ASIS International‘s latest research report (2023-2024), produced in partnership with LifeRaft, paints a revealing picture of the challenges and developments in security risk management in organizations. Here are some of the key trends.
An increasingly complex threat landscape
Security professionals face a constantly changing environment. Rather than replacing old threats, new ones are superimposed on them. As a result, teams are now navigating a permanent “permacrisis”.
Among the most worrying threats:
- Workplace violence and active shooter (43%)
- Cyber attacks (ransomware, various computer attacks) (42%)
- Theft of intellectual property or goods (35% external, 32% internal)
- Natural disasters and climate change (31%)
- Regulatory non-compliance (30%)
Identifying threats: a multidimensional approach
The report confirms that no single method is sufficient to detect risks:
- In-house threat analysis teams are considered the most effective.
- Safety professionals also rely on :
- open sources (OSINT),
- government agencies,
- specialized conferences,
- exchanges with their peers.
A collaborative approach, involving several departments within the organization, is considered essential to properly identify risks.
Safety is often confined to a tactical role
Despite numerous efforts, safety is still too often perceived as a function :
- Reactive (43% consider it mostly tactical).
- Less involved in major strategic decisions.
- Dependent on the support of the CEO and the Executive Committee to gain influence.
One of the major challenges remains to demonstrate that safety can play a key role in value creation, and not just in crisis management.
The 4 levers of success
The ASIS report identifies four critical factors for improving the performance of security risk management programs:
- Maintain and regularly update the risk management plan.
- Ensure that safety managers spend at least 50% of their time on strategic issues.
- Fully integrate safety into the organization’s overall risk governance.
- Adopt the Enterprise Security Risk Management (ESRM)
ESRM: an approach that’s gaining ground
The Enterprise Security Risk Management (ESRM) approach aligns security efforts with business priorities and organizational objectives. According to the report :
- 40% of organizations have already adopted or are in the process of adopting ESRM.
- Organizations that have implemented ESRM achieve better overall risk management results.
ESRM thus acts as a strategic lever to reposition security at the heart of corporate governance.
The psychological health of teams: a growing challenge
Ongoing crisis management weighs heavily on security teams. Leaders must now :
- Actively plan rest periods for their teams.
- Introduce more humane, preventive management of psychological risk.
Conclusion
The ASIS 2023-2024 report reminds us that security can no longer be limited to incident management. It must evolve into a true strategic partner of the organization, capable of anticipating, preventing and integrating into major business orientations.
Successful organizations will be better prepared for future crises, and above all, more resilient and successful.
➔ Sources: ASIS International – The Current State of Security Risk Management 2023-2024