Safety, Security, and the Adversarial Unknown in Organisational Legitimacy

Safety and security are frequently grouped within enterprise risk governance, yet they rest on different epistemic foundations. Safety is typically oriented toward non-adversarial hazards that can be modelled through historical evidence and procedural assurance. Security, by contrast, is bounded to adversarial, purposive risk: threats arising from deliberate, malicious human action that is adaptive, deceptive, and resistant to actuarial certainty. This article examines how security’s association with the adversarial unknown undermines organisational legitimacy relative to safety and, in turn, constrains security’s influence over decision-making. Drawing on qualitative evidence from a multi-phase study involving literature analysis, organisational failure events, and expert practitioner perspectives, the analysis shows that organisational discomfort with adversarial uncertainty encourages minimisation and reframing of security risk, reinforcing structural and cultural barriers to influence. While recognising that contemporary threats unfold across hyperconnected socio-technical systems, the article remains empirically focused on corporate security practice protecting people and physical assets, treating adjacent risk functions as governance environments that condition legitimacy. The findings contribute to risk governance scholarship by explaining why security influence is frequently episodic and crisis-activated, while safety authority is more stable and institutionalised.