinformation by individual social media users, which can snowball into devastating consequences for the company. In 2020, for instance, an anonymous QAnon conspiracist alleged that Wayfair, the furniture retailer, was involved in a child trafficking operation. In the wake of this, while the company was embroiled in a crisis communications cycle as the conspiracy achieved global virality, CEO Niraj Shah was personally targeted with hateful and violent messages, and attempts were made to short the company’s stock. This conspiracy was later denounced as false, yet its impact on Wayfair financially, and in regards to its corporate image was longer lasting. Companies therefore need to take greater precautions in protecting brand identity. Brand management is only one area in which integration of corporate security professionals and an enhanced understanding of crisis management structures proves key- the experiences of these individuals in reacting to crises is replicable across other risk aspects of business.

Climate change is also a growing risk. Whether as droughts, floods or storms, as well as the long-term impact of rising sea levels and global warming, 2023 has shown that the impact of climate change will become only more violent and pervasive in years to come. Its risks to corporate security are especially evident in its impact on cost profiles and supply chains, and it also heavily impacts upon geopolitical events by leading to resource scarcity and mass migration. Corporations have already recognised the need to address climate change, as seen in the increasing prominence of environmental, social and governance efforts (ESG). Previously a marginal corporate activity, ESG is now increasingly at the forefront of business leaders’ strategic thinking - 55% of surveyed directors noted that it was a regular part of the board’s agenda. What business leaders must do to maximise the effectiveness of their ESG plans is to include security leadership, who can help to understand and advise on the impacts of migration and resource conflicts and provide security to new trading routes, among other capabilities, in their decision-making process.

The age of polycrisis is unlikely to wane in the coming years. A hands-on and forward-thinking approach to risk is the best way to ensure business resilience. In the best adapting businesses, Chief Security Officers are taking on an increasingly broad portfolio, as the pervasiveness of security risks throughout business are better identified and ever-connected in the age of geopolitical conflict, activism and climate change. In the coming years, steps must be taken to increase the resilience of multinational corporations on all fronts - to fail to do so will leave corporate security compromised.

This oped by Rachel Briggs OBE first appeared in Global Security Mag in December 2023.

The Business Value of Corporate Security is published by The Clarity Factory.