What CSOs are thinking: Allied Universal releases World Security Report 2023

New Zealand Security Magazine - October-November 2023

World Security Report
Security budgets are predicted to increase significantly to keep people, property and assets safe.

According to the inaugural World Security Report, large global companies lost a combined $1 trillion in revenue in 2022 due to physical security incidents. Economic unrest is expected to have major security impact over next 12 months.


In addition to economic unrest, the report also found that companies anticipate a surge in social unrest, climate change unrest, fraud and theft. As a result, physical security budgets are predicted to increase significantly to keep people, property and assets safe.

Security leaders intend to focus investments on advanced technology and providing security professionals with additional skills and training.

Fraud – deception intended to result in gain – is likely to be the biggest external threat over the coming year. The leaking of sensitive information is predicted to be the biggest internal threat, with dangers posed by hackers, protestors, spies and economic criminals expected to soar.   

Commissioned by Allied Universal and its international business, G4S, the World Security Report documents opinions of 1,775 chief security officers (CSO) or those in equivalent positions from 30 countries.  Working for large, global companies with a combined annual revenue of more than $20 trillion – a quarter of the world’s gross domestic product, CSO participation was independent and anonymous.

“It comes at a time when organisations across the globe are increasingly navigating more complex security hazards and threats”, said Steve Jones, Allied Universal’s global chairman and CEO. “The research shows the impact of security threats on organisations is multidimensional​ – from the disruption of productivity to the loss of customers, to the potentially staggering financial impact.”

Among the report’s high-level findings:

  • More than USD$1 trillion in revenue was lost by companies as a consequence of physical security incidents in 2022.
  • One in four (25 percent) publicly-listed companies reported a drop in their value following a physical security incident over the last year.
  • Institutional Investors surveyed estimated an average decrease in value of 29 percent for publicly-listed companies due to a significant security incident in the last year.

Security-impacting hazards

The report found that economic unrest will be the biggest security-impacting hazard over the next 12 months – this was according to nearly half of CSOs surveyed. Asia Pacific and Sub-Saharan Africa are anticipated to be the most impacted regions in the world.

After economic unrest, climate change is anticipated to be the second greatest hazard by 38% of participants. Social unrest is expected to pose a threat by 35 percent of CSOs, up from 31% the previous year, and one third of CSOs expect disruption to energy supplies to impact security.

Unsurprisingly, 32 percent of respondents indicated that the threat from war and political instability is also likely to increase, up from 25 percent last year. Interestingly, the biggest hazard last year was pandemics reported by 42 percent of those surveyed.

Internal threats

Internal threats are expected to increase next year, with 92 percent of CSOs anticipating their company will be targeted.

Misuse of company resources or data was identified as the most common internal threat by 35 percent of respondents, followed by leaking sensitive information at 34 percent, which is on the increase – particularly in the Asia Pacific region.

Unauthorised access to company resources or data, industrial espionage and intellectual property theft are also all expected to increase in the next year. While misuse of company resources or data was the internal incident most likely to have driven companies to improve their security in the last 12 months.

External threats

CSOs expect all external threats to increase in the next year, with fraud predicted by 25% of CSOs to be the biggest external threat, followed by phishing and social engineering (24 percent) and theft of company physical property (23 percent). Fraud was expected to most likely impact Sub-Saharan Africa compared to any other region next year.

Geopolitical tensions are expected to compromise the security of supply chains and could result in disruptions to global trade in the next year, according to 87 percent of CSOs.

Businesses in the financial services and consumer staples sectors predict the most significant increases in external threats, closely followed by those in the energy and real estate sectors.

Threat actor groups

Threat actor groups include violent criminals, petty criminals, economic criminals, terrorists and subversives (hackers, protestors, or spies). The two groups predicted to cause the most security incidents in the next year are subversives and economic criminals at 50 percent and 49 percent respectively – a significant increase on the previous year.

Security incidents committed by terrorists are expected to rise from 19 to 26 percent next year at a global level, while security threats from violent criminals are predicted to increase next year, from 27 to 33 percent.

In North America, CSOs expect security incidents by violent criminals to increase from 41 to 49 percent. North America is the region expected to be most impacted by both economic criminals and subversives.

Dangerous regions

Respondents believe that the most dangerous region to operate in is northeast Asia. Southern Europe, North Africa and Southern Africa were all considered the least dangerous.

Companies actively operating in dangerous regions are more likely to view these regions as risky when measuring threats and potential risks, compared to companies who do not have a footprint in those territories.

People

“It is clear that global companies expect security professionals to have a multitude of skills that they were not expected to have 10 years ago,” wrote Allied Universal CEO Steve Jones and G4S Executive Chairman Ashley Almanza. “For example, it is now much more important for a security professional to have technological capabilities and a high level of customer service training.”

People skills in frontline officers are more important than physical attributes of strength according to 9 out of 10 respondents. The top traits and skills that are extremely important for frontline security officers to possess are: Integrity and honesty, a strong understanding of technology, Industry-specific experience, and Customer service skills.

“Global companies recognize the value of highly skilled and intelligent security professionals protecting their most important assets, with 94% saying the ability to speak multiple languages and 96% saying a higher education degree are important for a frontline security professional,” wrote Jones and Almanza.

Recruiting security officers will be a challenge for 8 in 10 CSOs.

Technology

CSOs rated their technological advancement in terms of their physical security program, with a detailed set of criteria. These ranged from minimal tech use, to advanced and followed by cutting edge. According to these criteria, Latin America was identified as the most advanced region in the world in its use of cutting edge technology.

The shift from purely staffed security operations to technology-enabled,] is challenging according to 9 in 10 CSOs. The top two barriers companies face when implementing technology are the cost to implement and the cost to maintain.

A third of CSOs are concerned about the lack of skills in the security workforce and the lack of internal skills in their own company to implement technology. They found that technology improves the overall effectiveness of security operations, enabling security staff to be more productive and efficient.

“As the pace of technological advancement quickens, its importance as part of the best-designed security solution increases,” wrote Jones and Almanza. “The challenges of combining the right technology with the right people, are made evident in this report.

CSOs were generally of the opinion that physical and cyber security are increasingly interlinked. 9 out of 10 respondents said cyber threats that threaten physical security are challenging to their businesses. Yet, 9 in 10 CSOs said company leaders are more concerned with cyber than physical security.

Security provider confidence and involvement

According to survey responses, when a company uses a single third-party security provider for more than 80% of its security requirements, the number of incidents falls and confidence in being able to deal with security incidents effectively, increases.

The average level of confidence for those with a high level of provider-delivered security is 82 percent compared to 54 percent for those with low involvement.

“The data shows that a trusted partnership between a customer and their security provider transforms the effectiveness of the overall security program,” wrote Jones and Almanza.

Physical security budgets

Physical security budgets are expected to significantly increase at 46 percent of respondent companies, with budgets in North America expected to rise the most of any region. Security budgets represented approximately $660 billion (3.3 percent) of global revenue at respondent companies in 2022.

More than half of CSOs will prioritise their spending on new technology and training staff. Artificial intelligence (AI) is top of the agenda for future physical security technology investment, with 42 percent intending to invest in AI and AI-powered surveillance over the next five years.

The three top budgetary drivers globally are expected to be rising operational costs, international economic instability and domestic security concerns.

Methodology

The research was conducted with two audiences: global company physical security managers and global institutional investors

In relation to global company security managers, research was carried out via an online survey between 20 and 31 March 20 2023, with a total of 1,775 respondents across 30 countries and 13 languages. A quota-based random selection process was used within each country by industry and each country’s data was weighted to have an equal proportion in the global results (with the exception of the U.S. to reflect their larger economy).

In relation to global Institutional Investors, online research on 17 April 2023, with a total of 200 investors. A quota-based random selection process was used to select them by type and geography.

The report is available at: https://www.worldsecurityreport.com/

RiskNZ