This is the first in a four-part Hillard Heintze series on the top trends in 2017 we expect to see driving best practices and priorities across the U.S. and the world in four areas: security risk management; threat and violence risk management; investigations; and law enforcement. This post is focused on security risk management and the drivers of demand for security risk consulting services.
No sooner had the world welcomed the New Year when the mass shooting erupted in the Reina nightclub in Istanbul, Turkey killing 39 and wounding 70. We’ve been here before: around the globe. Many of us – leaders of major corporations and public agencies as well as the expert teams who advise them – begin another year with empathy for those whose lives have been lost or destroyed.
But many of us are also acknowledging a growing concern that 2017 will bring new security risks to our lives, professions and communities, including a higher level of indiscriminate violence. This increase in violence has major implications for the priorities, challenges and issues that will drive adaptation in best practices in 2017 across security risk management domains.
As we start 2017, here are our predictions on the top five trends we see impacting security and stability for the businesses, government agencies and individuals we support every day.
Trend #1: Terror Attacks Will Increase Against Soft-Targets in the U.S. and Worldwide
We expect to see the threat this year from Islamist terrorist groups increase in frequency and in prominence particularly in the U.S. and Europe. These attacks are most likely to be inflicted on soft targets such as nightclubs, event halls, tourist centers, schools and shopping malls. Unlike the past decade or more, during which the typical profile of an attacker was a young man with extremist Islamist views, overseas training in countries such as Pakistan, Afghanistan, Iraq and Somalia, and a baseline of local support, the emerging profile of today’s terrorist is changing.
In 2017, more of these attackers will be radicalized citizens and legal immigrants who have not been trained overseas and are not necessarily supported by a local cell. Since early behavioral indicators of potential attacks of this nature – e.g., communications with like-minded individuals, predilection toward violence, access to weapons, posts on social media, and other flags – are sometimes more difficult to identify and interdict, preventing attacks and improving security in the workplace and public areas will continue to represent an increasingly higher priority for organizations across sectors and industries.
Trend #2: Geo-Political Tension Will Impact American Travelers and Businesses
Even before the outcome of the recent U.S. presidential election was clear, key global regions were confronting high levels of change and in some cases, instability. Europe is wrestling with the implications of the Brexit referendum, a flood of immigrants from Syria, challenges in tracking potential terrorists across country borders, and a surge of populism and anti-European sentiment both within and outside its borders. Populism is also roiling the Middle East as it reels from the human, economic and political impacts of the war in Syria, a near-coup and a surge of terror in Turkey, Israel’s turgid relationship with the Arab world, relatively weak autocratic governments, and the new and politically destabilizing role of technology across this region.
At the same time, many world leaders and nations from Russia and China to Mexico and Germany are preparing to rethink their geopolitical strategies in response to a new U.S. president expected to advance an “America First” philosophy with a willingness to turn a decades-long ecosystem of international principles, geopolitical relationships and economic agreements upside down. This global tension will continue to raise travel-related risks for executives and other employees and, by extension, place more pressure on corporate security teams to enhance their in-house or external capabilities related to areas such as travel risk management services for the workforce, executive protection abroad, global command center operations, 24-7 crisis management and incident response, and kidnapping and response services.
Trend #3: Populism, Political Instability, Travel Risks and Workforce Radicalization Will Spur Executive Protection
Not surprisingly, given our thoughts above, we anticipate new and growing concerns about executive safety and security within companies, boards and executive suites that, up to now, have not traditionally viewed stand-alone executive protection capabilities (let alone a full-scope executive protection program) as necessary. We’ve been tracking this trend closely. The triggers for this growing interest extend beyond geo-political instability, global and local terrorism and travel risks – particularly for American and other Western executives.
One key factor is an increasingly acrimonious political environment in the U.S. after a national election that included new lows in candidate behavior and inflammatory rhetoric, higher partisanship, and the emerging normalization of extremism groups in both primary U.S. political parties.
Another factor is addressed in my blog, “The Top 5 Trends in Threat Assessment and Workplace Violence Prevention That Will Define 2017.” One of the major challenges we face with the risk of radicalization in the workplace is discerning between constitutionally protected free speech on issues such as religious beliefs, gun rights, right-to-life, racism, animal rights, ultra-right or ultra-left activism, and environmental activism versus violent extremism.
Trend #4: Large-Scale Cyber Attacks Will Increase, Driven by Phishing and Other Risks
Several trends suggest that 2017 will be a record year for cyber attacks. In fact, the Center of Strategic and International Studies (CSIS) has estimated that cybercrime costs businesses $400 billion worldwide.
This is supported by the number and effectiveness of phishing emails which, according to Trend Micro, initiate 91% of all cyber attacks.
Other factors driving cyber security risks this year include a shift in the attacker tactics from a focus on pure data theft and hacking sites and networks to undermining data integrity itself; the still-immature state of security in an IoT (Internet of Things) world; the growing focus of attackers on consumer devices and handhelds; and breaches that are harder to prevent, identify and counter. As it did in 2016, cyber security will continue to represent one of the strongest reasons organizations this year need to continue raising the bar in areas such as employee cyber security training and awareness, IT security policy updates, enforcement of user compliance with policies and, even pursuit of ISO27001 certification.
Trend #5: After Breaches and Incidents, More Companies and Executives Will Face Litigation
Let’s say a hack of your network in 2017 results in the compromise of critical customer information – or an employee tragically loses her life as do others when a domestic violence incident erupts in one of your offices. When the harm’s been done and those most hurt elect to pursue legal recourse, it’s becoming harder to argue “what exactly were we supposed to do?”
For example, if you’re responsible for IT security at any level, make sure you’re aware of pertinent security-related laws such as security breach notification requirements. These are becoming more complex – and compliance more expensive. Similarly, if you’re responsible for corporate security, make sure you can demonstrate that the company and your team have established and maintain at least baseline capabilities to prevent harm to personnel. For example, the Occupational Safety and Health Administration (OHSA) requires employers to maintain workplaces “free from recognized hazards that are causing or are likely to cause death or serious physical harm.” Since the costs of litigation, penalties and payouts can be staggering, we believe more organizations will turn to prevention this year and more executives will pursue more meaningful agendas for security risk management based, in part, on their desire to insulate and protect their own professional careers.