SEC Releases International Security Programs Benchmark Report

The Security Executive Council (SEC) has released summary results of its International Security Programs Benchmark Survey. The International Security Programs Benchmark Report is the first-ever attempt to catalogue the range of elements in an international security strategy, providing security professionals with a unique resource to help them develop and evaluate their international programs.

Some interesting findings:

• Twenty-seven percent of respondents reported having a risk oversight group that meets on a regular basis. Of those, 86% were in the Fortune 500 (F500) and only and 15% in the “Fortune 50,000” (F50K).

• Sixty-seven percent of respondents said they have some kind of formal processes or procedures for discovery/tracking regulatory requirements per country.

• More than 50% responded that there is an established liaison between Security and the Legal department to remain current concerning country regulations and compliance measures.

• Forty-four percent of respondents stated Security has responsibility for specific areas of risk that are similar to their domestic operations and that are aligned to international business areas. Interestingly, the results indicated that Security’s level of responsibility for international security risk mitigation varied based on where the security group functionally resides—in executive, legal or HR.

The International Security Programs Benchmark project arose from Security Executive Council member requests for a baseline international security program model. A baseline that defines the elements and scope of current programs would allow security practitioners to ensure their programs include all the components needed for effective security on the international stage. One of the future phases of this project will explore the stage of development of respondents’ international programs.

After in-depth Council member interviews, a series of questions were sent to members and qualified colleagues, including a sub-group of ASIS members. ASIS is a strategic research partner of the Security Executive Council. Only the 149 qualified participants in the benchmark will receive the full analysis report. This is the first of three projected reports from this data.

About the Security Executive Council

The Security Executive Council is a member organization for senior security and risk executives from corporations and government agencies responsible for corporate and/or IT security programs. In partnership with its research arm, the Security Leadership Research Institute, the Council is dedicated to developing effective tools members can apply in their programs, program documentation and establishing security as a recognized value center. For more information or to inquire about membership, visit www.securityexecutivecouncil.com.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.