US corporations are facing an increased volume of threats driven by persistent political, social, and economic issues such as Roe v. Wade, gun control, diversity, the war in Ukraine, returning to the office, and COVID-19. Through year-end, about one-in-four (26 percent) of executives at American companies anticipate they will miss at least 51 percent of threats, while another 31 percent anticipate they will miss 26-50 percent of threats before they cause harm or damage.
This information comes from the 2022 Mid-Year Outlook State of Protective Intelligence Report, a new study commissioned by the Ontic Center for Protective Intelligence. The report shows C-level perspectives at US companies with over 5,000 employees across four functions responsible for protecting businesses—physical security, cybersecurity and IT, human resources, and legal and compliance leaders—regarding physical security challenges and opportunities unfolding in 2022, and the impact on business continuity and resilience.
“Our study reaffirms that threats to businesses are many and varied, ranging from hostile written, verbal, or physical actions against others; radical rhetoric or hate speech on social media; and actions that compromise IT security or compliance with laws to extreme weather events that can make working conditions unsafe,” said Fred Burton, executive director of the Ontic Center for Protective Intelligence. “As such, cross-company threat data sharing continues to be critical, and even minor lapses in communications can result in serious security concerns. All companies should heed this guidance, but especially those considering restructurings and workforce reductions, as our study found 75 percent of human resources, 72 percent of legal and compliance, 66 percent of physical security, and 60 percent of cybersecurity and IT respondents said in the past year because of a failure to notify their department in advance, violence or harm occurred at their company when an employee was furloughed or fired.”
“To function in this new turbulent normal, to grow and thrive, organizations must cultivate a culture of security,” added Lukas Quanstrom, CEO of Ontic. “Information, action, communication, training, and habit can mitigate business and mission critical threats and liabilities, preserve business integrity, and ensure critical resilience.
“Communication silos still exist and different departments are inefficiently assessing the same threat. But it is heartening that US companies continue to actively consolidate their multiple threat intelligence, monitoring, and alerting solutions. Our research says it can’t happen fast enough: a majority said three-quarters of threats that disrupted business continuity resulting in harm or death at their company in 2022 could have been avoided if physical security, human resources, cybersecurity and IT, legal, and compliance shared and viewed the same intelligence in a single software platform.”
Key findings from the survey include:
- 98 percent said threat assessment or threat management training to recognize workplace behaviors that could turn violent or cause damage is important for their team to successfully execute their job, including 71 percent who say it is very important.
- 66 percent said in 2022 their company received or investigated one or more threats weekly, including one-quarter that are on track to receive or investigate up to 260 threats annually.
- 64 percent agree that at their company, employees do not report erratic and violent behavior or other warning signs in a timely manner.
- 63 percent agree their company downplays risk to emulate a safe environment.
- 54 percent do not have a mechanism in place that allows employees to anonymously report issues, and 43 percent rely on employees to take the “if you see something, say something” approach to security, whether they are working from home or on-site at a company location.
Among 110 publicly traded company executives surveyed, 78 percent said their company’s investment in security operations (funding, planning, and policy development) is based directly on risk factors disclosed in its public SEC filings, including the 10-K risk factors. Seventy-seven percent agreed these barely skim the surface in terms of the scope and volume of security threats they investigate and receive.
The full report available for download here.