Security leaders are seldom participating in corporate drills and tabletops that deal with cyber incidents, supply chain disruptions, or civil disturbances according to a recent practitioner poll by the Security Executive Council.
The poll asked the question, “What exercises/drills/tabletops does security participate in or plans to in the near future?” While more than half of surveyed security professionals participate in active shooter and natural disaster drills and tabletops, fewer than one-third are involved in domestic violence/suicide drills, and fewer than 20 percent in drills for supply chain disruptions and loss of key personnel.
While it’s possible that practitioners are not being invited to the table for certain types of incident drills, it’s also possible respondents’ companies are not running exercises on these types of incidents.
“We have seen some security organizations are creating drills or tabletops for incidents receiving a lot of attention in the media,” said Bob Hayes, managing director of the Security Executive Council. “Security practitioners should weigh the probability of certain incidents happening at their organization. For example, while active shooter is horrific, the FBI reports that in 2018 there were 27 incidents. Compare that to the OSHA’s estimate that approximately 2 million American workers are victims of workplace violence each year.”
It’s worthwhile for security leaders to consider whether their companies perform preparedness exercises on the types of incidents listed in this poll, whether their risk profile shows that it may be in their best interest to do so, and whether other corporate functions are running such drills without security’s participation.
Full results of the poll are posted here.
The SEC’s next Security Barometer quick poll focuses on organizations’ top current security risk issues. To take the quick poll, click here.