The Board of Directors and C-level executives of organizations are increasing their monitoring and influence on their enterprise’s (physical and cyber) security measures. This puts the spotlight on those in charge of security and increased expectations of proper oversight of security defensive measures. Thus, physical security measures now include regular reports for boards and c-level executives.
However, there is still a fair number of professionals that believe physical security has been moderately overlooked and underfunded when compared to the current level of risk. However, that appears to be changing: a recent analysis report by Markets and Markets believe that the current physical security market is projected to grow from $69.63 billion in 2016 to $112.43 billion by 2021. That would create a compound annual growth rate (CAGR) of slightly more than 10 percent during those years.
Changes are being forced when it comes to physical security management, despite the fact that many physical security managers have not yet defined their critical measures of success that is based on their specific environment. The most interesting observation I have seen starts out with five security zones that starts out with Zone 5 just outside of the organization’s physical perimeter through Zone 1, which was defined as sensitive (high risk) internal areas, including the data center, executive floor and human resources. Each and every unauthorized, unwanted or accidental entry into any of the five distinct zones are numerically tracked, along with the level of threat for intrusion and reported in summary quarterly.
A few multiple physical security reports fall short of what should be presented to board members and C-level executive management upon request or as scheduled. First, keep it short and to the point and avoid technical jargon. Offer and be prepared to talk in detail about the current state of physical security, but keep it at a high level.
In addition, some Boards expect a monetary impact assessment along with the events summary. However, many security and finance departments do not have the ability to track the actual costs of physical intrusions. In that case, use published industry benchmarks. Another interesting inclusion that is gaining traction is the use of competitor security news. I always like to conclude on a positive note, so I recommend you present three positive aspects of physical security that occurred in the past quarter or year, but do not repeat individual positives in follow-on reports. Keep it fresh.
Rule-of-Thumb: I use one PowerPoint slide for every three to four minutes of allotted presentation time. Keep the slides simple with little animation and get them reviewed by your executive mentor. I also leave 15% of the allotted time for questions.
The best advice when it comes to presenting to C-level executives or boards is – be prepared, be professional and be concise. If you don’t know, say you will have to check on the latest data and you will get back to them within 24 hours. Avoid detail overload, and don’t lobby for things you want. If you are asked for an opinion, give it, but be short and to the point. Finally, don’t use jargon. This is perhaps the most frequent issue that continues to take place despite warning and warning.