Study: U.S. Corporations Facing Increasing Volume of Threats
U.S. corporations are facing an increased volume of threats driven by persistent political, social and economic issues, including Roe v. Wade, gun control, diversity, equity and inclusion, the war in Ukraine, return-to-office and COVID-19.
Concerned about the rise in threat data as well as keeping employees, their CEO and senior executives safe as they return to offices and work remotely, physical security, cybersecurity and IT, human resources and legal and compliance leaders feel increased pressure to identify threats to save their company money and reduce liabilities.
But through year-end, about one-in-four (26%) of these executives at American companies anticipate they will miss at least 51% of threats, while another 31% anticipate they will miss 26%-50% of threats before they cause harm or damage.
These are some of the findings unveiled today in the “2022 Mid-Year Outlook State of Protective Intelligence Report,” a new study commissioned by the Ontic Center for Protective Intelligence. The report showcases C-level perspectives at U.S. companies with over 5,000 employees across four functions responsible for protecting businesses – physical security, cybersecurity and IT, human resources and legal and compliance leaders – regarding physical security challenges and opportunities unfolding in 2022 and the impact on business continuity and resilience.
“Our study reaffirms that threats to businesses are many and varied, ranging from hostile written, verbal or physical actions against others, radical rhetoric or hate speech on social media and actions that compromise IT security or compliance with laws, to extreme weather events that can make working conditions unsafe,” said Fred Burton, Executive Director of the Ontic Center for Protective Intelligence. “As such, cross-company threat data-sharing continues to be critical and even minor lapses in communications can result in serious security concerns. All companies should heed this guidance, but especially those considering restructurings and workforce reductions, as our study found 75% of human resources, 72% of legal and compliance, 66% of physical security and 60% of cybersecurity and IT respondents said in the past year because of a failure to notify their department in advance, violence or harm occurred at their company when an employee was furloughed or fired.”
“To function in this new turbulent normal, to grow and thrive, organizations must cultivate a culture of security. Information, action, communication, training and habit can mitigate business and mission-critical threats and liabilities, preserve business integrity and ensure critical resilience,” said Lukas Quanstrom, CEO of Ontic.
Quanstrom continued: “Communication silos still exist and different departments are inefficiently assessing the same threat. But it is heartening that U.S. companies continue to actively consolidate their multiple threat intelligence, monitoring and alerting solutions. Our research says it can’t happen fast enough: a majority said three-quarters of threats that disrupted business continuity resulting in harm or death at their company in 2022 could have been avoided if physical security, human resources, cybersecurity and IT, legal and compliance shared and viewed the same intelligence in a single software platform.”
Key findings from the survey include:
- 98% said threat assessment or threat management training to recognize workplace behaviors that could turn violent or cause damage is important for their team to successfully execute their job, including 71% who say it is very important;
- 66% said in 2022 their company received or investigated one or more threats weekly, including one-quarter that are on track to receive or investigate up to 260 threats annually.
- 64% agree at their company employees do not report erratic and violent behavior or other warning signs in a timely manner
- 63% agree their company downplays risk to emulate a safe environment
- 54% do not have a mechanism in place that allows employees to anonymously report issues and 43% rely on employees to take the “if you see something, say something” approach to security, whether they are working from home or on-site at a company location
- Among 110 publicly traded company executives surveyed:
78% said their company’s investment in security operations (e.g. funding, planning and policy development) is based directly on risk factors disclosed in its public SEC filings, including the 10-K risk factors; 77% agreed these barely skim the surface in terms of the scope and volume of security threats they investigate and receive.