Just over a decade ago, I got my first glimpse into how digital technology would significantly change the security industry. I was working with a Fortune 500 company as an embedded contractor, and my job was to build its protective intelligence program. A seemingly innocuous comment on social media directed toward the chief executive officer (CEO) kicked off an investigation that forced us to look at multiple threat intelligence feeds.
The result: our social media commentator was actually a mentally disturbed individual with a history of violence and appeared to hold a grudge against the company and its CEO. What made this issue more alarming was that this person had signed on to volunteer at a corporate event taking place just two weeks later — which would have granted the individual VIP access to the entire facility.
Today, the volume and diversity of datasets we can access are revolutionizing our industry. Data is giving security executives new ways to proactively monitor for and mitigate risk like never before. Proper access to and management of risk data is also enabling security leaders to confidently speak the broader language of business, communicate security’s impact on business continuity, and vie for a seat at the executive table.
Although we are playing in a different league when it comes to the tools and techniques required to detect and interpret vast amounts of information that come our way, we should always remember to balance data management with our investigative experience and professional curiosity. Security professionals bring various backgrounds from law enforcement, military and intelligence agencies, all of which have their own institutional methodologies for how things get done. This experience provides vital context and perspective that guides our decisions. Allow me to explain.
From Security Experts to Business Insiders
For security professionals, entering the business world with our perspective on risk can be a source of strength. But the business world, especially the world of executive ranks, typically relies more on metrics and data to inform decision-making.
This is where things are changing, and data is giving us new ways to lead. The ability to qualify and quantify potential threats, back up insights with metrics and illustrate trends — along with the valuable crisis management expertise security professionals contributed during the pandemic — means that security professionals have the tools and information to make their case to management about new ways to reduce risk, and positively impact business operations.
Be it from case management data, access control sensors, video cameras or integrated information systems that generate information, technology can help security teams show their value and level the playing field as effective contributors to the overall reduction of enterprise risk.
A Diversity of Viewpoints Builds Strength
While we understand risks in ways that few of our colleagues can, the same is true of our colleagues in other departments, who have different viewpoints and experience, which guides the roles they perform in the company.
For example, cybersecurity executives may understand threats to the company in ways that physical security teams don’t. Human resources (HR) teams and compliance officers also have their own perspectives — which are the product of years of experience and training in their fields. These diverse perspectives were captured in a recent study conducted by the Ontic Center for Protective Intelligence, which asked 400 executives from legal, HR, physical security, and cybersecurity how their line of business defined threats to the company.
Respondents were asked whether “hostile written, verbal or physical actions that have the potential to compromise individuals’ mental or physical well-being at the workplace or while on duty” constituted a threat to or business risk for the company.
More than two-thirds of physical security executives said yes, while less than half of cybersecurity executives said so. We saw the reverse when we asked about the potential compromise of company critical infrastructure and IT networks: A large majority — 70% of cybersecurity executives — defined this as a threat, but just 36 percent of physical security executives did.
What about actions or events that might compromise the company’s ability to comply with laws and regulations? Human resources executives and legal and compliance leaders were more likely to see those as threats against the company than physical and cybersecurity executives.
In so many cases, where an executive sits within an organization — along with the experience they bring to their role — informs their views on what constitutes a legitimate threat or business risk.
It’s incumbent on physical security executives to understand how their counterparts may interpret data and view risks to the company based on their experience. It is important to factor in these nuances for designing effective enterprise-wide programs. Furthermore, it’s the responsibility of the security executive to better understand the priorities and mindset of C-suite executives and their supporting partners, so that their team’s value can be properly demonstrated as impactful to the entire organization.
The security world has come a long way since I began my career. When I started, there was a great deal of analog gumshoe work, which included field investigations, knocking on doors, retrieving public records at courthouses, and occasional surveillance operations.
Data and technology have helped bring about an ongoing revolution in security that is certain to progress further. It was only 10 years ago that I envisioned a world where online databases, automated social media, and other intelligence feeds could be integrated and analyzed and assessed in real time.
One aspect I could not foresee was the degree to which technology would facilitate communication across departments within an organization and how this collaboration could help mitigate risk. Physical security teams are working cross-functionally more to help connect the dots and keep everyone safe. But they’re also using data and technology to speak to the c-suite, to speak to their colleagues in Legal & HR, and to speak the language of risk management.
This isn’t possible with data alone, but it’s the unique combination of data and experience that produces this result.