How to Foster a Culture of Risk Awareness and Responsibility

In a world where new threats seem to emerge every single day, how can businesses protect themselves from the next danger hiding around the corner? 

Technology can help. So can guidance from trained security experts. But one of the most powerful defenses is a workplace culture that values risk awareness. When the entire organization is trained to be on the lookout for threats — and has the support to take action against them — it can supercharge your ability to avoid the worst-case scenario because you’ll so rarely be taken by complete surprise. 

Unlike a new security system, a culture of risk awareness isn’t something you can buy off the shelf. You can only build it, person by person, day by day. Fortunately, embedding this kind of culture may not be as difficult as you imagine. And the payoff in terms of losses prevented and lives saved is more than worth the extra effort and investment. 

In this post, we’ll address some of the biggest questions about risk awareness: what it is exactly, how it can help your organization and what actions you can take to create it.   

What is risk awareness, exactly? What are some examples? 

Risk awareness is your organization’s ability to identify potential threats so that you can prevent, address and recover from those dangers. That awareness should cover “known knowns” — threats like medical emergencies or natural disasters — as well as new and unexpected dangers that you (or most organizations) have never really encountered before. 

Risk awareness comes in several different flavors, including … 

• Warning security about suspicious-looking individuals in a property’s parking lot or foyer. 
• Speaking up when a co-worker is accessing documents or systems they aren’t cleared to use.
• Checking on backup plans when early forecasts call for dangerous weather conditions
• Asking company leadership if they have plans for adapting to a disruptive new technology or competitor. 

In an organization that’s truly risk-aware, everybody accepts responsibility for noticing potential threats and — more importantly — alerting the larger organization so that action can be taken before the worst happens. 

One way to make a disaster or tragedy even worse is realizing that your organization had early indications that something was wrong, clues that could have prevented the worst from occurring if only someone had followed up. 

What are the benefits of encouraging risk awareness?

A risk-aware culture is important because it enables organizations to make better, more informed decisions faster. After all, the more time you have to respond to a potential threat, the higher your odds of reaching a successful outcome. And by successful outcome, we mean fewer injuries and deaths from accidents or assaults, and less financial loss to crime or disaster.

Another big benefit of a risk-aware culture is the entire organization is activated and able to spot potential problems. It doesn’t just fall to management or the security team — everyone tries to identify threats quickly. The more eyes you have, the more likely you are to notice dangers before they strike, while they’re still relatively manageable. 

Who is responsible for creating a risk-aware culture?

Leadership should create the conditions for a risk-aware culture — for example, by identifying it as a priority, dedicating resources for training and assigning front-line teams for executing that program. 

Those front-line teams might come from Security, IT, HR or even a combination of departments. They carry the responsibility for building effective programs. If you work with a security contractor, they can help with this work, and they can be particularly useful for identifying best practices and potential threats. That’s because they’re drawing on the lessons they have learned from all of their clients across multiple locations and industries. 

But when it comes down to who’s really responsible for risk awareness, that burden ultimately falls on every team member. They must take the matter seriously and communicate when they notice potential threats. 

One thing to note: It’s easier to get this kind of buy-in when the company culture already values individual employees and welcomes their insights.

How can businesses encourage risk awareness in their team?

Once leadership has bought into the importance of risk awareness — and made the necessary early investments — an organization needs to …

Educate its workforce about what potential threats look like and what should be done about those threats. While some of this training should be universal — everyone should be told what to do in the event of an intruder, for example — other lessons should be tailored to each employee’s role. The store clerk needs to be taught how to spot counterfeit cash. The accounting department, though, might need updates on the latest trends in financial fraud. 

General training should be reinforced through regular meetings or updates in internal newsletters and emails. Remind your team of the potential impact on the organization (and eventually on them) if risks aren’t identified and dealt with quickly. 

Pay attention to situational awareness. Several experts have identified situational awareness — the ability to pay attention to one’s environment and changes in it, so you can anticipate what’s coming — as a particularly useful skill for spotting potential threats. And it may be one that’s in short supply in many offices where workers are busy and distracted by their daily tasks. The good news is that situational awareness is also a teachable skill that can be reinforced with exercises and habit development. Smart organizations make sure it’s part of their risk awareness training.  

Establish a scalable reporting process. Risk awareness is useless if your team can’t or won’t communicate their concerns to co-workers. Part of training may need to include encouragement for team members to speak up and explanations of why it’s so important to do so. 

When team members encounter a potential threat, they should know exactly what to do next for that kind of threat. An immediate threat, for example, may require an immediate call to the security office or emergency responders. But if a team member suspects a co-worker of financial fraud, there should probably be a completely different reporting process — possibly to HR or, in larger organizations, to a dedicated threat hotline or contact form on the company’s intranet. 

Build in protections for the people who speak up. In cases where employees are reporting potential abuses by co-workers — or even by senior management — those reporters need to feel confident they won’t be fired, discriminated against or even treated with disrespect. Especially since, depending on the circumstance, they may be entitled to whistleblower protections under the law. Legal counsel should provide guidance for those kinds of cases, but generally speaking, reporters’ identities should be kept secret. They should also be protected against firing, demotion and other actions that could be considered retaliation. 

Reward people when they point out potential threats. If a team member identifies a potential threat — one that could cost you thousands of dollars if left unnoticed and unaddressed — it might be a good idea to incentivize that person with a small bonus. 

When the worst happens, learn from it. Sometimes it’s not possible to spot and prevent a hazard, but your team may still be able to extract some value from the situation by conducting an after-action report to identify the warning signs that were missed, along with other lessons learned. Those lessons should be shared with the larger organization and become part of the official risk training program. They should also be used to judge the effectiveness of existing protocols — what worked, what failed and what needs to be changed? 

The bottom line

A risk-aware culture is one that’s much harder to take by surprise, and that will enhance your team’s ability to minimize or even prevent significant threats of all kinds. It takes time and investment to develop that kind of responsiveness and teamwork, but it’s worth it for the severe losses that can be prevented. 

While leadership must create the conditions for a culture of risk awareness, it’s ultimately every team member’s responsibility to look for potential dangers and communicate them to co-workers. Regular training programs will equip an organization’s members with the necessary tools and attitudes, but a business should also establish clear rules and systems for reporting different kinds of threats.

There should also be systems put in place to protect those who speak up from firing, demotion or other types of retaliation. And if the worst happens, wise organizations will do their best to learn from those incidents — so they can be ready for whatever threat is waiting to strike.