Should large corporations care about OPSEC?
We at The LUBRINCO Group tend to start our associations with new clients fairly high up the food chain of large international corporations, often, because of the risks associated with the reason we were brought in, with the CEO or someone fairly close to that level. One of the things we are often asked, before being shuttled off to see the executive with whom we will actually be working, is “Why should we care about OPSEC?”
As with due diligence, there are two possible reasons. The first is either to prevent a problem or to solve a problem, depending on whether there has or has not been an event. This eventually comes down to saving money at the operational, rather than the executive, level. Oddly, this is generally true even if the problems are caused at the executive level, because the profits and losses come from profit centers, not cost centers. The exception to this is where the information leak could put an executive in harm’s way.
The second reason is to reduce the annoyance involved in dealing with the liability involved in a failure to exercise due diligence. Thus, if plans, formulas, or other types of sensitive information cause harm to the company that could have been avoided, there might be a shareholder suit.
As always, avoiding a problem is better than cleaning up after an event. The cost to American business from information loss is in the $300,000,000,000 a year range, with most of it coming from companies that make fairly ordinary products – labels, hair care products, and other items that may not seem to be reasonable targets for spies.
If you do business you are a target. If you do business internationally you are an international target. And that’s why you should care!