By: Mike Evans, Director Risk Intelligence Center, Securitas Group
Risk intelligence plays a crucial role in safeguarding a company’s people, property, and brand reputation. When used effectively, intelligence not only enhances security but also provides business leaders with a strategic edge in decision-making.
If intelligence is so valuable, why aren’t companies using it to their full advantage? Companies still struggle to conduct intelligence operations — collecting, analyzing, and using information to mitigate risks and improve operations. Poor intelligence operations lead to unclear requirements, siloed teams, and reactive approaches.
Security teams face an even tougher challenge: integrating intelligence across the organization. Even when intelligence is gathered effectively, it fails to benefit the organization if it doesn’t reach key decision-makers.
To change this, companies must transform intelligence from merely passive information collection in siloed departments to an active participant in both security and business operations.
Passive intelligence operations lead to underwhelming results
Today’s security landscape is evolving at a breakneck pace. From emerging cyber threats to threats against people, property, and brand reputation, combatting risk never ends.
Intelligence helps organizations stay in lockstep with threat evolutions, offering leaders more opportunities to thwart risks and make informed decisions. Yet, for such a vital function, many organizations apply outdated approaches to intelligence gathering, usage and team structure, leaving them vulnerable to exploitation.
To start, many organizations do not clearly define their intelligence requirements or management to support operations. For instance, it is common for intelligence teams to get a directive like, “I want to know about protests or terrorism nearby.” Information on those topics could be vital, but organizations do not define expectations further or cover the impacts those events could have on their business.
Many security teams use open source intelligence (OSINT) to meet those requirements. OSINT is often cost-effective and easier to access, but alone, it provides an incomplete picture and can miss threat signals or indicators not publicly reported. Still, many organizations rely on passively collected OSINT through intelligence tools, hampering their overall risk readiness.
Passive collection, tool limitations and unclear priorities mean teams cannot adequately analyze incoming intelligence and think critically to identify threats or opportunities. Without direction and strategy, they send every alert up the ladder, whether it carries context about potential business impacts. Intelligence teams then field complaints on how reports do not address what leaders want to know.
What is common throughout these challenges? Many organizations remain reactive, failing to actively gather, analyze, and apply intelligence to strengthen their security posture and operations.
Take control with an intelligence-led approach to security
It is time to empower intelligence to actively lead organizational security. Businesses should focus on capturing requirements, using all appropriate sources, and integrating intelligence across their organizational structure to establish an intelligence-led approach.
Moreover, you can adjust operations within your current intelligence cycle, allowing security teams to adapt quickly. How might this look in your organization? Consider the four major cycle steps:
Direction
Direction involves identifying and prioritizing intelligence requirements across the business. Leaders should pin down the organization’s objectives and relevant context. Review and update your objectives and risks every three months to reflect a fast-changing risk environment.
Collection
Collection is the gathering of information from sources beyond OSINT. An all-source approach to intelligence gathering, including sources unique to your organization like employees, partners, and suppliers, resolves intelligence gaps and comprehensively answers intelligence questions.
Analysis
Analysis is the application of analytical techniques to interpret collected data. This extends beyond the usual red-amber-green ratings in risk matrices. Explore tools and emerging technology that offer more sophisticated analytical methods to produce valuable insights.
Dissemination
Dissemination is the sharing of intelligent findings across business functions. Many organizations fall short by limiting dissemination to security teams. Intelligence needs clear routes to reach decision-makers across the organization.
Intelligence-led security transforms a reactive process into a proactive, value-adding business function.
Integrating intelligence throughout your organization
Intelligence accomplishes more when properly integrated with your company’s operations in every department. How might that play out?
Recall the vague requirement: “I want to know about protests or terrorism nearby.” Recently, an organization with clear requirements around this topic identified a particularly disruptive protest planned to occur three months later. Identifying the potential threat early and communicating to stakeholders allowed leadership to manage risk through actions like:
- Monitoring for suspicious behavior
- Posting signs to deter trespassing
- Obtaining a court injunction to allow police to intervene sooner
- Communicating across departments like HR, operations, legal and communications to coordinate external efforts
The company mitigated millions in potential disruption costs by leading with intelligence, showcasing how proactive intelligence can deliver better security and business outcomes. Throughout this operation, the company’s centralized intelligence function provided a single view of the truth and led coordination efforts, outperforming siloed teams working in isolation.
Proactive intelligence-led security can mitigate many risks, from handling threats against company leadership and disruption costs to analyzing broad market risks and preparing for crises like the COVID-19 pandemic or geopolitical conflicts.
Humans are here to stay in intelligence operations
Human-led integration efforts are increasingly vital as tools and systems evolve to take on more roles in supporting intelligence operations. Emerging technologies like AI promises comprehensive and automated data collection and analysis, drawing from a broader range of sources.
Yet, AI-powered tools are limited in their judgment and execution capabilities. Automated intelligence functions without direction and strategy can exacerbate the challenges of overwhelming information volume, context-less alerts, and siloed operations.
Successful intelligence integration requires a managed convergence between humans and machines. Human experts can use their judgment to make the best decisions and lean on technical systems to gather and present the most helpful data. Time saved on collection and analysis can go toward dissemination, ensuring a healthy pipeline of intelligence flows throughout departments.
Intelligence-led security protects and grows businesses
A lot of power lies within intelligence executed successfully. Integrated intelligence-led security breaks down the silos holding back most companies and empowers intelligence to augment every business function.
Transitioning from a reactive to a proactive posture takes commitment, direction, and time. That said, the threat landscape won’t wait for you. Use your intelligence data and build robust processes to direct, collect, analyze, and disseminate insights. Meet evolving risks head-on with intelligence-led security.
###
About the Author
Mike Evans, Director Risk Intelligence Center at Securitas Group, is a risk and security leader with broad subject matter expertise and considerable experience spanning private and public sectors in multiple protective disciplines. In his role at Securitas UK, Mike has developed an industry-leading and award-winning security and threat intelligence service. Under his direction, the business transformed from a support service to a profit center, increasing revenues by 500%~ in year one, internal stakeholder reaches by 1000%~ within two years, and delivering intelligence and investigation services to some of the largest corporations in the world.