The 2020 Security 500 Methodology

The Security 500 Benchmarking Survey is based on information from several sources, including:

Data supplied directly by the organizations.
Data obtained through public resources/records.

The Security 500 report tracks vertical markets and collects unique data where appropriate (such as the number of unique facilities in healthcare) and applies this data to key metrics. The metrics that are used in the rankings include:

Security spending/person;
Security spending/revenue;
Number of security employees and officers.

“Person” is focused on the type of person the security budget is intended to protect. Examples include employees, citizens, students and patients. Rankings within each sector were primarily based on security budget. Participants answered a series of general questions along with unique questions within each sector.

The 2020 Security 500 survey includes the following:

Sectors measured and evaluated on metrics among peer organizations.
Data requested and metrics used to benchmark within each sector based on the input of our advisors.

The purpose of the Security 500 is to create a reliable database to measure your organization versus others and create a benchmarking program among security organizations. The results will enable you to answer the question, “Where Do I Stand?” as a basis of an ongoing peer review process. Due to the greater accuracy of the information provided by security executives compared to that of estimations, completed entries were given greater weight in the rankings than estimations. Additionally, the sector in which a company is ranked is based on self-reported information. For example, one clothing retailer may select “Retail” and another clothing manufacturer may select “Manufacturing/Industrial” as their primary vertical market.

Based on continued feedback and the goal of creating a valuable resource for our participants and industry, the Security 500 is spread across 17 different sectors. We recognize that as a result of some organizational changes, some enterprises and their security leaders may no longer be in place. The listings are based on the information available at the time of publication. We also recognize that due to low sample sizes, the statistical margin of error may be responsible for apparent dramatic changes in the data compared to previous years when no actual differences exist.

Diane Ritchey was former Editor, Communications and Content for Security magazine beginning in 2009. She has an experienced background in publishing, public relations, content creation and management, internal and external communications. Within her role at Security, Ritchey organized and executed the annual Security 500 conference, researched and wrote exclusive cover stories, managed social media, and authored the monthly Security Talk column.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.