The business case for security

Companies most exposed to security risks are the most likely to develop a business case for security, according to a new survey by the Conference Board. The study was designed to gauge the role and influence of security managers amongst senior management.

by The Conference Board
Last Updated: 23 Jul 2013

Unsurprisingly, companies most concerned with security are companies in critical infrastructure industries such as energy, chemicals, transportation etc, as well as large multinationals and publicly traded companies.

Within these companies, apart from security directors themselves, the executives most supportive of security matters are those in risk-oriented positions such as compliance officers or risk managers.

But the survey found a strong disconnect between the level of support for security initiatives and the level of influence over security policy. In other words, the most supportive executives were not the most influential and vice-versa.

"Security directors appear to be politically isolated within their companies," says Thomas Cavanagh, author of the study. "They face a challenging search for allies when they need to gain support from upper management for new security initiatives."

Companies also displayed varying degrees of alignment between their business objectives and security policy. On issues of operational risks, the correlation was strong, particularly on compliance, protecting confidential information and limiting financial risks.

But the alignment with long-term strategic objectives was less convincing. Only 44% of companies saw security as enhancing the value of their brand and 35% thought it might help identify new business opportunities.

Good metrics seem to be crucial for security managers to deliver important messages to senior management. "Unfortunately, the measures available for analysing the effectiveness of corporate security tend to be much less sophisticated than those that have been developed for other corporate functions such as finance, HR or IT," says Cavanagh.

The survey suggested however that amongst the most useful metrics were: the cost of business interruption (64%), vulnerability assessment (60%), and specific insurance related stats such as the value of facilities (44%), level of insurance premiums (39%) and the cost of previous security incidents.

Source: Navigating Risks: the business case for security
Report #1395-06-RR, The Conference Board

Review by Emilie Filou

Find this article useful?

Get more great articles like this in your inbox every lunchtime

When spying on your staff backfires

As Barclays' recently-scrapped tracking software shows, snooping on your colleagues is never a good idea....

A CEO’s guide to smart decision-making

You spend enough time doing it, but have you ever thought about how you do...

What Tinder can teach you about recruitment

How to make sure top talent swipes right on your business.

An Orwellian nightmare for mice: Pest control in the digital age

Case study: Rentokil’s smart mouse traps use real-time surveillance, transforming the company’s service offer.

Public failure can be the best thing that happens to you

But too often businesses stigmatise it.

Andrew Strauss: Leadership lessons from an international cricket captain

"It's more important to make the decision right than make the right decision."