Proving the Value of Corporate Security in Your Organization
When a potentially devastating threat looms and is then prevented, it is likely a non-event for everyone but the security team. Therein lies a quandary, akin to this modified well-known quote: “If a tree tilting in the forest is propped up before it falls but there are no witnesses, was it ever in danger of crashing?”
One of the biggest challenges of corporate security professionals is proving their value to their organization, and this was the overarching issue explored by a diverse panel of experts at the 2022 Ontic Summit.
“As practitioners, we wrestle with how we show value to the organization,” said Chuck Randolph, Ontic Executive Director of Strategic Intelligence, who moderated the panel. “We’re aligned with how the organization is thinking, but just look at things through a different lens and language.”
Randolph pointed out that as COVID shifts from a pandemic to becoming endemic in our lives, investments and divestments in physical security may see-saw, which can be a challenge for physical security professionals.
“The job should be managing the risk as it exists,” said panelist James Tunkey, Chief Operating Officer of I-OnAsia, a global risk management consultancy. “That means scaling up or down – being nimble to support the business. Take the cost and risk savings to help the business make more money.”
To distill the value of security, defining the risks on an enterprise or corporate level can be a challenge.
“The Risk section in 10k reports provides a roadmap for any security or corporate intelligence program,” said panelist Brady Roberts, Chief Operating Officer for Emergent Risk International. “Look at the goals for the company, risks identified and requirements that align to objectives they will be pursuing all year long and relentlessly work against those priorities.” Roberts noted physical security professionals should be disciplined and stay focused on these buckets of key priorities throughout the year.
Moving the Needle Forward
Randolph asked the panel how they measure performance and effectiveness – whether they are moving the needle forward.
“There are various reporting departments, intelligence-sharing initiatives, white papers and online research that you can use to pull all the puzzle pieces together – benchmarking from internal but also external,” said panelist Morgan Popolizio, Senior Advisor, Protective Intelligence and Operations for Dell Technologies. Popolizio pointed to travel for Executive Protection as an example. “The team is going to the same event each year at the same location. Is there value in an analyst spending hours [preparing a report] when they already know the landscape? Maybe it’s more about tuning into the news and current activities in the area? I think of value in terms of how I can show where our resources should be allocated and quantifying them.”
Building further on the 10k report as a resource, Tunkey added, “10ks also have good data on risks and losses of competitors and peers – where the company must stay focused.” Physical security professionals can show the competitive advantages their team may have in dealing with loss events, for example, and thus how it may lower the cost of capital, which can be important to investors.
What Security Means for the CEO and Stakeholders
The language of physical security professionals may not be understood by those outside the profession. “We need to translate the language we typically talk into ‘this is what it means for the CEO’,” Randolph said.
Roberts concurred: “We have our own tradecraft, so are you communicating to your audience the way they need to be communicated to?” He went on to discuss a situation that took place with a client of his in which he supported them by creating “a simple, short and sweet report” that outlined the issue at hand and the fact that there was no reason for immediate concern. The report also noted the situation could spiral based on certain indicators and the potential time frame. “Anyone in the company could understand this,” he concluded.
“Knowing the customer influences what and how you’re going to write,” said Popolizio. “If you’re on an EP team, get used to doing one sentence. I come from academic research where it’s better to have ten pages, then became an analyst to the EP team. So I’ve gone from 10 to one-page reports.”
“I’ve invested 20 years in becoming a better risk manager,” said Tunkey. “I’m qualified to serve on risk management boards of companies, and I encourage others to get trained on this. Chartered financial risk analysts, those in insurance use that language to identify risks. Be on the level of those looking to lower costs of gates and guards.”
Tell Stories That Attach to Higher Things
Physical security professionals need to communicate with other stakeholders such as legal, marketing, public relations, and human resources — those who have influence and can help them tell stories that prove their value.
Popolizio recommends benchmarking both internally and externally – using short surveys to get the pulse of stakeholders. She also says it is important to assess tools and technologies – how that is helping and hurting corporate security professionals tell stories of their value. “People are on autopilot with tools,” she said.
“Go to management and ask what their opinions of risk are,” said Tunkey. “If you’re not brave enough to ask management, you are failing yourself and your people.”
To learn more about how you can prove the value of your corporate security program, watch our on-demand webinar, ‘Proving the Value of Your Corporate Security Program’.