By: The Security Executive Council
Special thanks to SEC Emeritus Faculty George Campbell and the late Dick Lefler for their early insight on this topic.
There have been many rumblings of a possible recession is the US. For example, according to
the 2018 Duke University/CFO Global Business Outlook survey, nearly half of U.S. CFOs believe the nation’s economy will enter a recession by the end of 2019.
The Economist’s Intelligence Unit expects the US to enter a recession in 2019.
In a predictable business environment, business leaders use economic trend data to develop organizational strategy. In less turbulent business conditions these forecasts can be made with a higher degree of accuracy allowing the business leaders to plan on the best alignments for their business against the economic and competitive conditions. These strategic organizational plans form the basis for Security risk mitigation leaders to assess any new or current risk conditions, therefore keeping the security programs they manage to in alignment with the overall business needs.
However, in a down economy many organizations find their plans and activities that do not match up well against difficult business conditions. In worst-case scenarios this misalignment can send their organizations into a financial tail spin. For many others a recession causes swift reactions to reduce the financial losses that can occur during these times. These reactions often include across the board budget reductions and subsequent layoffs. Security leaders need to proactively react to the business changes but also redevelop strategic plans for them.
Although economic downturns typically reduce sales and revenue in many industries/sectors they can also drive services or increase revenue for others. Therefore, no matter what organization you protect it makes sense to consider what current factors affect your company and its future direction.
Key Business Assumptions Senior Executives Will Focus On
The first assumption and probably the most obvious, is lower sales and revenue for many companies.
There will be pressures for capital and expense cost reductions including postponement of investments, the hiring of new employees, and an in increase the termination of existing employees.
There will likely be instances of negative earnings compared to previous quarters. It is critical to understand the earnings assumptions for your company - earnings are the key fundamental measure by which Wall Street evaluates a publicly traded company. Not for profits and NGOs are judged by cost of service. The issue is where your organization’s earnings are projected. As senior executives are confronted with diminishing earnings there will be tendency to reforecast and potentially a need to accept more risks; especially in areas where risk probability is low or were the cost of mitigation programs is high.
If the company is in a highly regulated sector, it will could be impacted by legal requirements that mandate security program requirements. Mandated compliance programs costs cannot easily be reduced or eliminated in any economic downturn.
There will likely be reductions in business related travel. Fewer employees and contractors traveling may reduce the costs related to employee protection programs. Critical questions include determining the current status of employee travel in your company for the next year and if your program has a variable cost element that would allow for cost savings.
If you manage a security program that involves due diligence of pending merger and acquisition targets, you need a clear understanding if your company’s near-term business plans will reduce or expand this activity.
Finally, favorable trends like lower crimes rates in robust economies will likely reverse and trend upward. Examples include crimes against persons and property, insider risks issues involving diversion or theft of assets, intellectual property (including sales and marketing plans, customer lists) - the list is extensive. In addition, many sectors will likely see an increase in counterfeit activity as affordability for the genuine article diminishes while demand can remain high.
Risk Implications
Following are a sampling of security areas that may be impacted by a downturn.
Investigations
Investigations are a core security service for most organizations. Two critical issues: First, will the company demand for investigations increase or decrease in a downturned economy? And second, is your department correctly resourced to meet the demand. One issue to consider is an increased demand for investigations with reduced resources. If an increase in resources is obtained based on demand, does the competency or skills needed to do specific investigations exists within your department or need to be changed.
Investigative metrics are essential in making any business case presentation to senior management: financial losses, cost of investigations, frequency of occurrence per 1000 employees, trending data, all help business leaders understand risks and tradeoffs. Also, if necessary, separate regulatory or compliance required investigations from discretionary investigations to identify what is required from what is desired.
Disgruntled Insider
Outsourcing, downsizing, layoffs and general business contraction will contribute to elevated stress at work and at home and may result in increased workplace hostility and potential for violence. Disgruntled employees or contractors with varying levels of access may take advantage of that to do damage or compromise assets in their trust.
Security’s risk assessment process may reveal vulnerabilities exploitable by knowledgeable insiders and outsiders with access. This is especially true for business processes targeted for resource reductions. The level of interaction between security, compliance, human resources, legal counsel and business unit leaders should ensure knowledge of risk trends, including indicators of increasing workplace hostility.
People and Property Protection
Management may ask “Since we are reducing our headcount and space, why are you pushing back on reducing your security operations staff?” With an increased potential for property crime, reduced police presence, and workplaces offering targets of opportunity, premises liability risk is likely increased.
Security operations teams are our first responders and their relative availability can be even more pronounced when external public safety-first responders are simultaneously cutting back; potentially resulting in significantly increased response times and perceived Duty of Care service deterioration.
Mergers & Acquisitions
Many companies grow through mergers and acquisitions. Generally, such activity for companies is to engage using credit or their own stock if the market multiple is high enough. Many companies have their security departments involved in due diligence programs to understand the potential acquisition in terms of risks issues. Risks issues can include reputational concerns, legal/compliance issues, and issues of leadership and ethics. In a similar way, many companies are potential targets of acquisition and concerns over the protection of sales and marketing plans, key financial data, strategic plans are critical to minimizing what be known about the company besides regulatory reporting.
The critical issues in this area of security are to understand the business direction your company will assume given a potential turn of the economic climate. If activities will be curtailed, then budget and personnel realignment may be required. If there are significant opportunities for M&A, the company may become more aggressive requiring additional resources. Ask yourself, what would my company do? Will it be aggressive or defensive plans? Develop security plans based on those business assumptions.
Questions to Ask Yourself and Team
Before a potential recession hits here are some things to think about in advance:
- Will investigative requirements for the company increase or decrease with reduced sales and revenue? Will management agree to fewer investigations at higher thresholds of risk/loss for lower program costs? What categories should be exempt from cuts?
- Will internal or external threats increase or decrease? Where and why?
- How effective is the level of workplace violence risk awareness, planning and collaboration between security, human resources and business units?
- Are there special plans associated with employee or vendor terminations or reductions in force for business units possessing highly sensitive or critical business applications or processes?
- Do you separate legally required security costs from discretionary security costs?
- What percent of your top 100 most critical business processes have undergone a full set of business continuity readiness tests?
- For workplace hostility, theft and/or sabotage during downsizing, how will you address reductions in your cyber, first responder, floor warden and physical security resources to a level that ensures what you believe is an essential level of protection?
- To what extent could your most critical supply chain partners be impacted by the economic downturn and what are the security implications, if any?
- Are there service innovations and technology integration options available to you for optimize protection?
- If M&A activity will be reduced by your company what portion of your budget will be negatively impacted?
- Do you have established metrics to reliably measure workload and risk trends that will be essential to supporting the maintenance of selected security programs?
Next Steps
The Security Executive Council consists of thought leaders in the realm of security and risk mitigation. We have the experience that can help your organization weather turbulent financial headwinds.
Contact Us to discuss your situation and find out how we can assist you.