‘The Security Agenda

in 2017’

Ed Smith

THE TRADITIONAL BUSINESS SECURITY AGENDA

1. Property Theft

2. Property Damage / Vandalism

3. Unauthorised Access

4. Workplace Violence

NEW THREATS EMERGE

• Cyber Crime & Data Integrity

• Employee Screening

• Internal Theft & Fraud

• Identity Theft

• Terrorism / ‘Active Shooter’

GLOBAL CORPORATE RISK SURVEY 2016

Source: www.ey.com/uk

IMMEDIATE CONCLUSIONS

• Security agenda more diverse than ever

before as threats have proliferated.

• Greater financial loss implications for

businesses in new agenda.

• Traditional models of predictive risk

becoming problematic.

• Opportunity to introduce new ideas into

our field.

FINANCIAL IMPLICATIONS – ‘OLD’ AND ‘NEW’

Cost of retail theft for UK

businesses in 2016 was £613

million.

Total cost of theft from

construction sites was circa

£900 million.

Cost of policing anti-social

behaviour was £3.4 billion

Total cost of direct

employee theft in 2016 was

£196 million.

UK Businesses reported £2.4

billion in cyber crime losses

in 2015/16.

Total cost of fraud for

private sector was

estimated at £120 billion.

MEASURING RISK

BUILDING ‘RESILIENT’ ORGANISATIONS

“Most systems try to anticipate trouble spots, but

high reliability organisations (HRO’s) pay close

attention to their capability to investigate, learn,

and act without knowing in advance what they

will be called to act upon.”

Risk

Management

Organisational

Resilience

Probability

Focused

Impact Focused

BUILDING ‘RESILIENT’ ORGANISATIONS

“Resilience refers to the organizational capability to

anticipate key events from emerging trends, constantly

adapt to change, and rapidly bounce back from

disaster.”

“The ability of an organization to anticipate, prepare for,

and respond and adapt to incremental change and

sudden disruptions in order to survive and prosper.”

Source: BS 65000: 2014

RISK v RESILIENCE APPROACHES

RISK v RESILIENCE?

Operational

Exclusive

Narrow

Quantitative

Reactive

Strategic

Inclusive

Broad

Qualitative

Proactive

PRESSURES OUTSIDE OF ‘PREDICTIVE RISK’ MODELS

HOW TO MANAGE THE UNEXPECTED?

Source: Weick & Sutcliffe, Managing the Unexpected, Third Edition.

1. Preoccupation with Failure

2. Reluctance to Simplify

3. Sensitivity to Operations

4. Commitment to Resilience

5. Deference to Expertise

BS 65000 ORGANISATIONAL RESILIENCE

BS 65000: 2014 Focuses on bringing the importance of

resilience to the top of the

organisation.

Acts as an ‘umbrella’ for sub-disciplines

such as Health & Safety, Business

Continuity, Environmental

Management and Disaster Recovery.

Provides 24 key questions to determine

consistency of resilience measures.

A taster of what can be expected in

the upcoming ISO 22316.

OUR RESPONSE AT OAKPARK SECURITY

Source: www.ey.com/uk

HOW ARE OAKPARK SECURITY HELPING?

1. Increased focus on consultancy.

2. Introducing new knowledge into

our business.

3. Introducing new technologies

within our business.

4. Working in partnership with

specialist providers.

THE CHANGING FACE OF SECURITY?

START YOUR RESILIENCE PLAN TODAY!

1. What do we need to survive? Where are our

‘pressure points’?

2. How can we better absorb and react stress on

these ‘pressure points’?

3. Consult with external parties to fill ‘knowledge

gaps’.

4. Circulate information, refine information and re-

distribute. Awareness is key!