How to Foster a Culture of Risk Awareness and Responsibility

In a world where new threats seem to emerge every single day, how can businesses protect themselves from the next danger hiding around the corner? 

Technology can help. So can guidance from trained security experts. But one of the most powerful defenses is a workplace culture that values risk awareness. When the entire organization is trained to be on the lookout for threats — and has the support to take action against them — it can supercharge your ability to avoid the worst-case scenario because you’ll so rarely be taken by complete surprise. 

Unlike a new security system, a culture of risk awareness isn’t something you can buy off the shelf. You can only build it, person by person, day by day. Fortunately, embedding this kind of culture may not be as difficult as you imagine. And the payoff in terms of losses prevented and lives saved is more than worth the extra effort and investment. 

In this post, we’ll address some of the biggest questions about risk awareness: what it is exactly, how it can help your organization and what actions you can take to create it.   

What is risk awareness, exactly? What are some examples? 

Risk awareness is your organization’s ability to identify potential threats so that you can prevent, address and recover from those dangers. That awareness should cover “known knowns” — threats like medical emergencies or natural disasters — as well as new and unexpected dangers that you (or most organizations) have never really encountered before. 

Risk awareness comes in several different flavors, including … 

  • Warning security about suspicious-looking individuals in a property’s parking lot or foyer. 
  • Speaking up when a co-worker is accessing documents or systems they aren’t cleared to use.
  • Checking on backup plans when early forecasts call for dangerous weather conditions
  • Asking company leadership if they have plans for adapting to a disruptive new technology or competitor. 

In an organization that’s truly risk-aware, everybody accepts responsibility for noticing potential threats and — more importantly — alerting the larger organization so that action can be taken before the worst happens. 

One way to make a disaster or tragedy even worse is realizing that your organization had early indications that something was wrong, clues that could have prevented the worst from occurring if only someone had followed up. 

What are the benefits of encouraging risk awareness?

A risk-aware culture is important because it enables organizations to make better, more informed decisions faster. After all, the more time you have to respond to a potential threat, the higher your odds of reaching a successful outcome. And by successful outcome, we mean fewer injuries and deaths from accidents or assaults, and less financial loss to crime or disaster.

Another big benefit of a risk-aware culture is the entire organization is activated and able to spot potential problems. It doesn’t just fall to management or the security team — everyone tries to identify threats quickly. The more eyes you have, the more likely you are to notice dangers before they strike, while they’re still relatively manageable. 

Who is responsible for creating a risk-aware culture?

Leadership should create the conditions for a risk-aware culture — for example, by identifying it as a priority, dedicating resources for training and assigning front-line teams for executing that program. 

Those front-line teams might come from Security, IT, HR or even a combination of departments. They carry the responsibility for building effective programs. If you work with a security contractor, they can help with this work, and they can be particularly useful for identifying best practices and potential threats. That’s because they’re drawing on the lessons they have learned from all of their clients across multiple locations and industries. 

But when it comes down to who’s really responsible for risk awareness, that burden ultimately falls on every team member. They must take the matter seriously and communicate when they notice potential threats. 

One thing to note: It’s easier to get this kind of buy-in when the company culture already values individual employees and welcomes their insights.

How can businesses encourage risk awareness in their team?

Once leadership has bought into the importance of risk awareness — and made the necessary early investments — an organization needs to …

Educate its workforce about what potential threats look like and what should be done about those threats. While some of this training should be universal — everyone should be told what to do in the event of an intruder, for example — other lessons should be tailored to each employee’s role. The store clerk needs to be taught how to spot counterfeit cash. The accounting department, though, might need updates on the latest trends in financial fraud. 

General training should be reinforced through regular meetings or updates in internal newsletters and emails. Remind your team of the potential impact on the organization (and eventually on them) if risks aren’t identified and dealt with quickly. 

Pay attention to situational awareness. Several experts have identified situational awareness — the ability to pay attention to one’s environment and changes in it, so you can anticipate what’s coming — as a particularly useful skill for spotting potential threats. And it may be one that’s in short supply in many offices where workers are busy and distracted by their daily tasks. The good news is that situational awareness is also a teachable skill that can be reinforced with exercises and habit development. Smart organizations make sure it’s part of their risk awareness training.  

Establish a scalable reporting process. Risk awareness is useless if your team can’t or won’t communicate their concerns to co-workers. Part of training may need to include encouragement for team members to speak up and explanations of why it’s so important to do so. 

When team members encounter a potential threat, they should know exactly what to do next for that kind of threat. An immediate threat, for example, may require an immediate call to the security office or emergency responders. But if a team member suspects a co-worker of financial fraud, there should probably be a completely different reporting process — possibly to HR or, in larger organizations, to a dedicated threat hotline or contact form on the company’s intranet. 

Build in protections for the people who speak up. In cases where employees are reporting potential abuses by co-workers — or even by senior management — those reporters need to feel confident they won’t be fired, discriminated against or even treated with disrespect. Especially since, depending on the circumstance, they may be entitled to whistleblower protections under the law. Legal counsel should provide guidance for those kinds of cases, but generally speaking, reporters’ identities should be kept secret. They should also be protected against firing, demotion and other actions that could be considered retaliation. 

Reward people when they point out potential threats. If a team member identifies a potential threat — one that could cost you thousands of dollars if left unnoticed and unaddressed — it might be a good idea to incentivize that person with a small bonus. 

When the worst happens, learn from it. Sometimes it’s not possible to spot and prevent a hazard, but your team may still be able to extract some value from the situation by conducting an after-action report to identify the warning signs that were missed, along with other lessons learned. Those lessons should be shared with the larger organization and become part of the official risk training program. They should also be used to judge the effectiveness of existing protocols — what worked, what failed and what needs to be changed? 

The bottom line

A risk-aware culture is one that’s much harder to take by surprise, and that will enhance your team’s ability to minimize or even prevent significant threats of all kinds. It takes time and investment to develop that kind of responsiveness and teamwork, but it’s worth it for the severe losses that can be prevented. 

While leadership must create the conditions for a culture of risk awareness, it’s ultimately every team member’s responsibility to look for potential dangers and communicate them to co-workers. Regular training programs will equip an organization’s members with the necessary tools and attitudes, but a business should also establish clear rules and systems for reporting different kinds of threats.

There should also be systems put in place to protect those who speak up from firing, demotion or other types of retaliation. And if the worst happens, wise organizations will do their best to learn from those incidents — so they can be ready for whatever threat is waiting to strike. 

Sign up!

For industry-leading guides and analysis sign up for our blog below.

  • This field is for validation purposes and should be left unchanged.

Latest News

family playing outside while traveling for the holidays

Holiday Safety Tips

By Chesley Brown | November 5, 2020

3 practical ways to stay safe in 2020 We’ve all heard humorous holiday tales. They make for great entertainment around the table during a turkey dinner. You know the stories–e.g., the time Uncle Frank fell…

Read More
police prepare for election day civil unrest as a political protest moves through a downtown area during a moment of civil unres

Election Day: Planning for Civil Unrest

By Chesley Brown | October 28, 2020

Protecting your business in the event of election day civil unrest requires planning. Here we discuss four proven strategies for Civil Unrest

Read More
Lighthouse on a lonely dirt road preventing the threat of shipwrecks

The Transformational Power of Threat Assessments

By Chesley Brown | October 22, 2020

Ignoring Risk won’t make it go away Cyber crime is one of the most insidious threats facing businesses. As reported here, more than 50% of businesses have suffered cyber attacks–70% of them being small to…

Read More
small business team smiling after sucessfully navigating a crisis using their crisis management plan

3 Practical Strategies to Protect Your Small Business During Covid-19

By Chesley Brown | October 15, 2020

October 15, 2020 / Justin Hayes Ensure the Future of Your Company Small to medium-sized enterprises (SMEs) comprise a massive portion of American industry. In fact, 99% of all businesses have less than 500 employees;…

Read More
overhead view of business people working on a crisis management plan outside

The Anatomy of a Crisis Management Plan

By Chesley Brown | October 8, 2020

4 key strategies to protect your business against risk By Justin Hayes No executive expects a crisis to strike. But every day organizations fall prey to the unforeseen. One study found that 40% of businesses…

Read More
The 7 Step Guide for Building Business Continuity Plans that Work