Preparedness and resilience: keys to survive

In today’s volatile global environment, businesses face an increasingly complex array of risks. Economic uncertainty, geopolitical instability, rising interest rates, and other financial pressures all contribute to a climate where criminal activity and security breaches are on the rise.

Nick Doyle, managing director of Enterprise Security Risk Management at Kroll, emphasised to FERMA Forum Today the importance of preparedness and resilience for companies seeking to navigate these uncertain times. Doyle stressed that businesses must be armed with the tools and strategies necessary to protect their assets, both digital and physical, while also planning for unforeseen crises.

“People will probe physical vulnerability … to access data, to access information, to commit crime.” Nick Doyle, Kroll.

“The world has become a more unstable place, and there’s always an increase in crime when there is economic uncertainty,” said Doyle. As companies grapple with tightening budgets and the need to remain competitive, security often becomes an area of vulnerability. Doyle added: “It’s making it harder for companies to succeed, so they need to be armed with all the tools to make sure they’re an efficient, effective, and ultimately successful organisation.”

In recent years, companies have invested heavily in cybersecurity measures, creating robust digital defences. However, Doyle pointed out that “people will probe physical vulnerability … to access data, to access information, to commit crime.” This can include anything from gaining unauthorised access to corporate facilities to tampering with critical infrastructure.

Physical security gaps can be particularly dangerous because they often go unnoticed until it is too late. For businesses operating in sectors like finance, energy, or healthcare—where both digital and physical assets are critical—overlooking physical risks can lead to severe financial and operational repercussions.

Doyle noted that a comprehensive security strategy requires equal focus on both digital and physical security, ensuring protection on all fronts.

In addition to external threats, Doyle underscored the danger posed by internal threats, highlighting that employees and other individuals with legitimate access to sensitive areas can become significant risks.

This could involve malicious actions by disgruntled employees or simply lapses in security protocols, such as leaving sensitive information unsecured. Doyle underlined the need for businesses to protect critical areas and assets through internal policies, monitoring, and targeted security measures.

Business resilience

At the heart of Kroll’s approach is the concept of business resilience. Doyle stressed that companies must not only focus on immediate threats but prepare for the long-term risks that can disrupt operations. “It’s all-around business resilience,” he explained, adding that companies need to be prepared to deal with any number of issues that can cause significant financial harm.

As businesses grow, their risk exposure increases, a concept Doyle likens to urbanisation: “As villages become towns and towns become cities, then the risks become more prevalent. Well, it’s exactly the same for businesses.” As companies expand their operations, especially on a global scale, the range and complexity of threats they face evolve. From supply chain disruptions to regional conflicts, businesses must have the foresight to anticipate and mitigate these risks.

Doyle said that resilience planning is essential not just for commercial businesses but for critical national infrastructure. “Nuclear plants, refineries, dams, electrical plants, defence companies—all those locations need to be resilient,” he says. Kroll, along with other risk management firms, partners with these organisations to identify vulnerabilities and implement solutions that safeguard against both cyber and physical threats.

Role of geopolitical risk

As the world becomes increasingly interconnected, geopolitical risk is another growing concern. Doyle pointed to several conflicts that have reshaped the risk landscape in recent years: “We’ve got regional wars, regional conflicts, activism, demonstrations … all of these can impact businesses.” These conflicts not only pose direct threats to companies operating in those regions but disrupt global supply chains, trade routes, and investment flows.

Insurance companies, too, are acutely aware of these evolving risks. “From an insurance industry perspective, they’re interested in where the gaps are,” Doyle said. He explained that businesses must understand their vulnerabilities and work closely with insurers to ensure that they are covered.

“It’s really aligning those risks to a particular organisation,” he added, stressing that different businesses, even within the same sector, may have unique risk profiles based on their location, operations, and specific vulnerabilities.

One of the challenges many companies face is that their approach to risk management may be outdated or incomplete. Doyle mentioned that Kroll often encounters companies with a false sense of security: “They’ve done sufficient in the cyber field to protect their data, and they feel that might be the level.” However, as threats evolve, businesses must continually reassess their risk exposure and adjust their strategies accordingly.

FERMA Forum Today is in partnership with Captive Review, part of Newton Media.

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.