Risk Intelligence: How to detect and mitigate risks in your business environment?
What is Competitive Intelligence, really? As many Competitive Intelligence professionals will probably tell you, it depends mostly on your organization’s objectives. In this multi-blog series, we explore types and uses of competitive intelligence. We will draw on client experiences, who are leaders in industries ranging from security, banking, and manufacturing.
Get ready for the most comprehensive guide on the practical applications of competitive intelligence!
Our first topic, Risk Intelligence, will be focusing on how leaders across several industries are using competitive intelligence to detect and mitigate risks.
The definition of risk intelligence varies by industry. It is the process of considering every possible risk that can affect your organization, and preemptively creating contingency plans, response protocols, and communications strategies.
Some risks you should consider include:
- Data leaks by employees
While specific risks may vary from industry to industry, the basic purpose of using competitive intelligence for risk management is:
- Gaining accurate knowledge of your environment and understanding where your vulnerabilities are.
- Clearly representing or defining your risks (this process can also be called “risk mapping,” and generally involves visualizing your risks on a graph, map, or some other visual representation. Keeping a close eye on risks and factors that could cause/become risks.
- Making strategic moves to avoid the risk altogether by finding ways to prevent them, or increasing your response time and efficacy when a risk becomes reality.
Plan, plan, plan
Risk Intelligence can be used across different industries and purposes, but the bottom line is a company must use the same basic format when establishing a competitive intelligence project designed to find and mitigate risks.
- Brainstorm all possible risks that can affect you, your organization, your partnerships, your industry, your country, etc. Involve as many employees from other business units as possible, since they have an excellent knowledge of your environment. When you are first identifying possible risks, don’t rule anything out.
- Once you have identified all possible risks, determine how these risks would affect you.
- Create plans to mitigate and respond to these risks. Set your monitoring parameters to watch for these risks.
Choose broad, but specific topics
When you are monitoring for the purposes of risk intelligence, your monitoring/search parameters will be both considerably broader and incredibly specific. Competitive intelligence for risk is different from other applications of competitive intelligence.
If you are monitoring for the purpose of risk management, you would need to watch for:
- Industry news
- New regulations/changes in laws
- Supplier news
- Risks in the countries you operate in
- Security threats
- Safety threats
- Political changes
- Scandals/ethical issues
- Natural risk/disasters
- Economic risks
- Industry changes
- Cyber threats*
* While you can monitor mentions of all of these things, cyber attacks are slightly harder to preempt, unless someone posts their plans for a cyber attack on a public profile or an open forum. Assuming you don’t have the ability to read private conversations, your best option for preventing cyber attacks, is to find websites that list the most recent types of viruses or cyber attacks, or to closely monitor news about other cyber attacks. Consider any information you can gather from past attacks to gain insights about how to protect yourself (this of course applies to multiple types of threats, not just cyber threats).
This seems like an overwhelming task. How can you monitor all this information and yet have it all make sense? What if you are an international manufacturing company with factories and suppliers all over the globe? How do you monitor all these topics in all the countries you operate in?
Be organized and use technology, because you can’t do it alone
As mentioned earlier, risk mapping is a way to visually represent the risks based on how likely they are to occur.
When conducting a risk intelligence project, it is highly recommended that you use data visualization tools to help keep track of all of your information. If you can link your monitoring tool to data visualization tools, you can establish a virtual risk management map, or a sort of risk management “war room” to see when a section of the globe you monitor is receiving a lot of attention from social media or the news. Imagine if you had all of your information automatically imported into a data visualization map. If you see that the city that your factory is located in is suddenly lighting up for example, you could check the associated mentions to identify what risk is occurring, and immediately deploy your risk mitigation plans.
Deliver information rapidly
It is highly recommended that you set aside a significant amount of time before setting up your project to list all possible risks and determine responses to all of these events.
Management and key stakeholders will need to be highly involved in this process. For example, your Communications department will need to establish responses to an employee accident, a violation of a new regulation, or a reputation problem beforehand so that you can respond quickly if and when such incidents take place.
For deliverables, immediate news alerts are probably the most effective. If you see a theoretical risk is about to become a real risk, you won't have time to wait a week and create a newsletter. Employees, management, and key stakeholders will need to know about it immediately . Set up alerts for every hour or for special keywords, and ensure key players receive these alerts so they can act quickly.
Risk Intelligence in Action
Take the example of an entertainment company located in the outskirts of a city with millions of visitors per year.
Now let's look at the risks that the company would monitor:
- Public Transport strikes: These represent a very important risk, because they paralyze traffic and can deter potential customers from visiting the park.
- Evolution of the price of potatoes: It may seem surprising but a portion of the park’s turnover depends on its food facilities. If the price of potatoes rise, food sales may collapse, which would impact the park financially.
- Changes to business environment: Imagine an indirect competitor (for example, a wellness & aquatic center) opens near the park. The park must then evaluate the impact of this change to assess the nature of the risk, potential effects and to identify a strategy to adopt. Should the park lower its admission prices, propose new services to counter this indirect competitor, or offer a partnership to limit the impacts of its activity on business? These are the types of challenges Risk Intelligence is responsible for.
- Employer risk: given the nature of the business, this company is more sensitive than others to work-related accidents. It must therefore thoroughly and regularly monitor labor laws to ensure it puts everything in place to prevent these accidents.
Reaching Further: The Invisible Web
Should you monitor the "invisible web" as part of your risk intelligence strategy? Is it worth it?
Before answering this question, let's first look at the definition of the invisible web, which is composed of the dark web and the deep web.
Did you know that the invisible web makes up 96% of the entire worldwide web, while the web accessible by all represents only 4% of content? Imagine the amount of information available!
Deep Web simply refers to areas of the Internet that are not indexed by search engines like Google and Bing. It is very difficult to access it without knowing the exact URL. The deep web hosts a certain amount of information including:
- User databases
- Corporate intranets
- Websites protected by an authentication processes
- Academic information
- Medical records
- Banking data
- Sites using exclusively misunderstood technologies of indexing robots
In contrast, the Dark Web refers to a subcomponent of the Deep Web. Accessing it requires the use of specific encrypted browsers — such as Tor or I2P — that conceal the identity and location of the user.
Different sites that can be found include drug trafficking, firearms, organs transfer, private communications, child pornography, purchase of malware, etc.
Not all risk intelligence professionals will find it useful to monitor the invisible web.This realm brings interesting perspectives for organizations wishing to monitor the following topics:
- Illegal trade
- Personal / banking / health data traffic
- Cyber security
- Political demands, activists
- Terrorist networks
A recent example occurred prior to the implementation of Europay MasterCard Visa (EMV) in the U.S., when intelligence from the Deep & Dark Web enabled a team of analysts to uncover a plot to exploit the EMV rollout. While monitoring certain underground communities, analysts discovered a group of threat actors had developed an EMV-chip recording software, as well as manufacturing techniques needed to fabricate chip-enabled credit cards that were allegedly capable of bypassing even the most robust anti-fraud controls. Upon being made aware of these findings, financial services institutions were able to adjust their EMV implementation strategy and security measures to prevent the threat becoming reality. Source: IT Security Guru
The more an organization adopts an anticipatory posture, by combining a precise and perfectly up-to-date knowledge base of its environment and its vulnerabilities, the more it will be able to protect itself against risks and to build protocols of adapted answers.
Written by Vanessa Querry
Vanessa is marketing manager at Digimind, and is looking after the CI market. Passionate about information technologies, digital marketing and B2B, Vanessa likes to debate the best strategies to help companies stand out in a highly competitive and rapidly changing market.