One of the main challenges facing security professionals is the timely and accurate reporting of threat information. Several common barriers can prevent individuals from reporting security concerns effectively. These barriers can vary depending on the organization, its culture, and the specific context of the security concern. During our work with organizations, we’ve identified several common barriers to reporting:
Fear of Reprisal: Individuals may fear retaliation or negative consequences from their peers, supervisors, or the organization itself for reporting security concerns. This fear can stem from a lack of trust in the organization’s policies or a history (real or perceived) of adverse reactions to whistleblowers.
Lack of Awareness: Some individuals may not be aware of the proper channels or procedures for reporting security concerns. They may also lack knowledge about what constitutes a security concern, especially if they are not well-versed in organizational security policies.
Perceived Futility: If individuals believe that reporting a security concern will not lead to any meaningful action or resolution, they may be less inclined to report it. This perception can arise from past experiences of reporting issues that they believe were not adequately addressed or resolved.
Cultural Norms: In some organizational cultures, there may be norms or expectations that discourage speaking up about problems or issues, especially if it involves questioning authority or challenging the status quo.
Bystander Effect: When multiple individuals witness a security concern but assume that someone else will report it, they may refrain from acting themselves, and in the end, the incident goes unreported.
Lack of Confidence in Confidentiality: Concerns about confidentiality or anonymity can also prevent individuals from reporting security issues, especially if they fear that their identity will not be protected or that their report will be shared with others without their consent.
Complex Reporting Procedures: If reporting procedures are overly complicated or cumbersome, individuals may be discouraged from reporting security concerns due to the perceived effort required.
Cultural or Language Barriers: In diverse organizations, cultural or language barriers can hinder effective communication about security concerns, leading to misunderstandings or reluctance to report.
Minimization of Risk: Some individuals may downplay the severity of a security concern, especially if they believe it does not directly affect them or their work.
Lack of Incentives or Recognition: Without incentives or recognition for reporting security concerns, individuals may not feel motivated to take the time and effort to report them, especially if they perceive it as an additional task with no personal benefit.
Another Barrier? What’s in a name?
Our team works with a broad range of clients representing several key business sectors: finance, healthcare, manufacturing, technology, energy, and public agencies. In our work, we are fans of plain simple, and direct communication. Clear and succinct communication is critical, especially in a crisis. This is no time for euphemisms or bureaucratic doublespeak. But we have found there’s a flipside to this, especially when dealing with security-related information or threats.
Is the language we use yet another barrier to timely and accurate reporting?
Do we exacerbate the barriers to reporting we’ve outlined above simply by the words we use to describe our programs?
Threat Management and Threat Management Teams are the current terms of art for our profession. This is outlined specifically in the ANSI National Standard for Workplace Violence Prevention and other foundational documents in our field such as the FBI’s Making Prevention Reality publication and the entire series of US Secret Service National Threat Assessment Center reports.
So far, we’ve not seen any formal research on this topic but based on anecdotes from our interaction with clients we’ve come to believe that in some cases the use of these terms may be another barrier to effective reporting.
We have found this most frequently in the healthcare sector when we are addressing the epidemic of workplace violence directed against healthcare workers. In our work with bedside caregivers, we’ve noticed an interesting response from the clinical staff when we discussed the role and capabilities of threat assessment and threat management teams. One veteran nurse who has been the target of several acts of workplace violence throughout her career looked us straight in the eye and said “I have a really hard time thinking of my patience as threats. This is counterintuitive to how I was trained and why I got into nursing.” We explored a little further and conducted a climate survey and we found a significant percentage, approximately 35%, of clinical staff were uncomfortable with the term Threat Management Team.
In discussions with some of our corporate clients in other business sectors such as finance and energy, we have found that some employees have been reluctant to report security concerns because the employee of concern had not yet made threats. Other employees were concerned by the behavior but were intimidated and believed troubling behavior did not constitute a threat and therefore did not merit reporting to a Threat Management Team.
Does the word threat in the title of a program or team introduce a potential new linguistic barrier to timely and accurate reporting?
We have worked with several clients who have opted for different names for their teams.
- One large Regional Health care provider changed the name from their Threat Management Team to the term Behavioral Support Team.
- A large nationwide retailer recently formed a Behavioral Intervention Team with the responsibility for threat assessment and management within their organization.
As strong advocates for clear and direct communication simple communication, we also see risks inherent with such alternate naming. We run the risk of obscuring the actual role of the entity we create by giving it a soft and squishy name that blunts or obscures the impact of what we were trying to do.
We are still fans of plain language. Threat Management Team and Behavioral Threat Assessment and Management are still the industry-accepted terms to describe our work. As an alternative, organizations seeking a different name for their threat management capabilities should consider some variant name that incorporates the words behavior/behavioral and reassuring words such as support or interventions.
Regardless of what name is chosen, a key element to encourage and facilitate reporting must be a clear explanation of what constitutes a security concern and when and how such a concern should be reported. The bottom line is if an employee waits until a threat has been articulated to report a concern they’ve waited too long. Behavioral concerns should be reported as soon as they’re observed, and organizations must foster an environment and build a culture that makes employees comfortable reporting such information.
Addressing and overcoming barriers to reporting requires a combination of clear communication, robust and user-friendly reporting mechanisms, a supportive organizational culture, and proactive efforts to promote a culture of security awareness and accountability.
Summary
We still prefer the industry standard terms Threat Management Team and Behavioral Threat Assessment and Management. This is industry standard nomenclature that states in plain language what the program is and what the team does. Organizations should provide employees with clear guidance about the importance of early reporting of behaviors of concern to mitigate the impact of any potential barrier to reporting presented using this direct language. Employees should not wait until the threat is articulated to report concerning behavior.
We do recognize the value of alternative names in some cases. If your organization chooses to use an alternative name, we recommend some variant that still addresses the core function of a Threat Management Team. The examples we cited Behavioral Support Team or Behavioral Intervention Team are good options that strike the balance between clear articulation of a team’s mission and sensitivity to employee perception.
