Bloomberg Law
Feb. 25, 2021, 9:00 AM

Physical Threats Are Rising: Key Compliance, Legal Issues for GCs

Scott  Shepherd
Scott Shepherd
Ontic Technologies Inc.
Fred Burton
Fred Burton
Ontic Center for Protective Intelligence

General counsel and chief legal officers are multidimensional leaders who touch every part of an organization, guardians guiding legal and regulatory matters for the business, navigating complexity while mitigating risk; catalysts, operators and strategists.

What’s more, there always has been great potential for disruption from inside an organization or externally. The trifecta of Covid-19, racial justice activism, and political unrest has led to lawsuits against employers in state and federal courts. Adding in potential threats to physical safety and cyber data breaches only exacerbates the number of ongoing threats and potential lawsuits corporations face from employees.

Recent research commissioned by the Ontic Center for Protective Intelligence shows that for 71% of security, legal, and compliance executives, physical threat activity at their company has dramatically increased since the beginning of 2020. Of those surveyed, 80% expect an increase to their 2021 physical security operating budgets, with 7% of firms expecting an increase of more than 51% (see graphic below). The data was collected in a survey of 300 chief security officers, chief legal officers, chief compliance officers and physical security decision-makers at U.S. companies with over 5,000 employees.

Below are some considerations and steps that companies can take to better address physical threats. Note that these are merely factors that could improve a company’s ability to protect its physical assets—the failure to satisfy any of these steps does not mean that your organization will be more vulnerable to threats.

Steps to Address Physical Security Threats

Ensure you have a robust and reliable audit trail. Should the company’s safety and compliance efforts ever come into question by employees, clients, shareholders, or regulators, you will need a thorough audit and investigative trail. And if properly maintained, this could be used as evidence at a trial if necessary.

Have a response plan. Should an incident take place, businesses can mitigate the impact with a holistic, integrated, and measurable compliance strategy and effective response plan that has been put through a tabletop exercise.

Train your employees. Employees on the human resources, legal and security teams should be trained on executing your response plans. As part of this training, conduct a tabletop exercise to “pressure test” the plan; run through the scenarios the plan envisions as if they were happening with the team members responsible for addressing the situations. This way you can identify potential issues, make sure they are addressed and then update your plan accordingly. Everyone needs to understand the next steps, including properly documenting any incidents.

Work together with your security team. Most businesses are not organized to effectively tackle intelligence risks and physical threats that cut across cybersecurity, human resources, legal, and physical security silos. Furthermore, most legal teams don’t have the bandwidth to investigate where the company vulnerabilities originate, making security and legal team collaboration even more important.

Make sure you have clear policies in place that mandate these groups work together—and in what ways. Also consider having your corporate security team report to the chief legal counsel due to the complexity of threats faced today.

Talk to your insurance provider. Review your policy with your broker to make sure the coverage you have is sufficient given the physical security threat landscape. (It may seem elementary but can often be falsely assumed). Your insurance provider should also have a role in helping you put together your response plan.

Implement a technology-driven approach. Ensure you have technology that allows you to “see around corners” and that automates some of the processes, such as creating an audit trail. The right software, easily accessible by legal and security teams no matter where they are located, can light up the bigger physical threat picture in real-time, enabling those responsible to stay a few steps ahead of events to protect employees, brand reputation and the organization overall.

By fully understanding the legal and compliance implications of physical security and adopting a comprehensive system to meet the changing environment, legal teams can be confident they are fulfilling their ever-growing and changing responsibilities as the guardians of the value of their organizations.

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Write for Us: Author Guidelines

Author Information

Scott Shepherd is the chief legal officer at Ontic Technologies Inc., a protective intelligence software innovator, where he oversees all corporate legal affairs, including regulatory compliance and legal counsel. He brings more than 30 years of experience as a litigator and leader of global legal operations and compliance for two fast-growing startups.

Fred Burton is the executive director of the Ontic Center for Protective Intelligence where he spearheads strategic consulting to physical security leaders at major corporations. He is a New York Times best-selling author, and his latest book is: “Beirut Rules: The Murder of a CIA Station Chief and Hezbollah’s War Against America.”