According to a number of dictionaries, the word influence is generally defined as: “The power to change or affect someone or something; the power to cause changes without directly forcing them to happen; the power to shape policy or ensure favorable treatment from someone.”

There are significant opportunities for security and risk executives to be influenced as well as to be the ones that are acting as the ones that are influencing others.  There are a broad range of forces external to the enterprise that become influencers on the actions and measures you will need to consider implementing.  These outside forces include such things as: government regulatory requirements, case law, contractual requirements, competitive pressures, good practices and industry trends.  Other external influencers may include such things as: severe weather or climate conditions, cyber-attacks or transnational crime, terrorism and regional or global economic instability to name just a few.

Obviously there is a vast list of external forces that can influence when, where, how and why you may need to take some form of action or be prepared for some type of event or issue that might arise. When you analyze external influencers, it is critical that you also examine the probability of the event or issue actually occurring, as well as the cost of developing mitigations solutions for the enterprise. Please look back at prior columns for the series on enterprise risk management where the scope and impact of external influencers are examined in some depth. (A column archive is available at

We also have to consider and understand the forces within the enterprise which have an influence on when, where, how and why you may need to set some policy or other action in motion. It is one thing to have been given the responsibility to manage the security or risk function for an enterprise. It is entirely another thing to gain the kind of support from executive management of the enterprise which is crucial to gaining the authority and the budget to perform the task of providing effective security and risk mitigation programs for the enterprise.   At the same time, we cannot over-emphasize the importance of gaining the support and cooperation of the general employee population for your security and risk mitigation policies, plans or programs.    

Failure to consider the whole picture can result in devastating impacts to your enterprise. As you begin to craft policies, processes and other mitigation solutions, it is vital that you coordinate them with your constituency to ensure that support is built for the solutions you are proposing. Don’t forget that it doesn’t take a rocket scientist to understand the credibility-destroying results of offering gold-plated solutions to counter a risk that has a remote probability of occurring or will cause little or no impact on the enterprise.  The solutions have to fit the tolerance the enterprise has to risk.

Next month’s column will explore some of the methods that you can utilize to understand the forces of influence and how you can become an effective influencer.


About the Authors

 Jerry Brennan is CEO of the Security Management Resources Group of Companies (, the leading global executive search practice focused exclusively on corporate and information security positions. Lynn Mattice is Managing Director of Mattice & Associates, a top-tier management consulting firm focused primarily at assisting enterprises with ERM, cyber, intelligence, security and information asset protection programs. He can be reached at: