The Role of a 21st Century Enterprise Security and Risk Manager

by Oumalha Haidara

What will be the major risks in the twenty-first century? Recent years have seen a large number of disasters of different kinds occur around the world: devastating storms and floods in Europe and ice storms in Canada, outbreaks of new diseases affecting humans (AIDS, Ebola) and animals (BSE), terrorist attacks such as those of September 11, 2001 in the United States and the sarin gas attack in Japan, Major disruptions to critical infrastructure caused by computer viruses or simply technical failures – and many other extremely costly accidents that have occurred in the space of a few years. Through these events, it is not only the nature of major risks that seems to evolve, but also the context in which they appear and the ability of companies to manage them. The forces shaping these changes are many and diverse. Thus, climatic conditions seem to be becoming more and more extreme. At the same time, there is an increase in population density in large agglomerations and an increased concentration of economic activities in certain regions, which only increases the vulnerability of these areas. Globalization is advancing rapidly in all its dimensions – economic, technological, cultural and environmental – and amplifies interdependence, facilitating the spread of dangerous pathogens, pollutants and the effects of technical failures. Another important factor is that the limits of science and technical innovation are being pushed ever further at a breakneck pace, with unknown (and impossible to know) repercussions that present society with difficult choices. As far as the past can be judged, all these developments are bound to continue.

Today’s security management benefits from several advantages including rapid access to information unlike a little more than two decades ago when communication and information technology was not sufficiently developed. Because of climate change, terrorism and poverty, the risks have increased and diversified. The Crisis has not been an event for a long time. It is, nowadays, a state or situation that is often repeated. Progress itself is a source of crisis, as it creates frustration and, in many ways, insecurity and chaos. Thus the crisis has become permanent, according to economist Daniel Cohen. We have to live with it. This means that we must include it in our ways of thinking and in our modes of action. Recent examples, from the global crisis affecting the economies of every country in the world, to the influenza A pandemic, to the COVID-19 pandemic, make this clear. Others could be added and add to the list ad infinitum. Moreover, every day new risks are revealed while they were yesterday unknown or considered minor. They are all threats of potential crises likely to affect us in the more or less near future. These revelations fuel and increase the demand for security of our citizens who demand solutions and protections. Because they are both actors and victims of crises and the omnipresent information keeps them in permanent anxiety. The permanence of the crisis is therefore a powerful and unavoidable factor that impacts the governance of our societies.

The paradox is that the apparent chaos that accompanies a crisis phase becomes a cause of reaction and therefore an organizational factor. The other side of the coin is that the short term is too often the time scale that affects the human and organizational response to the crisis. This is why a reflection must be conducted in order to better conceptualize this reality that has invited itself into our lives. A crisis must be the subject of preventive measures in order to mitigate the element of surprise that can multiply its deleterious consequences. Then, public and private organizations must implement management measures that will contain it and curb its repercussions for the most exposed actors. Finally, the crisis must be studied in order to draw lessons that will make it possible to face its repetition in the future.

The responses provided in these different phases depend on people’s confidence in the action of organizations and, beyond that, their survival when they are directly exposed.

In many discussions around disasters and emergencies, it is commonly argued that disaster brings out urgency, and more often than not, the two terms are used interchangeably. Disasters are often categorized causally, into four main groups: Natural disasters; technological disasters; social disasters; and complex disasters and failed states. Biological events are also a category of natural disaster. They involve insect invasion; and epidemics.

As the main objective is risk management, the organization must also link this management to that of its image and reputation.

In a spring 2021 interview, Denis Kessler, boss of the reinsurer Scor, ensures that “the twenty-first century will be that of risk management… or will not. This idea is indisputable: the health crisis has highlighted the need to think upstream about the risks of any economic activity, to react quickly and adapt to the slightest difficulty. In his time, with his visionary spirit, Leonardo da Vinci already said: “Not to foresee is already to groan.”


  • Les Éditions de L’oecde, 2, rue André-Pascal, 75775 Paris Cedex 16 Printed in France (03 2003 01 2 P) ISBN 92-64-10121-7 – no 52724 2003
  • Harvard Business Review France (2021) Jérôme Bergé link: