The concept of an integrated security program is not new, but institutionalized security structures and genuine differences in areas of expertise have limited implementation on a widespread basis. Events of the last two years are changing this. The physical disruptions of the global COVID-19 pandemic not only highlighted the fragility of global supply chains but also created new opportunities for cyber threat actors: third-party logistics (3PL) providers and shippers themselves repeatedly became targets, creating highly disruptive downstream impacts. For its part, the Russia-Ukraine conflict was expected by many to be a localized event. Instead, we are dealing with an all-out war by Russia on Ukraine, with concerns about whether a similar China-Taiwan contingency could emerge.
Mapping Out the Threat Landscape
In this increasingly volatile security environment, what’s needed is an integrated approach to manage tail risk contingencies, or those risks of low probability but severe consequence. Three key elements are required. First, we need a business-driven approach to applying graduated levels of security flexibly based on severe but plausible risk scenarios. Second, threat-informed validation of security tools and procedures physical and cyber is key to their successful use in an incident. Third, whole-of-company preparedness for tail risk contingencies can help minimize disruption.
