Article published on Harvard Business Review France
Executives in any company, when asked about their business obsessions, will answer with other questions: how can I protect the competitive advantage, the value, and the financial interests of my company? How can I scale and maintain my business globally?
Growth and Protection are two keys words in the executive’s mind but it is also a 21st-century business paradox. Without growth, no company can survive, but with growth companies may jeopardize safety. As businesses expand globally and operate in new and unfamiliar countries and markets, they face increasing volatility, complexity, and ambiguity, putting their company into all sorts of risks. Some risks are well-known like competition, political and economic while others, unfortunately, remain poorly known and underestimated amongst businesses of all sizes.
How many business executives can understand and mitigate criminal risks? How many organizations implement an effective criminal risk oversight and management? If you go by the number of damaging attacks on companies, which are offered up every day in the media, the answer is not many. Internal fraud continues to cost businesses 5% of their turnover every year, 67% of companies in the world have been hacked, 2017, intellectual property theft and nation-state espionage harm as high as 600 billion per year to US Economy, recent scandals abound (e.g: Volkswagen, Guess, Nike), cascading resignations are soaring, and record fines (e.g: Google, Monsanto) and criminal attacks (e.g: Vinci, Maersk, MGM hotels) have caused disruption of operations, attacks on reputation, and financial losses. The scale and complexity of criminal threats in today's interconnected world are immense, with issues ranging from cybercrime to espionage, kidnapping to fraud, terrorist attacks to toxic cultures, corruption to counterfeiting.
Gaining a Decision Advantage by understanding Criminal Risks.
Criminal risk can be seen as a difficult and uncomfortable subject topic for leaders. Discussing loss and disruption, or assessing wrongdoings within one’s company is not the most fun of tasks.
Additionally, crime in business is hard to define and even harder to identify. Far from an unambiguous line, it is defined by any illegal act or any form of behavior seen as unethical by consumers and stakeholders committed by people inside or outside the company. Yet criminal attacks don’t appear by chance. They are the results of a company’s actions (or inactions), which means that the likelihood of suffering the consequences of business crime is determined by the way companies protect their business and by the choices, they make on daily basis.
It is imperative to take ownership of the future and to develop awareness around these issues to ensure success. Good leadership reframes potential risks into opportunities. By taking advantage of the vulnerabilities they discover, and by integrating protection into their business strategy, companies can take on the challenges of operating in an unstable world., ensuring, protecting and enhancing its growth and competitive advantage.
Three principles are needed to ensure an effective and profitable growth protection strategy: awareness of criminal threats, smart investment in people, and the establishment of a healthy and safe culture.
Protection as a Strategic Choice: Ensure your Growth
Historically, when defining strategy, companies used to treat value creation and value protection as separate entities. Today, that is no longer possible. If companies want to be sustainable without impacting their profits, they have to start thinking about protection at the early stage of what they do. In order to establish a fruitful business strategy, managers and their teams must actively and systematically integrate protection and defense practices at the strategic, tactical and operational levels.
Firstly, the company needs to identify internal and external criminal threats that they face and the essential assets to protect (people, reputation, property including intellectual one). Secondly, the company must utilize a strategic analysis to assess and prioritize their risks. Finally, the company will need to establish a protection plan bringing together prevention and mitigation procedures to risks, crisis management measures, and business continuity plan.
Build on Ressources: Prepared and Empower your team
People are at the core of criminal risk and growth protection. Criminal attacks are man-made—sometimes perpetrated by company insiders—but people are also the solution.
In order to be successful, a protection strategy that is sustainable, ethical, and easy to follow safety processes must put in place for all employees and stakeholders.
Historically, protection is managed by the IT department or Security department. However, this is no longer sufficient. Today, protection is achieved through the daily actions of all employees. Every employee, regardless of their position, must be informed, responsive and motivated to participate into the process.
To do so, training, communication, and governance are keys; Training educates to risks, encouraging caution and feedback. Communication creates a climate of trust where everyone can express themselves freely and propose improvements. Governance favors a social and ethical vision of the company.
Business Culture Reset: A Good Company Makes You Feel Safe
Although there is no foolproof recipe for creating a perfect protection strategy, some factors from the company itself attract criminal attacks. The pursuit of profit at all costs combined with a lack of control and ethics often leads to abusive practices. However, in an age of radical transparency, organization wrongdoing is no longer tolerated.
The founder of Uber had to resign following the exposure of a culture of sexism and intimidation. A smartphone video of a United Airlines staff member forcibly dragging a passenger off an airplane has become viral. The #DeleteFacebook movement has been taken over 400,000 times on Twitter in protest of the unethical use of personal data of 50 million user accounts by the social platform. And the list goes on and on.
Connected world has transformed businesses into glass boxes where consumers can easily see inside. Executives, boards, marketing, and staff managers have to understand that even if the behavior happening within a company is not “illegal,” it may be condemnable. When the poor social, environmental, or ethical practices of a business are exposed, the reaction of consumers and other stakeholders -analysts, journalists, suppliers, activists, ideological hackers- can be vicious and the downfall rapid, often hurting more than legal punishments.
Today, every company needs to investigate and eliminate unethical behaviors and any presence of toxic company culture as a matter of survival because of the serious consequences for their business in term of reputation and results.
If bad corporate behavior increases the risk of bad employee actions, the reverse is also true. Good corporate behaviors including awareness, transparency, accountability, and egalitarianism are the core values that reduce workplace violence, conflict and lead to growth. They work like superpowers, increasing abilities, creating greater success, improving the quality of work, and making business safer and more effective.
An organizational focus on ethical business practices and a system of checks and balances will prevent any single leader from taking advantage of their position. When you create a proactive culture of ethical and equitable treatment, it is much easier to manage and mitigate these types of risks moving forward. This sort of “always do what is right” spirit makes it easier to do the right thing and much harder to do the wrong thing. Plus, employees will feel like they belong and are protected, and are more likely to protect the company in turn.
Organizations with a healthy culture not only gain the trust (of their employees, consumers, and stakeholders) but also strengthen their resilience, minimize the risk of attacks and encourage cooperation and innovation.
There is no time to think if attacks will occur but when, and start proactively protecting against them. A protection strategy will defend your company as well as lead to impeccable growth, admirable performance, and an enviable reputation.
Criminal threats will never completely disappear, but when a company and its employees work together to strengthen their protection, they reduce the risk and deliberately take ownership of their future for their well-being and those of their consumers.
Read the post in french on Hbrfrance.fr