NEW YORK, Nov. 1 -- Companies most attuned to security issues are those with the most exposure to a broad range of security risks, according to a survey by The Conference Board, sponsored by the U.S. Department of Homeland Security.
The Conference Board report Navigating Risk: The Business Case for Security is based on a survey of 213 senior corporate executives not specifically responsible for security or risk matters and not chief information officers. The survey was designed to gauge the role and influence of security managers among general senior executives.
The surveyed companies most concerned with security are companies in critical infrastructure industries (including energy and utilities, chemicals, and transportation), large corporations, multinationals with global operations, and publicly-traded companies.
The report describes an analogous pattern with regard to the specific executive functions that are regarded as most supportive of security initiatives inside companies who participated in the survey. Not considering security directors themselves, the executives most supportive of security matters are those in risk-oriented positions, such as CIOs, risk managers, and compliance officers.
But there is a strong disconnect between the level of support for security initiatives and the level of influence over security policy within the companies surveyed. In general, the most supportive executives were not the most influential, and the most influential executives (senior C-suite managers) were not the most supportive. In addition, most senior executives surveyed reported that they have little direct responsibility for most aspects of security. Security is an area with a lot of dotted-line relationships, so senior executives are often heavily involved in specific security decisions even though they are not directly accountable for them.
"Security directors appear to be politically isolated within their companies," says Thomas Cavanagh, Senior Research Associate in Global Corporate Citizenship at The Conference Board and author of the report. "They face a challenging search for allies when they need to gain support from upper management for new security initiatives."
ALIGNMENT WITH BUSINESS OBJECTIVES
Executives were asked how effectively their company's security was aligned with their company's business objectives -- in other words, to what extent their own company's security operation contributes to accomplishing the firm's overall mission in the marketplace.
The most effective alignment was found on issues of operational risk, such as complying with government regulations (cited by 79%), protecting confidential information (74%), meeting certification standards (72%), and maintaining business continuity and ensuring customer safety (both 71%). Limiting financial risk (62%) and defending against litigation (60%) are also viewed as areas in which security was effectively aligned with corporate functions.
But companies reported less alignment of security with long-range strategic objectives of the firm. For example, among senior executives, 56% see their company's security operation as effectively aligned with the need to keep pace with competitors, and half of the sample believe security has been effective in reducing insurance premiums. Much lower proportions saw security as contributing toward enhancing the value of the brand (44%), managing the supply chain (36%), or pursuing new business opportunities (35%).