Risk assessment is the cornerstone providing organisations the ability to recognise and analyse their security risks and respond appropriately. Risk assessments provide the basis and justification for all security action and activities.
However, the COVID-19 pandemic and response are challenging even the most dynamic security risk assessment processes. When COVID-19 is factored, organisations are finding that their risk assessment processes don’t provide the basis for action they normally do leaving decisionmakers struggling with what to do next.
Standard threat categories are insufficient during COVID-19
Crime, terrorism, and other physical security threats dominate traditional risk assessments. Most security risk managers are comfortable with these categories. But, risk assessment during COVID-19 requires a look at a broader set of categories including detailed information on multiple political contexts, governmental response to the pandemic, travel restrictions, xenophobia and hate crimes, economic stability, and operational ability. These categories are largely absent from traditional risk assessment. Their inclusion requires new, reputable data sources and means of analysis.
Add to this that COVID-19 doesn’t just create a new threat, it also impacts known threats to various degrees. Determining the likelihood and impact the pandemic, or pandemic response, will have on these threats is critical.
Standard mitigation measures are insufficient during COVID-19
Most security mitigation measures are based on the implicit principle: ‘all else being equal…’. For example, while one location experiences an earthquake or civil unrest the same will not be happening in all locations. While planes might not be able to fly from one location for a limited period, international travel continues to be an option. In other words, most mitigation measures rely on ‘life as we know it’ providing the safe haven, escape route, opt out choice, along with actions to be taken, places to go and the means to get there which are unaffected by the threat itself. COVID-19 has violated this principle rendering common mitigation approaches insufficient.
A bias toward security at the expense of health and safety
In many organisations, health and safety are dealt with independently from security and often not at all. Health and safety are often relegated to local administrators, compliant with local legislation and not acknowledged at a global level. The COVID-19 response has put health and safety front and centre requiring knowledge of countries’ public health systems, healthcare, and insurance processes that many organisations have never considered before.
Even if organisations can identify threat categories, collect the information necessary to assess them, measure the impact on known threats and create additional mitigation measures the pace of change is overwhelming. Attempting to build a framework through which an organisation can adequately manage these requires time, capacity, and expertise which many organisations don’t have.
What does a better risk assessment process look like?
Over the past six weeks, we have seen these problems repeatedly played out which has prompted the development of a COVID-19 Risk Indices Tool which provides organisations with a more dynamic risk assessment system they can use throughout remainder of the COVID-19 response.
This tool first adapts to the specific work an organisation does, the countries in which it works and how it works. It then tracks specific COVID-related indicators and layers them on security risk allowing decision-makers to monitor risk in any, or many, locations over time identifying both positive and negative trends that could affect their staff and programming.
“It’s incredibly satisfying as countries ease lockdowns,” says Kelsey Hoppe, Safer Edge CEO. “To watch an organisation with operations in over 20 countries go from being overwhelmed, not knowing how they will make decisions during coronavirus, to having a structured, consistent approach their COVID-19 risk management in the course of a week.”
As the pandemic moves from existential threat to risk management the ability to see and respond well to new and emerging risks could well be the determining factor to many organisation’s wellbeing and survival. These new and challenging times require a new risk assessment tool that can tackle that challenge.