Here's how businesses can adapt to a changing risk landscape

Organizations today face an evolving threat landscape that cannot be addressed by the historically siloed approach to risk management.

The interconnectedness of risks today creates an impetus for organizations to re-think their approach to risk management. The impact of the COVID-19 pandemic across multiple threat landscapes — cyber, brand, physical and geopolitical — solidified the need for this re-think.

While the world undertook managing a global pandemic, organizations were also faced with an indiscriminate surge in ransomware attacks and a coalescence of protest movements, geopolitical tensions, economic shifts — all while environmental threats continued to grow.

All of these risks and their impacts on organizations globally continue to dominate headlines and boardrooms. A hybrid, proactive and holistic approach to these risks is a requirement as the gaps between these issues continue to narrow.

Invesco’s approach to risk management provides an example of how to manage such an interconnected array of risks effectively.

Invesco created the Strategic Intelligence group to bring to bear a more proactive, specialised and holistic method to analysing and mitigate these challenges. In 2016, the group started as a small cyber threat intelligence team within a corporate security function.

From there, as it developed a deeper understanding of the cyber threat landscape, it engaged its business partners to share analysis, which coupled external intelligence with internal knowledge of Invesco’s systems and business priorities. This engagement and the Strategic Intelligence group’s knowledge that cyber threats impact multiple areas led to our business case to move outside of the traditional approach to cyber threat intelligence.

From these beginnings, Invesco’s Strategic Intelligence team expanded rapidly and expansively, incorporating analysts globally from a variety of fields to include the US Intelligence Community, British law enforcement and cybersecurity. It became a larger group realising that, in order to provide proactive holistic intelligence analysis, it could no longer approach domains such as cybersecurity, physical security, brand reputation and geopolitical risks in silos.

While the group collects and analyses extensive amounts of data from open source, the deep and dark web, as well as law enforcement and industry partners, it does so through a lens of interconnectedness.

Invesco’s Strategic Intelligence group is an intelligence function that utilises analytical techniques to produce and disseminate assessments to teams across the organisation globally to further the breakdown of silos and the integration of risk management.

Senior leaders from business units as well as technology, legal, security, marketing, human resources, corporate communications and physical security serve as key stakeholders. The risks to an organisation change rapidly from cyber threat actor groups, brand attacks, protest movements, political upheaval, environmental crises, disease, technological advances and the weaponisation of social media.

Invesco’s collection and production is similar to the US Intelligence Community’s intelligence cycle, with Priority Intelligence Requirements or broad intelligence questions driving the collection and analysis of domains. Those questions identify the complex and interconnected issues, concerns and threats that impact the organisation.

Strategic Intelligence focuses on both tactical and strategic analysis of potential threats – engaging with relevant teams to develop mitigation strategies on critical immediate threats while producing trend analysis on a variety of focus areas within our domains.

Its annual assessment, for example, is a comprehensive analytical product focusing on trends and insights that highlight the most impactful risks so the group can assist senior leadership with making informed business decisions.

By integrating and de-siloing its approach to risk, Invesco and its Strategic Intelligence team have created a new standard for how we believe businesses large and small should approach and manage risks to their businesses.

As the world gets more complicated and more destabilised, business owners, leadership teams and entrepreneurs must think hard about the threats to their businesses — and what they're going to do about them.