Exclusive: How will security look post COVID-19?

A recent report from McKinsey Global Institute outlines what the future will look like for business, workers and consumers as we move into the post COVID-19 recovery and beyond. Human Risks CEO, Mads Pærregaard discusses below what these trends mean for security teams.

Consumers have shifted to digital channels and companies have followed

Is your company selling more via digital channels, or is new to selling its products or services online? There’s a whole new risk landscape to be managed as fraud grows online, new relationships with supply chain vendors might change and your company likely has less control over physical goods, or even has to include delivery to the end consumer as part of the supply chain.

This trend raises new strategic questions for security leaders to consider:

• How do you protect against industrial espionage, theft or tampering when goods are not physically where they used to be?
• How are due diligence processes managed when new partners and vendors are added, at a much faster pace?
• How does this impact relationships and workflows with other teams, such as the information security department, logistics and law enforcement and how do you ensure a source of intelligence in the new geographic areas your colleagues have to work in?

The critical question however, is – are you as a security manager supporting the change or becoming an obstacle for digital transformation? The data indicates that there will be a gap between the companies that embrace digitalisation and companies that are unable to adjust. 

Remote and flexible working means changes to risk assessments

This topic has been well covered during the pandemic in many webinars and articles. But it is still crucial to address that greater use of flexible working arrangements introduces new sources of risks to employees that have to be managed in order for companies to make this shift successfully. The direct risk to employees might arise from factors in their local area, which may be different to those considered for the main office sites. Because work location is becoming fluid, it is harder to define what is the responsibility of the employer vs. the employees. New policies and boundaries must be established to determine how much the employer can decide in terms of restrictions, particularly when it comes to security measures that are designed to protect the employee, but may be seen as an invasion of privacy.

Working across organisational silos with health and safety and information security to ensure a safe working environment from home is critical. Reassessments of threat vulnerability are crucial – could it become easier for adversaries to do industrial espionage if they just have to direct their efforts at a private home, compared to an office with security guards, access controls, CCTV, alarms and safes?

Expectations of productivity have dramatically increased

The immediacy of the changes brought about by the pandemic led many organisations to realise that a fast roll-out of new initiatives is possible. As a result, there will be a strong push to maintain this momentum and continue to roll-out new projects (not just digitisation) faster than before. Cutting down on planning time and maybe adopting a more agile, iterative “test as we go” approach will require security managers to support this business philosophy. This means less time available to do detailed security risk/vulnerability assessments and due diligence processes. Achieving this will likely require an increased focus on ensuring that the employees driving the change are empowered with a baseline level of security awareness and understanding, so they can ensure an acceptable level of security in their projects.

The growth in inequality means greater risks on the horizon

The social contract is increasingly under pressure even in established democracies, which means greater vigilance is required of security managers to spot potential risks like demonstrations and civil unrest in regions where this was previously not on the radar. Wage stagnation, loss of jobs and economic insecurity across a society are also triggers of potential risks such as fraud, theft and violence. Both in the UK and the US, McKinsey expects consumer spending by high-income households to increase by close to double the rate at which they expect low-income households’ spending to decrease from 2019-2024. These economic factors will have far-reaching consequences that security managers must pay attention to as the world enters the post COVID-19 recovery.