Keeping employees healthy and safe and property secure is crucial, especially in light of the current geopolitical landscape, ongoing issues stemming from the most recent pandemic, and the tragic events in Highland Park, Uvalde, Buffalo, Tulsa, and many more cities.
In a seemingly non-stop threat environment, corporate security teams must focus on highlighting the value of their efforts, despite difficulties in doing so. Business leaders must move away from discussing the function of security in the context of a cost center—but see it as a risk mitigation multiplier, securing critical organizational assets such as facilities, IP, and most importantly, people.
Changing how executives view a security organization makes it challenging for risk leaders to earn approval for advanced initiatives that can proactively protect their organization. According to Ontic’s Mid-Year State of Protective Intelligence Report, nearly two-thirds those polled indicated their company received or investigated at least one threat weekly, and likely more. Further, while organizational leaders believe they are adequately trained in threat assessment, a majority expect to miss up to half the threats at their company in the next six months due to the volume of threats, lack of data sharing, and poor communication, among other reasons.
In order to start working through those issues (such as creating clarity around risk and collaborative efforts in managing threats), security teams can also underscore the ancillary benefits they provide their organization. While some may view this as daunting, here are some ways to approach this worthwhile endeavor.
Evaluating Program Effectiveness
Before corporate security teams consider requesting additional resources, they need to align on the current effectiveness of their program. According to the Security Executive Council (SEC), a program is effective if it can positively answer these questions:
- Does management believe the program is adding value? To stay relevant, senior executives must believe in the power and purpose of the security program.
- Can you confidently say that the program helps eliminate risky business practices? If a program intends to eliminate risks to the best of its ability but isn’t getting results, it may need to reconsider how much influence the program has.
- Do employees and management accept shared responsibility for people and asset protection? The security team is not solely responsible for protecting an organization from threats. If this is how it is perceived, it’s not effectively communicating program operations. Security teams provide the tools and first response, but managers are the custodians of the assets, and the entire organization should support those efforts.
Overall, if a program is perceived as ineffective, senior leaders may reduce their budget without considering the potential risk to the organization. To avoid this, security teams must start speaking to stakeholders in simple language they can understand and appreciate.
For example, the finance team understands controls that enable compliance and net profitability, while human resources look to enhance employee engagement and lower turnover through proven health, safety, and security practices.
Approaching corporate security from this perspective can help demonstrate to other cross-functional teams that security can further their initiatives as part of the company’s ecosystem.
Measuring Performance and Communicating Business Continuity
An effective corporate security program will make the organization more profitable because when threats and vulnerabilities can be anticipated and risk minimized, the business can be safeguarded from potentially devastating losses—or, at the very least, an expensive disruption.
But proving this can be a bit challenging—especially if you haven’t compiled the correct data. Here are three methods to make that easier:
- Security is a business: When you track and measure security as a crucial contributor to the organization, there will be more receptivity to increasing your decision-making power. Ensure those metrics emphasize your effectiveness and are the ones that matter most to executives. For example, illustrate how much downtime security events caused and how that has improved with implementing new initiatives.
- Break down data silos: Too often, security-related data—building security, social media monitoring, visitor management, etc.—are tracked using different applications. You may be collecting data in spreadsheets or manually tracking threats on paper. These siloed sources make it challenging to cross-reference data to identify related events, investigate and act on existing threats, or compile comprehensive reporting with meaningful context. Technology supports a company’s more significant risk efforts by bringing teams together, and your organization can benefit from unified data governance and automated end-to-end audit tracking.
- Cross-team collaboration: An organization’s security is only successful when everyone is engaged and committed. To keep physical security top-of-mind, they must regularly communicate with the entire workforce—especially those strategic partners aligned with protecting the company whose collaboration you need most. When all threat data is collected in a centralized solution, teams have real-time insight into hazards, can quickly get the message out, and work with other departments to proactively manage a threat.
Security professionals typically struggle with documenting their accomplishments; therefore, associates may not realize that a security team is most successful when nothing happens. If there’s no violence, theft, or other serious security events, that could be an indicator that the program is effective. By communicating this with the correct narrative and data (year-over-year or month-over-month comparative achievements), you can help improve the security brand and earn your internal customer’s confidence and support.
Proving the Value
We live in complicated times, and organizations of all sizes grapple with a growing wave of interconnected and disparate threats. Today, identifying and managing security risks can be overwhelming—especially when you don’t have the correct elements in place to assist in identifying, collaborating, and communicating.
As long as the senior leadership team sees the function as a cost center rather than a value-adding arm of the organization, it will remain problematic to gain resources and maintain the needed influence to be effective proactively.
Arguably, security’s role has never been more critical than now. To effectively mitigate these growing threats, teams must focus on applying business acumen, gaining acknowledgment and support, and maintaining a voice in the decision-making process by consistently demonstrating the value of their efforts.
Chuck Randolph, Executive Director of Strategic Intelligence at Ontic, is an expert in the deployment and management of enterprise protection, security, intelligence and risk management programs. He is a Lieutenant Colonel (Ret) and has more than 30 years of experience in the corporate security industry and as a military officer serving in operations and intelligence. Chuck is a founding member of the Corporate Executive Protection Leadership Council (CEPLC) and the International Protective Security Board (IPSB). Chuck also sits on the board of the Association of International Risk Intelligence Professionals (AIRIP) and is the current chair emeritus of the Pan-Asian Regional Council (PARC) for the U.S. Department of State’s Overseas Security Advisory Council (OSAC).