On Tuesday of this week, I posted our perspective here at Hillard Heintze, on three of the Top Trends to Watch in 2014 in security risk management – key priorities for senior business leaders – CEOs, board members, Chief Security Officers, heads of risk management, counsel and business unit leaders. If you didn’t catch the blog, we believe (1) active shooter planning and workplace violence prevention, (2) open-source and social media monitoring and intelligence and (3) countering cyber and information security threats will figure prominently in the new year. Here are three more security risk management trends to keep a close eye on.
Trend #4: Better Check That – Before the CFO Does
This isn’t a new trend. But it’s a “hot” one: greater financial scrutiny of expenditures in all facets of security risk management: (1) overall program structure and operations; (2) security personnel; (3) administrative, procedural and operational security controls; (4) technical security; (5) physical security; and (6) emergency preparedness. Why? Every function funded by the CFO has to demonstrate a clear return: concrete business value. And prevention – making bad things not happen – is awfully hard to quantify. We see a clear synergy of interests here – on both the spender’s side (e.g., the Chief Security Officer) and the checker’s side (e.g., the CFO). Both seek the same objective – better security risk management outcomes at a lower overall cost to the enterprise. How do you get that? Here are three common enterprise security strategies.
- Examine Your Spending and Validate Your Baseline Security Operations: That’s right. Turn the lights on and see what you have. Conduct a security operations assessment. You’ll be surprised how many opportunities you uncover to increase security outcomes and save costs. Just don’t do it in-house. Get independent experts to do it because their results will be more objective, better informed by what other enterprises in your industry are doing, and more credible with your senior leadership team.
- Create a Security Strategy Blueprint: Now put all the opportunities your assessment identified and spread them out on the table. And develop a formal, documented security strategy – because it will force you to (a) rationalize each security budget line item with the business’s need, (b) prioritize expenditures so you avoid squandering valuable funds on tactical capabilities, and (c) assign authority, responsibility and timing deadlines over three to five years. Don’t make this too long – or too high-level. This is an actionable business document and it needs to be both read and understood by the CEO and other senior business leaders and also operationalized by your security team. We develop these for some of the most respected brand-name companies in the world – and if you get this critical document right, leaders champion security, funding appears, transparency into outcomes increase, and the business units start seeing value from security risk management.
- Share the Costs – and Capture a Huge “Force Multiplier:” When enterprises and their multiple business units address security as a stand-alone function, security risk management suffers. Because it leaves the Chief Security Officer’s team with 100% of the costs and 100% of the responsibilities. The most effective corporate security programs take a very different approach. They (a) maintain central control for global security policy with the global CSO, (b) allocate some costs to each business and region, (c) develop front-line field positions such as Regional Security Coordinators who serve as “advisors” to region-, country-, and business-specific security teams, (d) design print and online templates for facility-specific priorities like risk assessments, business continuity plans and emergency preparedness plans, and (e) focus intensively on security awareness training across all employee classifications – as an enormous and exceptionally effective “force multiplier” of the security team.
Trend #5: What’s Your Global Security Command Center Strategy?
Information has always been the lifeblood of effective corporate security and intelligence. The best security outcomes from prevention to response depend enormously on getting the right information to the right person as quickly as possible. So why is 2014 such a big year in this regard? Because for the last decade or so, Chief Security Officers have been very effective at tapping into the tremendous wave of benefits that technology advances have been able to place at their doorstep – for systems related to communications, fire and life safety, panic alarms, access control, intrusion detection, closed-circuit television systems, and emergency power. Now the focus is on integrating these into one global security command center. That’s not easy. But it’s the wave of the future – and it takes vision, planning, and effective collaboration across the business. There are three trends in this regard.
- Integration and Upgrades to Command Center Operations: Is one better than three? Maybe yes, but remember to consider business continuity imperatives. And by the way, make sure it is big enough to accommodate about 16 people. Why? The number of ICS decision makers needing access to the Crisis Room or Incident Command Post, including first responders, is about that many. One more thing, while you’re at it: make sure the Crisis Management Room is adjacent or across the hall. Not two states away.
- Growing Interest in Exploring a More Strategic Role for the Command Center: This is a fascinating area that’s likely to be an even bigger trend next year. What if the Command Center didn’t just monitor and respond to security incidents but also served as a strategic corporate intelligence hub for the entire enterprise? More on this in our future blog posts.
- Extending the Perimeter – and Putting Command Centers “Into the Palm of the Hand:” Don’t get stuck thinking about the Command Center simply as a single room with multiple monitors and high management foot-traffic in and out of the front door during a crisis. Recent and exciting developments in mobile command center technology mean that – like organizations ranging from the FBI, DEA, DHS and U.S. Marshals to the Cleveland Indians, Boston Convention Center, LA Transit and the Port of Long Beach have discovered – you can take your senior leaders or front-line field operators and put a Mobile Operations Center into the palm of their hand. Your global command center just became the world.
Trend #6: Have Passport. But Where’s My Emergency Notification Service?
Travel security for executives and employees was a hot priority in 2013 – as it has been for years. So what’s different in 2014? Here’s another technology-driven trend impacting the Chief Security Officer’s ability to improve risk management and overall return-on-investment for security expenditures: the ability for the company’s executives and employees traveling anywhere in the world to get immediate, continuous and real-time emergency notification alerts.
- Technology Alone Isn’t the Ticket: Again, don’t just plug the hole with a fancy technology fix. Our clients have found that implementation – especially across global regions, emerging markets and high-risk locations – can be problematic.
- Use the “PIT” Rule: Plan, Integrate, Train: But if you engage (1) a strategic approach, (2) undertake careful integration – across strategy, structure, people, process and technology – and (3) consider all critical dimensions of the corporation’s requirements, from travel-security objectives, internal security policies, and country-specific intelligence to global security command center capabilities and Internet-based, “learn-it-yourself” training and awareness tools, you could make a huge difference in 2014. You could save lives.
What’s on your plate in 2014? Are you ready?
Are you addressing these priorities in your organization? We are interested in hearing how you are preparing for the upcoming year. Next week we’ll be addressing Top Trends to Watch in 2014 in the investigative arena. And each Tuesday and Friday there after we will be sharing thoughts, learnings and outlook based on our collective experience in the investigations, security management and law enforcement advisory fields. We look forward to having you join us and becoming part of these very important conversations. Should you wish to automatically receive notification when new articles are posted, use the Subscribe button below to add your email. (This blog is part of a series that Hillard Heintze executives and experts are authoring throughout January 2014 on the Top Trends to Watch in 2014 in three discrete areas: (1) security risk management, (2) investigations, and (3) ethics, integrity and law enforcement program improvement. These will be published on Tuesday and Friday of each week in January. Want an automatic alert when the next blog goes up? Take a moment and subscribe to The Front Line).