The business case for security

Companies most exposed to security risks are the most likely to develop a business case for security, according to a new survey by the Conference Board. The study was designed to gauge the role and influence of security managers amongst senior management.

by The Conference Board
Last Updated: 23 Jul 2013

Unsurprisingly, companies most concerned with security are companies in critical infrastructure industries such as energy, chemicals, transportation etc, as well as large multinationals and publicly traded companies.

Within these companies, apart from security directors themselves, the executives most supportive of security matters are those in risk-oriented positions such as compliance officers or risk managers.

But the survey found a strong disconnect between the level of support for security initiatives and the level of influence over security policy. In other words, the most supportive executives were not the most influential and vice-versa.

"Security directors appear to be politically isolated within their companies," says Thomas Cavanagh, author of the study. "They face a challenging search for allies when they need to gain support from upper management for new security initiatives."

Companies also displayed varying degrees of alignment between their business objectives and security policy. On issues of operational risks, the correlation was strong, particularly on compliance, protecting confidential information and limiting financial risks.

But the alignment with long-term strategic objectives was less convincing. Only 44% of companies saw security as enhancing the value of their brand and 35% thought it might help identify new business opportunities.

Good metrics seem to be crucial for security managers to deliver important messages to senior management. "Unfortunately, the measures available for analysing the effectiveness of corporate security tend to be much less sophisticated than those that have been developed for other corporate functions such as finance, HR or IT," says Cavanagh.

The survey suggested however that amongst the most useful metrics were: the cost of business interruption (64%), vulnerability assessment (60%), and specific insurance related stats such as the value of facilities (44%), level of insurance premiums (39%) and the cost of previous security incidents.

Source: Navigating Risks: the business case for security
Report #1395-06-RR, The Conference Board

Review by Emilie Filou

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Subscribe

Get your essential reading delivered. Subscribe to Management Today