[CM] [SIT] [C2] Understanding Shared-Space Risk Landscape

Chapter 2

Understanding Shared-Space Risk Landscape 

As organisations transition into shared, interconnected environments, the nature of risk evolves from being contained and organisation-specific to becoming distributed and systemic.

In traditional settings, disruptions were often limited to a single facility or organisation. Today, in shared-space environments, a single incident can simultaneously affect multiple entities, functions, and services.

Environments such as Punggol Digital District exemplify this transformation. Designed to foster collaboration between academia, industry, and government, such ecosystems rely heavily on shared infrastructure, integrated systems, and seamless connectivity.

While these features enhance efficiency and innovation, they also introduce new vulnerabilities that must be understood and managed.

This chapter explores the risk landscape of shared-space environments, highlighting the characteristics, risk drivers, and types of disruption that organisations must prepare for to achieve true operational resilience.

Characteristics of Shared-Space Environments

Shared-space environments differ fundamentally from traditional, standalone facilities.

Understanding their defining characteristics is essential for identifying and managing associated risks.

Key Characteristics

1. Multi-Entity Occupancy

• Multiple organisations operate within the same physical or virtual environment
• Examples include universities, government agencies, private sector partners, and vendors

2. Shared Infrastructure

• Common use of:
• Physical infrastructure (buildings, utilities, access control systems)
• Digital infrastructure (networks, platforms, shared services)

3. Interconnected Operations

• Processes and services are often interdependent across organisations
• One entity’s operations may rely on another’s systems or outputs

4. Blurred Boundaries of Control

• Limited direct control over:
• Facility management
• Security protocols
• Third-party service providers

5. High Digital Integration

• Strong reliance on digital ecosystems aligned with initiatives such as Smart Nation Singapore
• Increased exposure to cyber-physical risks

Implication

These characteristics create an environment where risks are shared, but responsibilities are fragmented.

Key Risk Drivers in Shared-Space Environments

The risk landscape in shared environments is shaped by several underlying drivers that amplify both the likelihood and impact of disruptions.

1. Interdependency Risk

• Organisations depend on shared systems, infrastructure, and services
• Failure in one component can cascade across multiple entities

2. Concentration Risk

• Critical resources are centralised:
• Power supply
• Network infrastructure
• Building access systems
  
  
• A single point of failure can disrupt many organisations simultaneously

3. Third-Party Risk

• Heavy reliance on vendors for:
• IT services
• Facilities management
• Security operations
• Vendor failure affects multiple tenants

4. Cyber-Physical Convergence

• Integration of digital and physical systems:
• Smart building technologies
• IoT-enabled infrastructure
• Cyber incidents can lead to physical access denial

5. Coordination Complexity

• Multiple stakeholders with:
• Different priorities
• Different levels of preparedness
• Crisis response requires alignment across organisations

Implication

Risk is no longer linear—it is networked, interdependent, and capable of cascading across the ecosystem.

Types of Disruptions in Shared-Space Environments

To effectively manage risk, organisations must understand the different categories of disruptions that can occur within shared environments.

Facility Denial Events

Events that prevent physical access to shared spaces.

Examples:

• Fire or structural damage
• Security lockdowns or police operations
• Hazardous material incidents
• Infrastructure failures (power, HVAC, water)

Impact:

• Immediate loss of access to the workspace
• Disruption to on-site operations
• Multi-organisation impact

Cyber-Physical Incidents

Events in which digital disruptions affect physical operations.

Examples:

• Compromise on building access control systems
• Failure of smart building management systems
• Network outages affecting entry systems

Impact:

• Inability to access facilities
• Loss of operational visibility
• Potential safety risks

Third-Party Failures

Disruptions originating from vendors serving multiple organisations.

Examples:

• IT service provider outage
• Facilities management failure
• Security service breakdown

Impact:

• Simultaneous disruption across multiple tenants
• Limited control over recovery timelines

Environmental and External Events

External factors affecting shared spaces.

Examples:

• Flooding or extreme weather
• Public health restrictions
• Transport disruptions limiting access

Impact:

• Reduced workforce availability
• Delayed recovery
• Extended disruption periods

Systemic and Cascading Events

Complex events where multiple disruptions occur simultaneously or sequentially.

Examples:

• Cyberattack leading to facility shutdown
• Infrastructure failure triggering security incidents

Impact:

• Amplified disruption
• Increased recovery complexity
• Cross-organisational consequences

Implication

In shared environments, disruptions are rarely isolated—they are multi-dimensional and cascading.

Duration and Severity of Disruptions

Understanding the potential duration of disruptions is critical for effective planning.

Insight

The longer the disruption, the greater the need to decouple operations from physical spaces.

Challenges Unique to Shared-Space Risk Management

Managing risk in shared environments introduces challenges that are not typically encountered in standalone organisations.

1. Lack of End-to-End Visibility

• Limited insight into:
• Shared systems
• Third-party operations
• Difficulty in assessing full risk exposure

2. Ambiguity in Ownership

• Unclear responsibility for:
• Incident response
• Recovery actions
• Potential delays in decision-making

3. Conflicting Priorities

• Different organisations may prioritise:
• Safety
• Continuity
• Reputation
• Misalignment can hinder coordinated response

4. Communication Complexity

• Multiple communication channels
• Risk of inconsistent messaging

5. Dependency on External Decisions

• Recovery may depend on:
• Building management
• Government authorities
• Vendors

Implication

Effective risk management requires not just internal preparedness, but external coordination and alignment.

Purpose of This Chapter

The purpose of this chapter is to provide a comprehensive understanding of the shared-space risk landscape, enabling organisations to:

• Recognise the unique characteristics and challenges of shared environments
• Identify key risk drivers and disruption types
• Understand the interconnected nature of modern operational risks
• Prepare for the need to manage risks beyond organisational boundaries

This understanding forms the foundation for subsequent chapters, which will focus on identifying critical services, mapping dependencies, and designing resilience strategies.

 Shared-space environments represent a fundamental shift in how organisations operate—and how they must manage risk.

The combination of shared infrastructure, interdependent systems, and multiple stakeholders creates a landscape where disruptions are broader in impact, more complex in nature, and harder to control.

In such environments, traditional risk management approaches are insufficient. Organisations must adopt a holistic, ecosystem-based perspective, recognising that resilience is no longer confined within organisational walls.

Understanding this risk landscape is the first step toward building the capability to anticipate, absorb, and adapt to disruptions in a world where risks are shared—and resilience must be collective. 

More Information About Crisis Management Blended/ Hybrid Learning Courses

To learn more about the course and schedule, click the buttons below for the  CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].