“The thing about security is that it should help the business. It should be there to assist the host organisation in making a profit. Not many of us think of security in this way, and certainly not the majority of those who work in this field. We have just accepted our relegated position. We don’t have to. We could and should be contributing towards corporate objectives. If we are not part of that process, then we are out of it altogether.”
This quote hails from a leading security professional, and was first published last December in the comprehensive report ‘Demonstrating the Value of Security’ compiled by Perpetuity Research and Consultancy International (PRCI) as part of The Security Research Initiative (see panel ‘The Security Research Initiative: making a difference to corporate protection’).
Although security is typically viewed as a drain on the bottom line, there are many ways in which it can – and often does – add value to the host business. In truth, security is a key aspect of most organisational processes. That being the case, modern security management should envision security as integral to ALL activities within the organisation, and not as a separate function ‘living life on the edge’.
In real terms, the value of security can be loosely categorised into hard and soft benefits. Hard benefits pertain to the quantifiable aspects of security, and can usually be described in financial terminology. Soft benefits are equally important, but are somewhat more qualitative. They describe the more intangible benefits of security (an increase in staff morale among them).
For their part, security professionals need to acquire business acumen. It is now vitally important that they be able to ‘speak the language of business’. The transition to that point will not be an easy one, however. Too many security professionals are – for various reasons – unable to see how security might add value. Many more underestimate the true value security can generate.
Put simply, the security sector needs to develop a strategy – both internally and externally-led – that will cement its rightful place at the top of the organisational agenda. That strategy must be holistic, take account of each and every threat to all organisational processes and be completely aligned with corporate objectives. Crucially, the strategy must also be developed in partnership with organisational stakeholders.
The security function needs to collect metrics that will highlight how it’s adding value. Sometimes, metrics already exist in other parts of the company. However, it’s usually the case that new data will have to be sourced. That takes time, but without any metrics it’s impossible to show value in a form that the majority of business leaders will most clearly understand.
One of the biggest losers at the present time is the security solutions supplier. Wherever they are reporting to an internal security function that is inadequate and/or marginalised, the scope for them adding any value to corporate objectives is extremely limited to say the very least.
At the end of the day, the general inability of security to evidence how it impacts positively on the bottom line often results in its marginalisation, making it an easy target when cost-cutting rears its ugly head.
Best Value for Business Campaign
The Best Value for Business Campaign emerges from the (aforementioned) Security Research Initiative, a three-year programme of study focusing on research to improve understanding of the security sector.
Devised by PRCI, Security Management Today (SMT), the British Security Industry Association, ASIS International’s UK Chapter 208 and The Security Institute, our editorial campaign has two main aims: to highlight the role of security sector professionals in enhancing the value of the organisations for whom they work, and to change the perception of the security sector so that it’s seen as a business enabler and enhancer rather than the usual story of it being viewed as a ‘necessary evil’ that drains profits.
During the next twelve months, both in print and online (at www.info4security.com), SMT will carry a range of articles concentrating on the true value of security to the business – starting in this edition with an excellent discourse courtesy of Professor Martin Gill, project leader for The Security Research Initiative.
A long-term member of SMT’s Editorial Advisory Board, Professor Gill has spent much time interviewing security managers in the UK and overseas on the topic of security and added value. The findings are striking. For example, some directors of security don’t feel their peer group are up to the challenges laid down by modern security management. Also, the continual focus on appointing former police service and military personnel often means that business acumen is frequently lost.
An industry-wide strategy
In ‘Demonstrating the Value of Security’, upon which the inaugural SMT article is based, Professor Gill and his colleagues at PRCI – Tony Burns-Howell, Gemma Keats and Emmeline Taylor – make a concerted plea for an industry-wide strategy that will raise the credibility of the security function within organisations and among members of society at large.
As a preliminary step, the strategy should encompass the key elements likely to realise the quickest wins in terms of raising credibility. These elements are:
- education and training (including a focus on business as opposed to security skills);
- influencing organisations by promulgating the potential security has to influence different aspects of organisational work (it’s often the case that even in those instances where security is delivering value, the Security Department is not informing the rest of the company about this);
- staffing issues (including the need to attract people with business acumen);
- structures facilitating recognition (to encompass the development of a plan geared towards achieving Chartered status).