Finance:Corporate security

From HandWiki

Corporate security identifies and effectively mitigates or manages, at an early stage, any developments that may threaten the resilience and continued survival of a corporation. It is a corporate function that oversees and manages the close coordination of all functions within the company that are concerned with security, continuity and safety.

Introduction

Globalisation has changed the structure and pace of corporate life; the saturation of traditional markets is taking companies to more risky places; the shift towards a knowledge economy is eroding the importance of ‘place’ in the business world; new business practices such as offshoring challenge companies to manage at a distance; and new forms of accountability, such as corporate governance and corporate social responsibility, put added pressure on companies to match their words with deeds, wherever they are operating.

At the same time, security risks have become more complex, too. Many of the threats, such as terrorism, organised crime and information security, are asymmetric and networked, making them more difficult to manage. There is also greater appreciation of the interdependence between a company’s risk portfolio and the way it does business: certain types of behavior can enhance or undermine an organization’s ‘licence to operate’, and in some cases this can generate risks that would not otherwise exist. As a result, security has a higher profile in the corporate world today than it did five years ago. Companies are looking for new ways to manage these risks and the portfolio of the security department has widened to include shared responsibility for things such as reputation, corporate governance and regulation, corporate social responsibility and information assurance.

There are six characteristics of alignment between security and the business:

  1. The principal role of the security department is to convince colleagues across the business to deliver security through their everyday actions and decisions – not try to do security to or for the company.
  2. The security department is in the business of change management rather than enforcement and works through trusted social networks of influence.
  3. Security is there to help the company to take risks rather than prevent them and should therefore be at the forefront of new business development.
  4. Security constantly responds to new business concerns and, as such, the portfolio of responsibilities and their relative importance will change over time. Security departments should never stand still or become fixed entities. In many companies today, its role is more concerned with overall corporate resilience than ‘traditional’ security.
  5. Security is both a strategic and operational activity, and departments must distinguish between these two layers.
  6. The power and legitimacy of the security department does not come from its expert knowledge, but from its business acumen, people skills, management ability and communication expertise.[1]

Core Elements

Core elements of Corporate Security are:

Roles

For many years corporate security has been dominated by a ‘defensive’ approach, focused on protection and loss prevention. The head of security was seen as little more than the ‘guard at the gate’, someone whose actions invariably stopped people doing their jobs instead of enabling the business to function more effectively. Typically, heads of security came from a narrow talent pool, namely police, armed forces or intelligence.

There are many reasons companies tend to recruit security managers from these backgrounds. The police and armed forces churn out individuals with intensive training in the practice of security and protection, and have hands-on experience that is rarely available elsewhere. There are a number of reasons greater diversity is essential within the corporate security function.

  1. There is a growing recognition of the strategic importance of security and as a result security departments need to operate at a much more senior level.
  2. Matrix organisations require a particular approach to management and leadership, which can be antithetical to those with police or armed services backgrounds. In today’s corporate environment, the impact of the security department is proportionate to its ability to persuade individuals and teams all over the company to collaborate and cooperate. This means that dialogue between security specialists and non-specialists is essential.
  3. Traditional security skills are associated with an approach where security is perceived as a ‘dis-enabler’ of business. Those with formal security training can tend to be risk averse, while businesses need to take calculated risks to stay ahead of competitors, break into new markets and maximise profits.
  4. The corporate security function needs people who are happy breaking rules, innovating and thinking outside the box.58 Studies of security-related professions such as the police, the ambulance service and local authority emergency planning departments have suggested that ‘too much’ experience in a traditional security context can inhibit people from making innovative responses to security incidents. Heads of security consistently rated qualities such as independent thinking, willingness to challenge assumptions and behaviours and innovation as being ones they value most in their team.
  5. There is a growing recognition of the value of ‘the human element’. According to experts, many security professionals are typically trained to address security incidents and emergencies in ways that fail to factor in the human dynamics of such situations, including the impact of emotions, perceptions and fear on people’s behaviour. Emotional intelligence is critical to effective alignment, but the human element of security and risk management is routinely overshadowed by the emphasis on technical security skills.

For security to be aligned with the business, security managers must understand the business and how they contribute towards its objectives.[2]

The Chief Security Officer (CSO) is the corporation's top executive who is responsible for security. The CSO serves as the business leader responsible for the development, implementation and management of the organization’s corporate security vision, strategy and programs. They direct staff in identifying, developing, implementing and maintaining security processes across the organization to reduce risks, respond to incidents, and limit exposure to liability in all areas of financial, physical, and personal risk; establish appropriate standards and risk controls associated with intellectual property; and direct the establishment and implementation of policies and procedures related to data security.

See also

References

  1. DEMOS (2006)The Business of Resilience Corporate security for the 21st century, Rachel Briggs and Charlie Edwards
  2. DEMOS (2006)The Business of Resilience Corporate security for the 21st century, Rachel Briggs and Charlie Edwards

External links