Home
 / 
News
 / 
How Can Security and Business Continuity Work Better Together?

Latest News & Updates

Featured
March 26, 2025
 / 
Articles
 / 
Mgmt Strategy
How Can Security and Business Continuity Work Better Together?
February 21, 2025
 / 
Updates
 / 
Market Insghts
Global Security Barometer 2025 Set for Early April Release
January 17, 2025
 / 
Articles
 / 
Crime Prevention
Stable Societies Require Residents Who Feel Safe. Data is Waving a Red Flag.
November 21, 2024
 / 
Articles
 / 
Public Spaces
Does Private Security Do Public Good? A Look at What Science Says
June 28, 2024
 / 
Articles
 / 
Contracting
Ligue Investigation: Public Tender Documents Reveal Need for Better Procurement Practices in Contracts for Guard Services
Enhanced Good Practice
Backgrounder
Case Study
Updates
Briefs
Articles
March 26, 2025
 / 
Articles
 / 
Mgmt Strategy

Key Points

• Business disruptions, driven by both traditional and emerging factors, are identified as the second most significant risk by global experts—only overshadowed by cyber incidents—with many regions ranking them as the top threat.

• To maintain business operations during crises when local resources might be compromised, organizations must ensure the availability of security personnel through strategic partnerships (e.g., regional security firms) that can provide rapid support.

• Effective business continuity requires close coordination between security operations and continuity planning, including: meticulous mapping of security and continuity plans to prevent overlaps or conflicts, forging strong external relationships with emergency services, conducting internal training programs, coordinating risk mitigation activities, and continuously monitoring facilities for signs of vulnerability.

Interruptions a Top Business Risk, Global Survey Finds

Interruption to business operations is the second most significant risk facing companies in 2025, according to the insight of 3,700 risk management experts from 100+ countries and territories (Allianz Risk Barometer, 2025). Only cyber incidents are a greater worry (and these, of course, can also cause business interruptions). In many countries, business interruptions are seen as the top risk, including Canada, Sweden, Singapore, The Netherlands, and others.

The fact that business resilience is a top corporate priority has several drivers, including the shift in corporate value from being asset-based to value measured by intangibles, like intellectual property, human capital, brand, business relationships, and so on. These aspects of business value aren’t as insurable, making the ability to prevent disruptions or quickly resume operations in the face of disruptive events critically important.

A company that poorly manages a disruption in today’s marketplace faces the real possibility that a competitor will take their place, said one business continuity leader.

Today’s 'hollow companies' all have similar business models, and all a competitor needs to do is step in, establish some outsourcing relationships, sign some contracts, and they’re there.

 For security teams it raises the question: How can a  security operation better support the company’s business continuity program?

First and foremost is by ensuring the availability of personnel.

In a business-impacting event, companies need ‘all hands on deck,’ but in, say, a major storm event, a company’s security personnel will be as impacted as everyone else in the area, meaning they may not be available to offer the emergency security assistance that is desperately needed. This makes a strong case for securing security arrangements with security firms that have at least a regional presence and will have the capacity to bring appropriately licensed personnel into affected areas to provide critical services.

In a recent roundtable on political uprisings in the Middle East, pre-arranging security operations emerged as a key recommendation.

You can’t try to enlist a security company to assist you once the situation is unraveling.  

In addition to ensuring the availability of boots on the ground, strategic integration between security operations and business continuity is vital. Except for the small fraction of security leaders that head-up their organization’s business continuity effort, this can often present a challenge: to work on the points integration between the two disciplines while avoiding duplication of effort.

While the focus here is on how security can aid business continuity, the benefits from better integration flow both ways, as security benefits from tapping the expertise of others. From a kidnap and ransom, a major fraud event, to a bomb threat, all security-based crisis events have both a security and a business continuity component.

We spoke with several directors of corporate security as well as certified business continuity planners to collect suggestions for how a security operation can further a company’s goal of maintaining operational continuity. (Note: Specific points of integration between security and business continuity will depend on how a company organizes the many different disciplines that feed into business continuity, which typically flows from its culture and type of business.) Nonetheless, there area few general ways in which most security leaders can aid in the increasingly important goal of maintaining continuity of operation.

8 Ways Security Operations Can Help Drive Operational Continuity

1. Program mapping. Organizations typically have both security operation and business continuity plans, but identifying the points of coordination (and perhaps conflict) between them is equally important. In some organizations the security team will write the facility evacuation plan and be in charge of an evacuation, but the business continuity plan and team will take over once the facility is cleared. Security teams need to map how the plans fit together in all aspects of crisis management to make sure they don’t conflict, and that authority is clear. If companies don’t examine incident response plans against the overall business continuity plan, it risks confusion in the handling of disruptive events.

2. Plan sharing. Security leaders should bring their operational plans for handling crisis security events to the attention of corporate business continuity planners and other experts—such as public relations for planning media response—whose skills can help improve the odds of successfully handling the event from a business perspective. While security directors may be wary of letting “outsiders” scrutinize the security plan for handling incidents, it’s important because company leaders do not measure “effective” management of a major security event purely in security outcomes. “We need to remove some of the artificial stovepiping of responsibilities and duties between security, disaster planning, continuity planning, and others,” said the president of Disaster Recovery Institute International in an address at a global conference on disaster management.

3. External communication. It’s prettycommon for security directors and departments to liaison with local lawenforcement, but security can be a better business continuity partner if itforges similarly mature relationships with other local emergency services,including fire officials and Emergency Medical Services.

4. Internal training. As business continuity has grown more important to all areas of the business, attitudes have changed toward the emergency and security functions—and this creates opportunity. Internal customers are now more interested in what security departments can offer, which suggests a more willing audience for security training programs that may have been a tough sell years ago. Safe business travel is an example of a topic on which managers and workers now actually want some training.

5. Risk mitigation coordination. Atcompanies with distinct security and disaster preparedness units, joint preparednessexercises are useful, covering risks such as extreme weather events; threatresponse for active shooter incidents, hostage events, or high-rise evacuation,and supply chain disruption. By coordinating specific activities, leaders ofrespective disciplines improve communication, working relationships, and can leverageeach other’s strengths.

6. Examining “triggers.” Leaders of different crisis functions may want to use trigger points and checklists to direct their response to events rather than expecting an all-encompassing business continuity plan to describe the specific actions to take during a crisis event. “People aren’t going to pull out policies in disasters, you want to identify the action items to take that are associated with different trigger points,” said one expert. Working from the business continuity plan, security can identify events that, once they occur, demand specific action by the security department, and then use a checklist to make sure they respond appropriately.

7. Plan activation benchmarks. Securityleaders should be aware of the events that cause companies to activate theirbusiness continuity (BC) plans. For security executives at internationalcompanies, it’s enlightening to consider just how varied the causes of businessdisruption are, and that many causes are closely related to issues thatsecurity departments deal with extensively. BC plans are triggered by a widerange of events, from a disgruntled employee, civil unrest, power outages, toterrorist activity.

8. On-going site assessment. Because a wide assortment of events can cause business disruptions, risk assessments and business impact analyses are central to smart continuity planning. Practitioners must gauge the potential for a facility’s operations to be impacted by natural events (flooding, wildfire, etc.), environmental events (water main break, power outage, etc.), and other risks (labor strikes, terrorist attacks), and then undertake appropriate preventative and mitigation activities (e.g., posting evacuation routes). Many of these are one-time or occasional facility assessment items—like proximity to rail lines or the location of HVAC equipment—and the business continuity team (if one exists) will likely spearhead this major hazard analysis effort. But there are also on-going issues that impact a facility’s readiness or suggest potential vulnerability to damage that the security team may be in the best position to monitor.

Security teams should work together with business continuity teams to identify all data that the security force can collect during routine or dedicated patrols to inform the crisis management team on the state of a facility’s readiness or indicators of potential problems. For example, the security force might be instructed during patrols to take note of:

•  sensitive assets inproximity to water-bearing pipes or equipment;

• presence of mold caused by poor climate control;

• food waste not cleaned up (which can lead to pest infestation) or the presence of food and drink in sensitive areas;

• whether or not emergency flashlights are present in all appropriate locations and charged;

• if emergency lights are operable;

• accumulation offlammable items, snow on roofs, and debris in gutters.

ROI
Cyber
Regulation
Critical Infrastructure
Threat Analysis
Crime Prevention
Supply Chain
Market Insghts
Staffing
Mgmt Strategy
PPP
Public Spaces
Contracting
Cash