home | blog | site map |contact us   
products functional excellence critical issues institute about us

    Security Strategy Benchmark Study

    Executive Summary

    About the Study

    Metrus Groups’ Security Strategy Benchmark Study examined how the security functions of some of the country’s leading organizations are meeting the multiple challenges of (1) an increasingly risky operating environment, (2) continuous budgetary constraints and (3) a growing demand to demonstrate the value they add to the business. Four separate populations were asked to evaluate the security function in web-based surveys:

    • Security Leaders
    • Senior Executives or Funders of the security function
    • Part-time, field-based Security Coordinators
    • A sample of non-executive employees or Users

    Additionally, interviews were conducted with the Security Leaders of seventeen participating companies as well as with Craig McQuate, Chair of ASIS International’s Business Practices Council.

    Both the survey and interviews examined a range of topics, from current challenges and Best Practices for meeting these challenges, to visions of what the future will bring and how the security function will be expected to evolve to meet these new challenges. The seventeen interviewed Security Leaders were instrumental in forming not only the content of this report, but also in determining what issues should be addressed by this study.

    		 

    At a Glance

    Participating Companies:

    • Abbott Labs
    • Adobe Systems
    • Amgen
    • Baker Hughes
    • Boston Scientific
    • Colorado Springs Utilities
    • Constellation Energy
    • Home Depot
    • IndyMac Bank
    • Johnson & Johnson
    • PepsiCo
    • Pfizer
    • Southern California Edison
    • Starbucks
    • Takeda
    • Visa International
    • Wal-Mart Stores
    • Washington Mutual
    • Williams Energy
    • Yum! Brands

    Studied Populations:

    • Security Leaders
    • Security Coordinators
    • Top Executives
    • Employee

    Key Findings

    • All of the participating companies were large, with all but one Security Leader having international responsibility. Nevertheless, there was considerable diversity in the structure of participating security departments, even within any given industry.

    • Most of the participating Security Leaders said they report into either HR or facility management (20% in each case). Only 5% said they report directly to the company CEO. Full time department staffs ranged from none to 581, with little correlation to company size. When it comes to security management, there is clearly more than one way to do business.

    • Security remains a high priority for Corporate Executives; 90% of Security Leaders reported having sufficient access to the CEO when needed. There is evidence that the higher the reporting relationship in the organization, the more successful Security Leaders have been in securing department resources.

    • In most of these large organizations, security is a diversified activity under the responsibility of multiple departments. The majority of Security Leaders would prefer greater centralization, with the different security areas reporting into a single individual – though in most organizations this has not yet happened.

    • Since the events of September 11th, security has remained a growing concern for Senior Executives.

    • While 80% of the organizations studied saw budget increases (averaging 10%), only half of the participating Security Leaders felt their funding was adequate to execute their responsibilities.

    • Growth in the number of security personnel has not matched budget growth, evidenced by forty percent of participants reporting no gains in headcount over the last three years. The picture that emerges from this study is one of a function that continues to do more with less. The participating Security Leaders have subsequently become increasingly creative in ways in which they have leveraged part-time security coordinators, dotted-line reports, subcontractors, and employees as a "force multiplier."

    • While subcontractors are seldom given primary responsibility for any area of security, they are routinely used to supplement almost every area within security’s areas of responsibility. Managing subcontractor quality has consequently become a major issue that has been addressed in a variety of ways. Best Practices appear to involve clearly specified performance standards combined with scorecards that are regularly reviewed with the contracting agency.

    • Given the high percent of companies that distribute security responsibilities across multiple departments, effective coordination has presented another major challenge to study participants. Only 20% rated coordination among other departments charged with security responsibilities in their organizations as Excellent, with an equal percent rating it as Poor. Coordination is most frequently addressed through Networking (90%) and Cross-Group Planning efforts (60%). Three quarters of the Security Leaders felt security needed to be better integrated either through consolidation into a single department or by reporting into a senior security executive.

    • In general, Security Leaders gave themselves favorable ratings in having knowledgeable staff, responding in a timely manner, and providing high quality service. Ratings from Senior Executives (Funders), Security Coordinators, and non-executive employees generally supported this self-appraisal. More than 90% of each sampled group reported feeling safe and secure at their workplace, attesting to the extraordinary job these Security Leaders are doing with limited resources.
    • Performance measurement remains a challenge. Relatively few of the participating Security Leaders were completely confident in the measures they are using. While no single category of measurement is being used by everyone, Levels of Risk and measures of Value Add/ROI were reported to be the most useful in securing funding and budgetary approvals – although only half of the Security Leaders interviewed reported using these measures.

    • To summarize the state of their security function, we asked participants to classify themselves in one of four categories. Only 16% felt they had reached the highest level, namely to be recognized as strategic partners who are routinely consulted on security related issues. The majority (58%) reported being perceived as vital contributors able to justify most – but not all – budgetary requests. The remainder viewed themselves as either Fire Fighters, or defenders of their positions, as opposed to being able to take the strategic high ground.

    • Looking to the future, both Executive Funders and Security Leaders identified their top challenges as:
      • Increasing globalization of the security function
      • Ensuring business continuity in the face of man-made and natural disruptions
      • Appropriately evaluating levels of risk in order to effectively prioritize investments in security

    • Finally, we asked participants what they believed were the most important attributes for a successful Security Leader in a large organization. Beyond the expected attributes of leadership, analytic ability, and functional expertise, they consistently listed influence management skills like collegiality, communication skills, and relationship building. In addition, nearly all our participants mentioned the importance of business acumen, and a significant portion also mentioned the importance of an ability to internally sell and market the security function.

    Best Practices

    The advice and practices of the Security Leaders who participated in this study suggested a number of practices to maximize the effectiveness of the security function. Briefly, they included:

    • Consolidating multiple functions under a single, high-level executive.

    • Making sure the Security Leader has strong influence management and selling skills.

    • Developing strong measures of ROI and Level of Risk to set priorities and gain budget approval.

    • Leveraging the security department workforce through part time Security Coordinators, educated employees, and subcontracted labor, rather than increasing headcount.

    • Selling the value of security services through networking and demonstrated problem-solving abilities — not through credentials or scare tactics.

    • Developing a wide network of national and local law enforcement contacts.

    • Building bridges and consensus alliances among various groups and departments through advisory committees and cross-functional work groups.

    • Developing clear standards and performance scorecards to measure success among business units and subcontractors, as well as executing the security department’s long-term strategy.

    • Staying in close contact with your customers (both Senior Executives and non-management employees) through ongoing interviews and surveys.

    • Developing a longer-term vision and strategy for the security function.

    • Preparing for the inevitably increasing challenges of:
      • Growing globalization
      • Threats of business disruption
      • Finding betters ways to measure risk and ROI to better prioritize security investments, ensure budget approval, and meet the concerns of Senior Executives

Home | Blog | Site Map | Privacy Policy | Recommend This Page | Contact Us |  
SEARCH


Copyright © 1999- Metrus Group, Inc. Metrus Group is a leader in implementing strategy and raising performance, using tools such as balanced scorecards.

Website: Graphic Matter, Inc

home