Q. Business leaders think in terms of growth, reduction of operating costs, margins and competition, for example. Traditionally, security leaders tend to not think in these terms. Is there a way we can present our programs to match what are the driving forces of the business side?
A. Our need to create and enhance business goals to reduce costs, increase profitability and protect brand image are greater than ever. Moving from traditional security thinking to business leadership thinking has already begun. The goals of security services are to:
- Develop and manage security programs that enhance profitability (as an example, by protecting employees at the workplace they are less concerned for their safety, which allows them to be more productive).
- Make the company a tougher competitor.
- Enhance the company’s ability to reduce shrinkage, reduce attrition of employees and create a safer, more efficient workplace.
You should be in continual dialogue with business leaders to ensure security strategy compliments business strategy in order to accomplish the company’s goals. If success only comes from the security department acting in isolation, it does nothing to ensure the company’s future. The linkage to the business side is crucial - a successful set of security programs must “bring value” to the company or will become viewed only as a cost by business leaders.
The security leader’s perspective should include:
- Programs must be relevant to business goals.
- Programs should enhance business processes.
- Programs must ensure compliance.
- Business/security alignment is necessary.
- Ask yourself, why the need for more than one security department?
The strategic security program focus should include:
- The security program aligns with business objectives.
- The benefits of the security program outweighs the cost of the program.
- Security costs are managed and measured on a program basis.
- Relevancy is articulated.
- Programs are constantly evolving.
- Cross-pollination is an opportunity for improvement.
The following graph points to the critical areas impacting both security professionals and business professionals; that is, how to design security programs to enhance profitability. If the security program is expensive but adds no value, the proposition fails. If the company is financially successful, can it continue that success without investing in adequate protection programs? If the financial success is low, can security programs enhance financial success? Security programs for regulated sectors such as utilities can still enhance financial success by leveraging security programs to the sector group and developing standards in which costs can be identified and recovered through the regulatory process.
Security Program/Business Success Matrix
The following graph is a take on the business scorecard but from the Security Organization perspective.
The critical issue for the security executive is to share the same perspective as the business leader in explaining how a security program enhances financial success.
Answer provided by Dick Lefler, Security Executive Council Emeritus Faculty member.