Updated: Apr 22, 2021
What assets do you need to secure?
Most often businesses do not know assets or information to secure and do not conduct regular security vulnerability assessment or disregard advise from security audit until a crime has been committed against them.
Previous case studies suggest that businesses have assigned a security focal point who have other roles and do not have an idea on to conduct a risk assessment comparatively to other businesses who have hired a security professional or security manager who his role mainly focusing on security issues and he is accountable for any shortfalls.
What is a security vulnerability risk assessment?
The security vulnerability risk assessment is an audit conducted to identify assets needs to be protected and any other risks that posed to the organisation.
Best practice suggests that the assessment is carried out regularly to mitigate the risks and ever-changing security threat levels.
Case studies suggested that despite the assessment has been carried out whether, by an independent security consultant, businesses often disregard the security recommendations to improve and mitigate security risk as they often see this as an additional cost to the organisation.
Previous experience, a client was recommended to install an automatic alarm system in the office but disregarded as saw this as an extra cost until when an insider broke into the accounts office stealing a safe and cash costing a business reputation and cost. This could have been prevented by implementing security recommendations.
The assessment can be conducted by a trained security professional or an independent security company or a security consultant.
How do you prepare for a security risk analysis?
The security risk analysis can be conducted to any business whether a school, factory, port, retail outlet, critical infrastructure or an airport.
The analysis aims to identify assets needs to be protected and prepare countermeasures for potential deviance.
There must be a senior management collaboration with the security manager or an independent to ensure that they work together to conduct an effective analysis. There must be an internal meeting with all stakeholders regularly or three months basis to discuss the analysis and even after a report has been submitted.
The analysis will involve identifying internal control measures and processes for identifying areas of improvements.
Previous case studies observed that most senior management and internal stakeholders pay no attention to the analysis and leave the analysis to the security manager or security focal point.
What are the strategies to mitigate the risks?
Tried and tested strategies are;
Implementation of security measures whether a security guard or application of security technologies such as access control, CCTV surveillance, intruder alarm systems, etc.
Review of the building design and environment to ensure that target hardening measures are placed to make it difficult for a potential adversary to commit a crime.
Ensuring that the business has sufficient insurance for the business and that it covers all the security breaches.
Undertake a review of finding a way to conduct a less risky business activity by reviewing all the business processes.
Review and identify any opportunities that can be exploited by potential adversaries and ensure that it is removed.
What other resources available to assist with the risk analysis for the business?
There are several sources you can review regularly to analyse the risks posed to your business such as;
Country Security Risk Report
Regional Crime Analysis
Daily Security Alert
Crime Survey Report
Crime Statistics Report
What are the consequences of not carrying out a risk assessment?
Firstly, it is the direct loss as a result of the crime being committed against your business. For example, a safe stolen from the office during a burglary because there is no alarm or a security guard and the safely contained business documents and cash of 20,000 pounds. The direct loss to replace all this.
Secondly, the consequential loss is the amount to replace this is ten times more as a direct loss due to ensuring that security measures are in place to prevent similar incident as well as the loss with hinder the operational activity of the business and productivity.
Thirdly, it’s an impact on the business will have such as reputation damage and if it’s a serious incident, it will affect the shareholders as well as the stock market.
What is the best advice?
Do not underestimate carrying out a risk assessment for your business regularly mitigate ongoing risks.
We live a world where risks are always changing and adversaries are coming with new ways of penetrating or countering security measures in place. Therefore, it should be a business priority to ensure that risk assessment is carried out a regular basis and risk register is reviewed prioritising on the most risk that urgently needs to be mitigated.
Most security companies and security consultants have vast experience carrying out a risk analysis. Depending on your budget, ensure that you have a permanent security manager for such role as he/she can bring ROI on your business for preventing crime and application of security measures which in the long run improve your bottom line.