The business case for security

Companies most exposed to security risks are the most likely to develop a business case for security, according to a new survey by the Conference Board. The study was designed to gauge the role and influence of security managers amongst senior management.

by The Conference Board

Unsurprisingly, companies most concerned with security are companies in critical infrastructure industries such as energy, chemicals, transportation etc, as well as large multinationals and publicly traded companies.

Within these companies, apart from security directors themselves, the executives most supportive of security matters are those in risk-oriented positions such as compliance officers or risk managers.

But the survey found a strong disconnect between the level of support for security initiatives and the level of influence over security policy. In other words, the most supportive executives were not the most influential and vice-versa.

"Security directors appear to be politically isolated within their companies," says Thomas Cavanagh, author of the study. "They face a challenging search for allies when they need to gain support from upper management for new security initiatives."

Companies also displayed varying degrees of alignment between their business objectives and security policy. On issues of operational risks, the correlation was strong, particularly on compliance, protecting confidential information and limiting financial risks.

But the alignment with long-term strategic objectives was less convincing. Only 44% of companies saw security as enhancing the value of their brand and 35% thought it might help identify new business opportunities.

Good metrics seem to be crucial for security managers to deliver important messages to senior management. "Unfortunately, the measures available for analysing the effectiveness of corporate security tend to be much less sophisticated than those that have been developed for other corporate functions such as finance, HR or IT," says Cavanagh.

The survey suggested however that amongst the most useful metrics were: the cost of business interruption (64%), vulnerability assessment (60%), and specific insurance related stats such as the value of facilities (44%), level of insurance premiums (39%) and the cost of previous security incidents.

Source: Navigating Risks: the business case for security
Report #1395-06-RR, The Conference Board

Review by Emilie Filou

Sign in to continue

Sign in

Trouble signing in?

Reset password: Click here


Call: 020 8267 8121



  • Up to 4 free articles a month
  • Free email bulletins

Register Now

Get 30 days free access

Sign up for a 30 day free trial and get:

  • Full access to
  • Exclusive event discounts
  • Management Today's print magazine

Join today