To be successful, the chief security officer (CSO) today must be both an MBA and a security professional.
At the security executive level, business acumen becomes a top priority. Security executives are already experts in the field, so they should focus their development on business and operational leadership to communicate effectively at the C-level.
One strategy for business-minded CSOs is to surround themselves with the best security professionals. This must include hiring physical security, investigations, risk management and other experts with varied backgrounds to support the business. Avoid the temptation to hire former colleagues, vendors and suppliers. Strong hiring practices can help CSOs excel in their strengths and minimize any weaknesses.
With a well-rounded team and a business mindset, security leaders can transition their departments from a cost center to a value add. Highly successful security organizations make the jump by using their security and investigative talent to take on more responsibilities.
In addition to expanding the responsibilities of the physical security team to recover otherwise lost revenue, as explored in Part 1, security executives can transform their departments into profit generators by implementing other business-minded tactics.
Strategic Capital Investment
In the area of strategic capital investment, many security organizations budget and build their security infrastructure in two ways:
- Non-regulated — Building and maintaining physical security to standards set by the CSO.
- Regulated — Designing and maintaining security to the requirements set by the government or regulator, often due to government contracts or as required for critical infrastructure industries.
In both cases, most organizations build to the same standard for all facilities. All warehouses, retail spaces and office buildings will have the same CCTV, access and alarms across the organizational footprint within the company, for example. Though little adjustment can be made in the regulated arena, most other businesses can modify their approach to capital spending and maintenance of the physical security within the organization.
One CSO added value to the organization by using the risk management model of assessing risk for each location and then distributing the capital investment to the locations with the highest probability of business impact. The idea was to ensure high-risk facilities were secured to the appropriately high level, while maintaining less superfluous security technology at low-risk facilities.
In those industries that build security to one standard for all locations, the high-risk locations may suffer while the low-risk locations are overbuilt. It is recommended that capital spending be allocated according to risk and probability, not one size fits all. Of course, as market, risk and probability change, adjustments to facilities in those locations should also change.
Develop Organizational Partnerships
Another area of opportunity and a capital win involved a department that historically did not partner with security.
The marketing department at the telecommunications organization approached the CSO to inquire about cameras in the retail locations. Due to a recent upgrade in camera resolution, the marketing team wanted access to cameras in retail locations to understand customer behavior.
The marketing department was interested in knowing how long customers stay in the store, which items catch their attention, which items they physically handled and purchased, as well as other behaviors.
Through a partnership with marketing and sales, access was granted to sales floor camera views in exchange for shared expense of purchases and maintenance of the cameras and recording servers. It resulted in a financial windfall for the CSO — more than $1 million. Partnerships are key to success, and collaboration is a wonderful way to share costs.
The illustration above is a good example of how a CSO who has developed strong relationships and business partners across the enterprise can grow the security function.
A robust understanding of business operations and finance and an appetite for process improvement can develop opportunities for security teams to assist in other functional areas of the business as well. The enterprise security leader, as mentioned above, should already have a strong understanding of security and investigations, and the skills the team possesses that are transferrable and valuable to other functional areas in the organization.
As a total result of the CSO’s preparation, learning, analysis and notification (PLAN) efforts, the team uncovered a 12 to 15-million-dollar opportunity for recovery and did, in fact, recover more than $10 million annually from just the areas mentioned above.
When implementing these business strategies in a security department, it is important to remember that all good programs must be regularly checked, tested and modified. It is imperative that a process be implemented and periodically audited to assure that the enhancements and programs deployed remain effective and are adjusted occasionally for maintenance.
This total figure, combined with the typical metrics communicated to senior leadership, sent a strong statement that the security department is not just a function that protects people, property and information, but also contributes to business goals, like asset protection or enterprise risk management teams.
The time to shift the security department from cost center to cost neutral — or even turn a profit for an organization — is now. In some organizations, security departments are taking on more now than they traditionally have. Security leaders must consider starting their own PLAN and look for opportunities to eliminate loss, assure revenue and get recovery. Attaining a permanent seat at the C-suite table will require this paradigm shift.
Editor’s Note: Security magazine brings this important topic to readers in a two-part series. The first part of this series: Transforming Security From Cost Center to Value Add, was published online and in our August digital edition.
For more thought-leadership content on unearthing the business value of security, visit: