Corporate Security at the World's Largest Chemical Company BASF
GIT SECURITY in Conversation with Julia Vincke, Vice President Security, BASF Group about strategies and challenges in Corporate Security.
With around 230 production locations in 90 countries, BASF is the largest chemical company worldwide. It employs more than 111,000 people. Since March, Julia Vincke has been heading up the security organisation as Vice President Security, BASF Group. Previously, among others, she was with Volkswagen and working in high risk countries such as Afghanistan and Libya. GIT SECURITY spoke with Julia Vincke about the enormous challenges of her job and her strategic approach to address them.
Ms. Vincke, many thanks for taking the time for this interview with GIT SECURITY. Only recently — in March of this year — you took over the task of global security of the BASF concern, the largest chemicals company of all. This is really not an insignificant task...?
Julia Vincke: Many thanks for the invitation to be interviewed, which I am very happy to accept, especially in my new role as head of Group Security for BASF. As you rightly say, BASF is the largest chemical company worldwide, represented in 90 countries with more than 230 production locations and more than 111,000 employees worldwide. And because of those figures, it is extremely important to approach the job with the necessary respect, but not being timid. Of course, at the beginning there is a lot of listening and learning to do about both the employees and the company itself.
But it was made easy for me by a dedicated and competent team that I can rely on and that supports me, even though my start coincided with the start of the war in Ukraine. So out of initial healthy respect for the new job and all its facets, I quickly developed a lot of enthusiasm. For that I am very grateful, even though I effectively assumed responsibility for the security of people and the BASF company’s values overnight.
A brief word about your background: you were previously with VW, and before that with Mediamarkt-Saturn. You were also with the police in Lower Saxony for 17 years — and can look back at some time spent in Afghanistan and Libya. The strong international aspect of your career will certainly help you with your new job …
Julia Vincke: Yes, I have accumulated broad security experience: I understand the regulatory, international, academic and commercial contexts. But of course you are right, my experience abroad, in particular in high-risk countries, has influenced me and set me up well for my professional career. To have gathered international experience as well as built up the corresponding networks all helps me in my handling of security matters.
Security is not just relevant here in Ludwigshafen, especially in a globalized world and in this era of digitalization. Global crises always have a long-term effect on the security situation, nationally, regionally or internationally, as we all found out when the Covid-19 pandemic or the current Ukraine war started. I have always strived to understand geopolitical contexts. If we take the examples of Libya and Afghanistan, we just had to stand and watch what has become of long-term international efforts as Gaddafi was overpowered and the Taliban took over. We are now facing a similar challenge in Ukraine because the impact of this war goes way beyond security concerns. I very much appreciate the opportunity to discuss many different matters in close cooperation with those responsible for security in different regions of the world and to tackle the resultant challenges, and also to work internationally at BASF. The company has agencies and manufacturing sites in 90 countries around the world.
As Vice President of Security, you are not just responsible for the main site in Ludwigshafen. How is the subject of security organized globally?
Julia Vincke: As a globally active company, BASF is just like any other company and confronted daily with a whole host of security risks. We can only withstand these if we have a robust security infrastructure and promote and live out teamwork. Apart from our central security organization in our main location of Ludwigshafen, which consists of four groups with different priorities, I also have a team of Regional Security Managers in the USA, South America and Asia who are correspondingly responsible for numerous so-called Area Security Managers at a national level and Site Security Managers at each location.
Julia Vincke will also be speaking on Corprate Security at the virtual event Wiley Industry Days 2023 (14-16 March). Link to the free WIN>DAYS registration.
IT Security at BASF belongs to a separate department...?
Julia Vincke: The progression of digitalization of the working place means that the border between physical and digital security is becoming increasingly vague. Of course, we recognize this convergence at BASF as well, and for this reason all the departments that have to deal with security work in close collaboration together – independently of their organizational membership. Security can only be assured with an overall approach. The classic silo mentality has been obsolete for a while, and only a comprehensive management approach to this subject has any future.
You mentioned in our chat before that company security departments have mostly grown over time – and mostly with an antiquated structure. You are currently building your team. What do you want to change and do differently? What will your team look like?
Julia Vincke: Historically, the world of security was never notably diverse, in particular not in middle management or even in upper management. Luckily we can now see a trend that is softening the traditional structures. The working place is currently undergoing a fundamental change. The creation, establishment and success of security organizations depend largely on the people implementing them as well as the availability of suitable personnel. This situation is being intensified not least by the digital transformation, demographic change as well as competition for talented people. For these reasons, building up the staff of security departments has become much more complex than simply recruiting people with various expertise.
Security departments in industry have traditionally recruited most of their staff from state security authorities wherever possible, that was the case for me personally too. For many years, the best qualification for a security job in industry was previous employment with the police, secret service or the military forces.
The spectrum of competence of future-oriented as well as capable and competitive security departments must be urgently broadened. There must be a focus on the integration of job skills such as process competence, technology competence, the ability to create strategies and innovation ability. I am convinced that we must cross into new terrain in order to find and retain suitable and responsible personnel. An elementary role will be played here by the diversity of gender, age, ethnicity and professional experience, but also by the salary. A security expert whom I highly respect, Marco Cabric, said on this subject that security departments must transform from ‘James Bonding’ to ‘bonding’.
The compilation of successful teams in security departments must be approached in such a way that they are equipped to carry out complex tasks throughout many-layered structures, in sometimes unclear situations and beyond geographic boundaries. This requires a future-oriented personnel strategy that promotes and supports the competencies mentioned above. I have taken this approach to heart in the past when building my teams and naturally want to do this in the future as well. My teams at BASF Group Security are already very diverse with respect to their professional expertise. I have employees who don’t actually have a classic security background but, for example, an academic qualification in informatics, political sciences, economics, digital forensics or intelligence instead. These different points of view toward the subject of security enable us to have a holistic method of evaluation.
Under the heading of ‘Team’: you are one of very few women in such a management position – in general there are comparatively few women in the security industry. What is your opinion on this?
Julia Vincke: The question is really inseparable from what I have just said. The world of Group Security really is still dominated by men; as far as I know, only three women head up security organizations in the DAX 40 companies. There is, of course, room for improvement here, not least because security departments already have many great women at the second or third level. And ever more women are studying security and risk management. In spite of this, security departents need to be more transparent about the profession by promoting it in a modern fashion and make it appealing to women.
The subject of ‘Women in Security’ is close to my heart; I have recently started an internal photographic campaign that has given women in BASF Group Security a face. The feedback was unbelievably positive, which was very pleasing. Meanwhile there are some initiatives in industry that have taken up exactly this subject. I am planning some events together with other female heads of security in which we will promote the subject of security, and in particular for the so-called millennials.
Let’s take a closer look at the targets and strategies of Group Security at BASF. Could you give us an overview — in spite of the complexity of the matter?
Julia Vincke: Security departments have to overcome complex challenges against a background of globally changing circumstances. Apart from a well-defined brief, security departments need a strategy and the ability to make plans in order to cope with the current situation. Long-term thinking is essential if you want to develop an effective security strategy. Long-term trends such as a changing regulatory environment, social, commercial, geographic or political conditions must be considered when formulating the relevant strategy.
A security strategy is, of course, always adapted to the strategy of that particular company. And there are differences, depending on the industry sector. In addition, we are living in a VUCA world (Volatility, Uncertainty, Complexity and Ambiguity) and just in the last few years we have seen just how vulnerable we all are as a country, a company or as a civil population. Starting with the Covid-19 pandemic, considering the catastrophic flooding in Europe, and now to the current war in Ukraine. Crises will become more intense in the future, both quantitatively and qualitatively, and it must therefore be part of our security strategy to cope adequately with such events.
Crisis anticipation, crisis management and crisis evaluation are a fundamental part in this context, also for BASF. It is a little like Aristoteles said: We can’t change the wind, but we can set the sails right. New criminal phenomena always surface whenever there is a crisis because, as perfidious as it is, criminal networks make use of crises – whether they are of a political nature, wars, pandemics or natural catastrophes – to fill emerging security vacuums. It is therefore always important for corporate security to be aware of current developments.
... an enormous and complex problem ...
Julia Vincke: That can only be achieved together with other security-related stakeholders because security is interdisciplinary. That applies in particular to the interlinking between the government, commerce, research, NGOs and society. Some examples would be the establishment of public-private partnerships, or initiatives such as the ‘Global Player Initiative’, or the ‘Alliance for Security in Commerce’.
When we look at the soft factors of a security strategy, then even the best strategy and the most competent team can only respond if the security culture has been adequately embedded in the DNA of the company. That is the case at BASF. It is essential to sensitize all the employees to the volatility of this considerably complex subject. We achieve that through specific training opportunities, compulsory training and awareness campaigns. I am a big fan of marketing the subject of security in a positive and modern way. I am honestly convinced that security marketing is a corporate value that should not only be a positive, distinctive feature of security departments but rather that can be a counterweight to physical or digital criminal phenomena as well as disinformation
On a broad scale, where do you see the greatest challenges for Group Ssecurity at BASF in the next few years?
Julia Vincke: I am sure that we will be facing significant challenges as a security organization, but that is what makes our job so exciting. Viewed globally, we will see how world commerce shifts in the short, middle and long-term, how the form of conflict changes, how climate change becomes more intense, how there will be a growing threat of terrorism and how the world order is rearranged. The last item has become particularly relevant since the invasion of Ukraine. The volatile global security situation influenced by geopolitical crises, migration, organized crime, humanitarian crises, natural catastrophes, as well as hybrid threat scenarios, all create special challenges for every security department, and of course for countries and commerce. I find the increase of politically-motivated violence particularly concerning, which has reached a new level during the pandemic. Ever more people are turning away from democratic constitutions and forming subcultures. According to the Allianz Risk Barometer, political risks and violence have meanwhile entered the Top 10 of corporate risks.
Apart from the obvious physical threat scenarios, we are now living in a world of invisible dangers, and that is why security strategies cannot be based on the threat environment of yesterday. Strategic foresight is a valuable motor of transformative processes if these are integrated early enough into the DNA of the respective organization. Artificial intelligence, biometrics, drone technology, big data and virtual reality have become the ‘Game Changers’ for security departments. BASF, for example, has its own drone competence center that we are constantly expanding and plan to work together with the security authorities.
Disruptive technologies, however, also have their downside because, apart from data protection limitations, these technologies are also vulnerable and not immune to external attacks. These include cyber-criminality, spying and sabotage. As a result, it is necessary to adopt a holistic protection against everything that makes our digital ecosystem vulnerable, to follow a security-by-design approach and to have information security in mind. And we come back to the close cooperation that I mentioned before because it is necessary for security departments more than ever to establish themselves in the melting pot between logical and physical security. To put it briefly: I think that it will be in the region between the unpredictability versus resilience. It is important with a combined effort to be prepared. It will be a long time before the global immune system has recovered from the current crises and a weakened immune system is well known to be more susceptible.
Could you tell us what security-related problems and consequences the attack on Ukraine had and now has for BASF?
Julia Vincke: BASF condemns the attack ordered by the Russian government on Ukraine to the highest degree. We stand in solidarity together with the people of Ukraine and hope that this war can be ended as soon as possible. We are very concerned for everyone who has been affected by the conflict, and especially our colleagues and their families in Ukraine who are currently experiencing unbelievable hardship.
Just like many other companies, BASF and we in the corporate security department were first of all concerned with the safety of our local employees when Ukraine was invaded. We concentrated on getting employees and their close relatives — at least the women and children — either to safe places within Ukraine or to neighboring countries. We were also able to get personal protection equipment, such as helmets and flak jackets, as well as sleeping bags and medicines into the country. We also provide psychological support for our employees — if they wish to receive it. The solidarity, the readiness to donate and the enthusiasm of our entire BASF family really impressed me in this situation. Apart from all that, we at corporate security set up local and regional crisis teams and have already taken part in a number of crisis team meetings. My international team is constantly working on ensuring the safety of our employees.
How much effort is required to discover and counter ‘white collar crimes’ and the problem of internal criminals, and what strategies do you employ against them?
Julia Vincke: Commercial crime is also a problem in Germany that comes in many different guises, so there can be no general definition of it. All the various types of commercial crime such as fraud, bribery, disloyalty, theft, money laundering etc. regularly cause a large part of the total damage of all crimes that are recorded by the criminal statistics issued by the police. Commercial crime is therefore so concerning for companies because the threats not only come from outside — the role of potential outsiders should not be underestimated.
Internal crime is not a fictive phenomenon, and can happen in any company. Current analyses show that internal offenders were working together with external organizations in fifteen percent of cases. It is therefore very important for security departments to define and implement appropriate protection measures to make the risk manageable. But it is necessary, however, to make sure you’re not just being generally suspicious of your own employees or others.
Even though the risk of internal crime can never be totally prevented, there are tools available to counteract it. I already mentioned the subject of company culture – if you’re talking about soft factors, it is beneficial to create working conditions that are respectful, trusting and cooperative. Making employees aware of potentially risky situations in which internal knowledge could be obtained by people outside the company is another protective element against internal offenders. BASF already carries out many educational campaigns on this subject, and there are some really great items available via the various media channels that cover the subject informatively and appropriately. Apart from that, it is essential to establish counter-measures. These can include pre-employment screenings, checking sanction lists, conclusion of non-disclosure agreements, IT asset management, identity and authorization management for example, but also access controls.
Finally Ms. Vincke: What have been your early impressions of the company you now work for, and what will you be mainly concerned with in your first year?
Julia Vincke: BASF is a very exciting and highly complex organization with a staggeringly varied product portfolio. Even though I’ve already passed my first 100 days, I still have an enormous learning curve ahead of me over the next few months. And exactly that is important for me: to get to know the company as well as possible, to understand its relationships, its networks and visions, which then enable me to develop a sustainable security strategy. I am really excited to be starting this ‘learning journey’. But I’m also looking forward together with my team to maybe deviating slightly left or right from the previous course and trying out new things. But apart from that, I will of course have to handle all the security aspects I mentioned before, not least the war in Ukraine, perhaps another wave of Covid-19 and much more.
What is special at BASF by the way, and something that is important to say, are the people and the great welcome feeling they gave me when I started and I still feel every day. That is not a given, and I’m very grateful for it.
Julia Vincke will also be speaking on Corprate Security at Wiley Industry Days 2023 (14-16 March). Link to the free WIN>DAYS registration.