There is a common perception that the Security Management team is a non-productive department and that its employees are low-skilled.  This is far from the truth, however. 


The objective of Security & Risk Management is to secure the organisation and its reputation by minimising the probability of risks and their impact. This can be achieved by having a rigorous Risk Management Framework. While such diligence may not seem necessary on a day-to-day basis, they play a crucial role to minimise the costs associated with fixing a security breach. 


Having a robust security defense plan, be it physical or digital governance may seem like a lower priority than other business functions such as sales but it is not. Never say never to security attacks which can lead to losses in reputation, customer trust and millions of dollars to recover.’


Yes, major incidents and crises do not occur everyday but one such occurrence can crumble a company’s external reputation. Security breaches are often followed by ensuing lawsuits, penalties and fines imposed by governing authorities. Something as simple as a leaked video footage revealing the poor security management of a company can lead to investigations or provide opportunities for perpetrators to hatch a harmful plan against the company. Internally, the company may also experience a loss in employee’s trust, resulting in lowered morale and poorer productivity. To safeguard personal interests, it would not come as a surprise if employees would like to move to another company with stronger security measures in place. 


The most ideal situation is to prevent incidents or crises from happening in the first place. In the unfortunate event where an incident has happened, organisations must take prompt actions to resolve it in a timely and swift manner. Otherwise, the company’s reputation could further take a blow.


One non-security, Public Relations  action firms can take, before negative manage negative media report ensues would be to clarify the incident and announce the actions that the firm is taking to manage the issue.  


Coming back to the 3 Golden Rules and 3 Fundamental Questions posed in the previous articles, organisations who acknowledge the presence of inherent risks and actively manage them are those who can ensure effective security and risk management. Constant reviewing of an organisation’s Security & Risk Management protocols, as well as framework is a must and not a good-to-have.


Many would have heard of the Kaizen approach used in lean manufacturing but its principle of continuous, incremental improvement can also be applied to Security & Risk management. Since Kaizen aims for improvements in productivity, effectiveness, safety, and waste reduction, adopting a Kaizen approach to security-related frameworks would encourage organisations to never rest on their laurels but seek ways to keep up and enhance the organisation’s overall security posture.


At first glance, investments in security may not seem economic on the profit and loss statement. On further analysis, prudent organisations would realise that having a robust security framework and measures in place can potentially guard the organisations against liabilities and reputational damages. Weighing the cost and benefits, the latter clearly outweighs the former.