Corporate executives are charged with determining business’ strategic goals and ensuring operations align across a range of functions, adapting to changing circumstances to deliver “superior, sustainable performance”, as John Wells argued in Strategic IQ: Creating Smarter Corporations. The reversion to a multipolar world, further one in which there is “unbalanced multipolarity”, is making this a trickier task, bringing old threats back to the fore, enabled by new technologies, and speeding up the rate of change. Foreign states are increasingly directing malign influence campaigns against businesses, as international security specialist Daniel Byman recently laid out, or engaging in covert sabotage or assassination attempts against business leaders, as KCSI Visiting Fellows Andrei Soldatov and Irina Borogan have documented. These disturbing trends are driving executives and board members to seek more strategic insight to help understand the degree to which they and the businesses they lead are likely to be targeted and by whom. And executives are demanding intelligence that will enable them to position the business for future successes rather than expend valuable resources responding to disasters that have arrived, seemingly out of nowhere, on their corporate doormats.
Many of these same executives express frustration that investments in tactical intelligence – masked under other less provocative names like risk management, threat monitoring, executive protection, and cybersecurity – to alert personnel to potential near-term disruptions that would undermine streamlined just-in-time business operations are not providing sufficient strategic warning or accurately predicting the next global disruption. While the largest multinational corporations often benefit from robust and multifaceted intelligence teams, those with less extravagant revenues have been slow to invest in developing in-house strategic intelligence capabilities. For many Chief Executive Officers (CEOs), the cost-benefit analysis of staffing such teams didn’t add up during the era of globalization, when governments were lining up to entice investors and issues like data protection and transparently ethical supply chains were still emerging issues. As extremely competent professionals in their own domains, executives have also questioned whether or how strategic intelligence could add insight that exceeds what they get from the news cycle. This, and the more recent question about whether strategic intelligence analysts can provide greater value than artificial intelligence, demonstrates lingering misconceptions about what intelligence actually is, the value of methodologies created to identify and mitigate false narratives and bias (arguably more relevant in today’s information environment than ever before), to examine issues critically and develop creative solutions to multifaceted sticky problems.
The proliferation of strategic intelligence vendors, advisories and consultancies over the past decade speaks to growing demand from business leaders for strategic intelligence. Seeking to avoid being blindsided by the next government coup, regulatory swing, sanctions regime or large-scale attack – be it physical, cyber or reputational – firms have upped their consumption of outside intelligence, but still struggled with how to make it sufficiently detailed and timely to the unique exposure of their business, as well as with where in the organizational hierarchy to inject these insights. To the tactical intelligence analysts? At the Chief Security Office (CSO) level? Direct to the C-suite or board? As a new era of Great Powers competition forces global systems to diverge into competing regional systems, threatening supply chains and markets that made just-in-time a workable model, executives seeking to position their businesses for continued growth will need to cultivate a better organizational understanding of how to obtain and ingest intelligence that empowers sound strategic planning.
The collection, analysis, and dissemination of intelligence is often considered the domain of governments, specifically their spy agencies, with the intent of providing strategic advantage in a world of allies, foes, and finite resources. The U.S. Office of the Director of National Intelligence (ODNI) defines intelligence as “information gathered [to] … provide insights not available elsewhere that warn of potential threats and opportunities, assess probable outcomes of proposed policy options, provide leadership profiles on foreign officials, and inform official travelers of counterintelligence and security threats”. Put simply, intelligence is information distilled to benefit decision-makers charged with exploiting opportunities and mitigating risks, including through the evaluation of policies and leaders, as well as identifying potential risks to those decision-makers when they travel outside their usual orbits. This sort of intelligence is also increasingly relevant, even critical, for business executives, especially those leading multinational enterprises.
In business, this strategic function falls to the C-suite, so named for the ‘chiefs’ that proliferate: CEO, Chief Financial Officer (CFO), CSO, or the generic CXO, a shorthand for ‘fill in your chief here'. The C-suite is focused on identifying, and preparing the business to act on, opportunities to grow revenue, increase market share and improve share prices (if publicly listed) and must defend the organization against threats – from weather events to nefarious actors – that would hinder achieving these goals. The larger the business, the more chiefs it is likely to have, as both their specific functions and the risks that could impact the business become more complex. The CSO, for instance, is responsible for the physical security of personnel, facilities and assets – a job that is substantially more challenging for a multinational corporation operating in conflict or disaster-prone areas and/or in a sector that frequently engenders protest. The Chief Information Security Officer (CISO) guards digital systems from cyber espionage, extortion or sabotage – another role that grows significantly in complexity depending on data protection regulations and digital infrastructure from region to region. These roles work closely with any number of other CXOs, but always with a CEO, who is responsible for corporate governance, operational and financial performance, and communicating the firm’s strategic vision to both internal audiences (employees, board members) and external audiences (governments, customers, the public).
The constant tension for C-suite executives, from the CFO to the Chief Technology Officer, is getting the balance right between directing the day-to-day (tactical) operations and serving as a conduit for two-way dialogue on strategic plans. CXOs need to understand both how trends impacting operations alter the organization’s ability to achieve its strategic goals and how strategic developments – like technological advancements and geopolitical shifts – signpost the need to change how the organization operates. The insight required goes beyond what daily headlines capture because the news reports what happened, while the C-suite needs to understand how those events impact their organization. Paralleling the functionality of government intelligence assessment functions, corporate strategic intelligence should answer the ‘so what’. In the private sector, that may be explaining how statements from a world leader signpost the growing likelihood of trade barriers, how a drought in Spain is going to raise the cost of making pizza in Chicago, or how a strike at a mine in Peru will slow technology production in Taiwan. To distinguish the meaningful information from the distractions, the true from the manipulated, and to project the likely impacts requires analytic tradecraft and skill. This is why government intelligence agencies invest significant resources in recruiting people with an aptitude for this kind of research and logic and then invest more to train them in methodologies to counteract cognitive bias, adapt to emerging technologies, track narrative manipulation tactics and deepen their subject matter expertise. Businesses that want to stay ahead of the curve must be willing to make similar investments in personnel and development of corporate intelligence functionality if they want to enjoy the benefits strategic intelligence can provide in mitigating future risks.
This isn’t revolutionary thinking. The need for quality, tailored strategic intelligence propelled Royal Dutch Shell to pioneer scenarios analysis in the 1970s. This well-regarded structured analytic technique has been adopted by government intelligence analysts and is widely used across the public and private sectors to help executive decision-making on issues that are highly uncertain for any number of reasons – poor access to or quality of information, fast-moving events, and extreme political polarization among them – and where certain outcomes stand to have significant impact on the organization. Shell embraced scenarios analysis to help it anticipate and plan for challenges resulting from its operations in high-risk areas as well as the burgeoning environmentalist movement amid increasing evidence of fossil fuel driven climate change, environmental degradation in drilling areas and growing Indigenous human rights awareness. Its executives wanted to better understand the potential risks, to be presented with options, so that they could steer the company in a way to minimize the likelihood of meeting the worst of those head-on and prepare the company to weather those they could not avoid. Perhaps not surprisingly, large multinational oil and gas firms continue to lead on investment in strategic intelligence and have been joined more recently by many in the financial services and technology sectors, where a complex web of regulatory, narrative, cyber and operational risks are evolving in response to shifting geopolitical, technology, and information trends.
Firms that have a developed or developing strategic intelligence function are less likely to be surprised by fast-moving events, like the spread of a global pandemic, having identified indicators that enable them to monitor which trajectory events are taking. They are likely to be better insulated against falling into group think, especially conclusions propagated by information polarization and network algorithms, because intelligence analysis applies methodologies and tools to assess sources and identify valuable, trusted information amidst the growing noise. Consider the organizations caught under-prepared when Russia invaded Ukraine in February 2022: many of their key decision-makers mistook media for intelligence and accepted the prevailing body of reporting, which as of January 2022 was still downplaying Russia’s incentives to do more than saber rattle or aim for a limited land grab. As a result, they failed to consider the wide-ranging impacts Russia’s war on Ukraine would have, including the immediate physical security threats to their people and assets far from the Russia-Ukraine border, the logistical challenges the enduring conflict would present to air, land and maritime supply chains, reputation damage to Western firms stemming from continued operations in Russia in the weeks and months following Russia’s initial aggression, and the escalating sanctions and regulatory changes that would impact financial and trade systems across Europe, Central Asia and the Middle East. Those who failed to consider these potential outcomes failed in their key executive duty of planning for them, with some like Nestle, Heineken, and Unilever, suffering reputational damage and many others facing billions in financial losses from sanctions, revenue losses and facilities closures.
The rise in physical security incidents impacting businesses during the COVID-19 pandemic drove a spike in demand for quality, specific, tactical intelligence. Many multinational businesses responded by creating or expanding threat monitoring teams to scan open source information to identify near term changes to the security environment – such as protests against the government or firm, militant activity within a proximate area, extreme weather events, and incendiary social media content – that could threaten operations. With physical security at the core of this mission, these tactical intelligence teams generally report to the CSO, creating a strong affinity between the security function and intelligence analysis in many organizations. Over time, and with a wide variety of physical security risks to identify and mitigate around the globe, many organizations have instinctively turned to the CSO to produce predictive intelligence that looks ever further ahead, desiring they move from tactical to strategic, without much thought to whether this was something the people hired for tactical intelligence roles were trained to do or whether the focus on physical security risks aligned with the needs of other CXOs with need of better strategic insights.
Cyberattacks also increased – by about 50 percent – over the course of the pandemic, prompting increased organizational investment in cybersecurity and a boost in the importance of the CISO. However, the pandemic also accelerated the trend toward deglobalization – a strategic challenge that refuses to fall neatly into either the CSO or CISO’s realms of responsibility, leaving more noticeable gaps impacting C-suite strategic planning.
The rise, and revelation, of state-sponsored actors threatening business operations using hybrid warfare tactics has accelerated calls for convergence, or the integration of CSO and CISO threat analysis. Convergence, while a step in the right direction, is on its own unlikely to meet the full C-suite’s needs or board member’s demands to know why the business didn’t plan against an ever-expanding field of strategic risks – Russia’s invasion of Ukraine, Israel’s response to Hamas’ attacks, proliferation of artificial intelligence, regionalization of data and environmental, social and governance (ESG) regulations, US trade tariffs or stated plans to acquire Greenland – before they became tactical threats. These complex and increasingly rapid developments impact all CXO functions, requiring specific and comprehensive strategic insights to help the C-suite function.
Calls for convergence do, however, offer a useful frame of reference for understanding executives’ strategic intelligence needs. C-suites are requiring CSOs and CISOs to break down the barriers to communication between their teams, pushing them to transcend organizational stovepipes, overcome technical terminology and jargon, and find common ground in their understanding of the threats. The degree to which these efforts have been successful so far has relied on the personalities, priorities and capabilities of the people directly involved with these efforts, with the CSO and CISO setting the tone. Development of a strategic intelligence function separate from either a physical or cyber security focus but responsive to the needs and inputs from both, as well as the host of other CXOs, would yield tailored intelligence of greater utility to a range of stakeholders, enabling a clearer picture of where impacts from events or motivations of threat actors converge in risk across business functions. Foresightful CEOs and boards may even want to consider whether empowerment of a CSIO to oversee acquisition, production, and dissemination of such intelligence would better allow the C-suite to fulfill its strategic duties and allow the other chiefs to focus on their areas of expertise.
Thea Gioe is a KCSI Visiting Fellow. She draws on over two decades of experience in U.S. government and private sector intelligence to advise corporate leaders on how to build the intelligence teams they’ll need to meet tomorrow’s challenges. She is a keynote speaker on how to leverage strategic intelligence to successfully navigate the evolving geopolitical landscape with confidence and on creating high-functioning teams.
Image by Sean Pollock on Unsplash
Written by:
