It is time to rethink how we approach managing risk and to ask the question, how do the processes, policies, procedures and technology affect our employees?
After all, they are the ones who interact and navigate challenges with your work environment.
* Does your organisation’s risk management strategy help and support them to be successful? Or does
impede their ability to perform their fundamental roles?
* Are some employees getting creative to find work arounds to be successful?
The answer to the question plays a factor in your organisational risk profile. So, it is certainly worth asking the question.


If your efforts are impeding employees, this can lead to disengagement. Often disengagement comes from a lack of connection to the business, its purpose, or a lack of trust with leadership, or not feeling valued and heard.
Look through the lens of your people, truly understanding their needs to create a connection and
alignment between employees and the organisation. This will allow employees to find their sense of contribution, meaning and motivation to protect your organisation.
It is only by focusing on risk with and through your people, that are you going to truly solve your organisational risk exposure and drive transformational change.

When it comes to disengaged employees in the context of risk, there are three concerns:

  1. Lack of attention leads to errors, and ‘unintentional’ insider threats which is the most common type, making up two-thirds of incidents.
  2. A lack of situational awareness, they don’t even see there is a risk.
  3. A low ‘care factor’ if they do identify a threat or vulnerability, they see it as “someone else’s problem.”

This is why disengagement is so important and why you need to take a person-centric approach to reduce your organisational risk profile.