RISK PERCEPTION

Risk perception is about how we view and perceive individual risk on a personal level. It is important to include risk perception in the work on security culture, as it helps to form the basis for which risks we choose to prevent and protect ourselves against.

Our perception is influenced by many factors, all of which contribute to the cultural framework we are part of. It also means that our perception of risk can vary from context to context and is constantly changing.

It probably comes as no surprise that there can be a big difference between what we fear and how likely our fears will become a reality. In some cases, the fear of a terrorist attack will be justified, but statistically, the likelihood of an attack occurring is very low. Fear is not necessarily rational, and we must remind ourselves that we are far more likely to get into a traffic accident than be subjected to a terrorist attack. Nevertheless, organisations need to address the terrorist threat – both because it is a threat that looms large in the political landscape, where it is important to take responsibility, and because the consequences of a potential attack would be very serious.

In relation to terrorism, it is important to note that terrorist attacks are designed to create fear. The aim of preventive action will, therefore, typically be to safeguard lives and material assets and to eliminate anxiety.

To identify what we fear and what needs to be protected, we should start by talking about the threats and the potential consequences we fear, as well as the uncertainties associated with them. In this way, we will be able to better understand how our thoughts and feelings affect our individual perception of a risk.

This is important to agree on a common understanding of the threat scenario and the assets we want to protect. Therefore, it is a good idea to clarify this at management level so that it is clear what we want to protect us against and to what level; not least, because protection of the organisation and establishing a security culture can also be a major financial burden. This also makes it easier to accept the premise that safeguards are needed in the first place.

It is impossible to know everything, and therefore there is no guarantee that what we protect ourselves from is what we are most vulnerable to. It is, therefore, impossible to say how to protect against future attack scenarios, as these situations remain unforeseeable.

Consequently, the threats the organisation chooses to protect itself against can only be familiar scenarios. In other words, the threats we choose to defend ourselves against will always be influenced by our own perception of reality. Our perception of reality is formed, among other things, through media and the experiences we gain as a society.

Therefore, when establishing a sound security culture in your organisation, you should consider the perceptions of reality that exist in your organisation. The fear of a particular threat and the courage to face it is largely dependent on who you are.

Normality is what we experience when everything is as it typically is; in other words, what we expect to happen in a given environment. It may be that we are used to the postman bringing packages at a specific time or that we have to contact the reception desk when we arrive as office guests.

To identify threats, it is also necessary to establish what is perceived as normality, as threats will usually be characterised by deviations from the usual order.

In other words, what is normality needs to be made clear to all employees in the organisation so that employees have a chance to spot deviations before it is too late.