“Low-probability high-impact” risks for business but what “low” really means?
Cătălin Netcu is responsible for security in a Fortune 500 company and in this interview he gives us details about what corporate security means.

ABOUT

  • Cătălin Netcu is responsible for security in a Fortune 500 company and in this interview he gives us details about what corporate security means and how we can protect our business and employees in a professional way in a global economic and geopolitical context full of turbulence.
  • It is an article that no business leader should miss

interview

Reporter (R): You are responsible for an area that is less known to the general public in a large global company. Can you tell us more about your role and about Emerson?

Cătălin Netcu (C.N.): Hi! I am Catalin Netcu, I hold the security role for Emerson in Europe plus some parts of Asia and Middle East, and I have the noble mission of protecting Emerson employees and business operations in the region, against any threats that could lead to harming people or generating losses for the company. My background is built on two pillars: military and engineering and my career so far was split between the state department, where I’ve worked for several law enforcement and emergency authorities, and the private security, mainly corporate level in large multinational organizations.


About the organization I am part of, Emerson is a Fortune 500 company for 27 Consecutive years since 1996, recognized as one of America’s largest companies based on revenue, Emerson is #1991. What I personally consider outstanding is that the past year was truly transformative for the company as decisive steps were taken to position Emerson as a leading global automation company  so I am extremely happy to live these historical moments in the history of Emerson. 


R: What are the main trends in the industry in which you operate, locally but also European and global? 


C.N.: The Security & Resilience (S&R) function is most needed during tough times and, unfortunately, some companies are acknowledging the value of this role only after the visual contact with the “tsunami wave” have already been made. This is a purely reactive approach which may have saved some money at a certain point, cutting from emergency preparedness and business continuity budges, but on a longer term, it might not prove to be the wisest choice.

A strong and healthy S&R organizational culture is centered on a Proactive, Robust, and Agile Security & Resilience System (SRS), focused on prevention and detection of threats thru a forward looking and horizon scanning mindset. Complementary to this, being prepared with the right tools and process in place and properly trained staff will ensure that the impact following a disruptive event is reduced to minimum.



Globally, the CEOs see economic downturn/recession, inflation, the effects of COVID-19, geopolitical instability, supply chain disruptions, and labor shortages as the major disruptors to their business operations in 2023. In addition, the CEOs in Europe are also looking at the war in Ukraine, which has disrupted local economies through soaring energy costs, double-digit inflation, plummeting consumer confidence, and reduced business activity, as a top five external impact issue. CEOs in China see US-China tensions as a major disruptor3.

As such, changing global risk environment is forcing businesses (even governments) to re-evaluate systemic risk in fundamentally new ways. Global systemic risk governance requires adopting measures to reduce exposure, but also proactively cultivating capabilities and partnerships to strengthen resilience4 . In this perspective, it appears more and more companies are boosting their readiness thru comprehensive S&R programs that are covering physical security, emergency response, crisis management and business continuity areas.

 

R: What are the main opportunities that you see in the future in the industry in which you operate?

 

C. N. Being in a support position, I’d say that one of the main future opportunities of my role is to help the company preparing for the next crisis by implementing the learnings we’ve identified during the crisis situations we went thru, as part of the continuous improvement process.

Generally speaking, building resilience has risen to the top of the list of business considerations after the unprecedented disruptions of the “low-probability high-impact” events that we faced during the past years. Adapting to the pandemic was a significant test, and firms around the globe met the challenge and perhaps exceeded expectations by some measures. It is tempting to consider the pandemic as a true test of resilience – one that many companies weathered with success. But are we more resilient? The pandemic has drawn attention to vulnerabilities, from increasing employee turnover to supply-chain shortages. If a company has a successful “work from home” model, is this a sufficient measure of resilience? Rather than seeing adaptability to the specifics of the COVID-19 pandemic as proof of their resilience, businesses need to recognize that resilience building requires developing and maintaining an organizational capacity to withstand future crises in whatever form they may arise. Inevitably the next disruption will test businesses in different ways from the pandemic – and many of them are not prepared.

 

R: What were and perhaps still are the main challenges encountered by the industry in which you operate throughout the pandemic?

 

C.N.: The first thing I remember is related to the acknowledgement of the situation, of the fact that “the tsunami wave” is coming. There was this tendance to consider that the virus is far away, in China, it was quite difficult to digest the reality: the virus is real, and is going to hit us! However, under the principle of “prudent overreaction and rapid de-escalation”, the crisis management process was activated. Then, the Covid was in Italy and the picture was clear for everyone. I think this was my first lesson learned. After that there were the general problems related to  finding solutions for protecting the employees, volatility of the situation amplified by the frequent changes imposed by the authorities, workforce unavailability, potential business interruptions, implementation of the “work from home” program in a very short timeframe and many more. However, the mitigation measures generated during the Crisis Management Team sessions proved to be efficient in providing a safe working environment for the employees and contractors while ensuring the business continuity.

 

R: How has the pandemic changed the way of working in companies (your company or other examples you know)? Will work from home or work from anywhere become functional models for the future? Why yes, why not?

 

C.N.: During and after the Covid 19 pandemics, I’ve witnessed many back and forwards regarding this topic, from “it is not possible for all eligible employees to work from home” to “people do not want to come back at the office”, from “the productivity increased with people working from home” to “we encourage people to return at the office”, etc

In my opinion the short answer is: it depends. However, I would personally go for a hybrid mode, adapted to the organizational culture and tailored on the company needs while listening to the voice of the people, so basically a win-win that would allow the employees to work in an inclusive and understanding environment that is stimulating work productivity.

 

R: Has the war in Ukraine affected the industry in which you operate? In what way? What do you think is the most appropriate attitude of a manager in unpredictable situations like this? How can we prepare the company to deal with a high impact and ongoing situation with open options?

 

C.N: I dare to say that the war in Ukraine is a game changer that had / is having a butterfly effect across the global business environment. One of the most impacted professional areas is obviously the Security industry. To further trying to answer your question I need to go back to the support function of security because one of its key roles it to advise C-levels. As such, a security professional should be now, more then ever, one of the most trusted and reliable partners for the C-levels, contributing with knowledge and professional advise to “keeping the boat sailing in the right direction”.

 

R: Pandemic, war and economic crisis at the same time. What decisions have you made or would you make in your company to face the current challenges? Why? In your opinion, how can we reduce the impact of these challenges at the company level?

 

C.N.: Please allow me to start with a quote: “Plans are worthless, but planning is everything” Dwight Eisenhower. I strongly believe that having tones of paperwork that nobody reads, forgotten in drawer, it truly is a waste of resources that is adding close to zero value to the organization. 

As mentioned before, regardless of the Crisis scenario, a solid SRS should ensure the company readiness to cope with a wide range of risks, from a “sudden crisis” to a “smoldering / slow burning”, one that involves disruptive events with different impact factors (i.e. employees, reputation, business interruption, financial and legal liabilities etc). The point is that, for the operational part that is addressing the emergency response – site level, the contingency planning should be scenario based with clear check list activities and responsible personnel. On the other hand, going upwards to the Crisis Management level, strategic layer of the company, the process should be also clear but general, providing the best-in-class framework (tools and processes) to the executives to perform to the best of their capabilities in managing a crisis.

To maximize the efficiency of the response during a Crisis, the process would have to follow a couple of very simple rules:

1) clear roles and responsibilities of the involved personnel;

2) streamlined and clear communication that is based on the “single source of truth” and “need to know” principles;

3) mapping and constantly mapping the impact;

4) facts gathering for building and continually updating situational awareness;

5) stakeholder management (outside world: media, business partners, authorities etc; internal: employees, top management, families of the employees etc)

 

R: What are the main challenges and opportunities brought by the accelerated digitization process brought to the fore by the evolution of recent years (pandemic)?

 

C.N.: There are opportunities in any crisis, and I believe the pandemics fostered the digital transformation, forcing some companies to significantly accelerate ongoing projects and some other to initiate them.

With clear benefits related to cost reduction, improved Product and Service Quality, driving Growth, improving the Customer Experience, Drive Sustainability Efforts, Improved Collaboration Within and Across Functions, improve Compliance6 and many other, there are many challenges companies are facing during a fast forward implementation of digital transformation initiatives. 70% of all digital transformation programs fail due to employee resistance and lack of support from management and only 16% of employees said that their company’s digital transformation efforts improve their performance or are sustainable.

One of the most efficient ways for a successful implementation of specific projects is to have a thorough change management strategy. An effective change management involves planning a project by identifying the root causes of issues – and building relationships with all stakeholders and employees, which will eventually significantly improve the adoption rate and the overall digital transformation process.  

 

R: What are the milestones that help you develop a stable organizational culture and a friendly work environment?

 

C.N.: Much ink has been spilled on improving the Organizational Culture in general so will limit my answer to the Security & Resilience (S&R) component. An organization’s S&R culture requires care and feeding. It is not something that grows in a positive way organically as it needs significant investment. The following areas should be considered as a minimum for fostering the S&R culture:

a.      Infuse the concept that security belongs to everyone

b.      Focus on awareness and specific on tailored training programs

c.      Reward and recognize those people that do the right thing for security

d.      Build security community

e.      Make security fun and engaging

The good news is that any security culture can positively change how the organization approaches security but, as any cultural change, it takes time and effort.


Thank you!


References:

 

1.   https://techbeacon.com/security/6-ways-develop-security-culture-top-bottom

2.   https://whatfix.com/blog/digital-transformation-challenges/

3.   www.conference-board.org/topics/c-suite-outlook/driving-growth-and-mitigating-risk-amid-extreme-volatility

4.   www.emerson.com/documents/corporate/2022-annual-report-en-us-8673706.pdf

5.   www.emerson.com/en-in/about-us/awards-recognition

6.   www.mckinsey.com/industries/retail/our-insights/the-how-of-transformation

7.   www.ptc.com/en/blogs/corporate/digital-transformation-benefits

8.   www.weforum.org/agenda/2022/06/ukraine-war-global-systemic-risk-resilience/

      9.   www3.weforum.org/docs/WRD_A_Framework_for_Building_Organizational_Resilience_in_an_Uncertaion Futuere_2022.pdf