We hear it time and time again in the corporate security environment, from the regional to the executive level: "we don’t have the budget for such a program right now;" "this simply isn’t a concern right now;" or, "we can’t execute on this right now, however put something in writing and we’ll circle back to it soon." Corporate security managers (CSMs) have heard every excuse to dodge security concerns, and oftentimes, we may wonder why we we’re even hired in the first place.
Selling leadership on the safeguards of protecting business assets has proven difficult since the first executive realized what these safeguards will cost. However, selling leadership on what the costs overall will be, monetarily and beyond, after the fact can be much easier if done correctly. Convincing corporate leadership of the imperative nature in protecting business assets today is best executed by showing examples of past failures from companies larger, more successful and/or more dynamic than your own.
Direct, current and potentially fatal errors within a corporation’s security program can be a CSM’s best ammunition when faced with the challenge of moving forward with the executives’ approval. More often than not, the challenge isn’t creating a feasible and effective program as much as it is getting leadership to approve of it. Money or lack of resources is the typical excuse given from leadership when attempting to move forward. Oftentimes, leadership fails to understand that security must operate as a team in unison with the rest of the company, all while still keeping the company’s mission and vision goals at the helm.
It goes beyond just security. Every aspect correlates or is paralleled with the next. In fact, security closely correlates with reputation and brand recognition for any large organization. The global environment also makes it more challenging than ever to protect corporate assets and maintain the integrity of the organization and its reputation or the brand. Security could arguably be just as important in brand recognition and reputation as marketing for the mere fact that consumers are paying closer attention to how a company defends itself. For example, PayPal brags about how it spends millions of dollars on cyber security to protect the infrastructure of its network. This is a marketing or selling point for PayPal which is a company that is asking for millions upon millions of consumers to trust their money to be sent electronically across the globe. A comprehensive security program is a very powerful selling point for a company like this.
Proactive mitigation is also a tough sell for leadership, specifically with regards to protecting corporate assets overseas. For example, if a company’s assets in Mexico have been stolen or damaged, it is important to investigate the matter, as well as take steps to prevent a similar incident from occurring. More often than not, companies will simply write off the loss and carry on. Bad guys are counting on this, especially when some of the lost assets are not valuable enough to warrant continued investigation by a directive of protocol. Things of this nature should be a red flag to the CSM of a potential inside job. This is all the more reason for a company to search internally for malicious intent, however, executives don’t like to hear this. Another defense (or ammunition, as I like to call it) is selling the executives on weighing their options. What would they prefer to hear; CNN reporting that a bank has internal theft issues and is currently investigating the matter, or that the company is in denial and are reportedly ignoring a potential internal threat of theft? Therefore, more emphasis on mitigation and proactive security measures should be placed on corporate assets overseas.