Today I spent the morning with a group of security directors from some of Canada’s largest companies, talking about how corporate security has changed during the 15 years that I have been following it.
I talked about the four key changes that have occurred and how they have helped to bring security out of the boiler room and into the boardroom.
Fifteen years ago, corporate security directors talked about the frustration of being seen as little more than the ‘man on the gate’. Both literally and metaphorically, they were shut out of the real business of their organisations.
This was largely of their own doing; most were trying to apply the logic and practices of their old organisations (mostly police and military – where hierarchies and command and control are how things get done) to complex, fast-paced and flat global matrix structures. They also limited themselves to being ‘boots on the ground’ because they focused on detailed operational delivery rather than strategic vision and oversight. Old habits died hard.
A decade and a half later, and things couldn’t be more different. The corporate security functions of the large multi-nationals are led by individuals – still the majority are men – who understand that they need to be business enablers rather than corporate cops. They are proactive at interfacing with the business, rather than waiting for problems to come to them. They focus on persuasion and influence rather than change management through orders. And they are now much more strategic than operational, delegating a higher proportion of the delivery to local business units.
Fine words are not enough to realise this 21st century vision of corporate security. So much rests on structural integration to lock the function into the key decision making parts of the company and give it the face time with the business that helps it to gain traction when it matters. The majority of corporate security directors now report directly into the executive committee. They have standard policies and practices that are mandated by the company. And they put in place smart reporting lines and relationships to embed themselves into the horizontal complexity of global multi-nationals with multiple business units and regional hubs. Fifteen years ago, corporate security departments were marginal players. Today, they are increasingly at the heart of business critical processes.
changing corporate security workload
One of the most stark shifts has been in the nature of the work of the corporate security department. A decade and a half ago, their time was spent on investigations, man guarding contracts and organising the travel and protection of the company’s top team. Many corporate security directors proudly talked about their close relationship with the chief exec, but in reality this was almost no different that which he or she enjoyed with their driver or chef.
Today, corporate security functions spend much more of their time on strategy, vision, leadership and oversight, and less on operational delivery. There is also much more focus on new areas of business risk, such as information security, due diligence, risk analysis and business continuity. Of course physical security is still important, but if the central team provides clear policies and procurement rules on man-guarding, for instance, this is just as effectively managed and acquired by local business units.
One of the most important trends within corporate security departments is the growth of in-house intelligence and analysis units. These small teams focus on regional, geo-political and threat specific analysis, tightly tailored to business needs, which can help to inform future decision making and insert corporate security into new business development processes. It is this change that will have the most profound impact on corporate security in the years ahead – it is this that will truly make it a business enabler.
Ultimately, any process, practice, procedure or strategy is delivered by people. While the majority of those within corporate security departments still come from a traditional security background (police, military, government, intelligence), they are leaving their old careers earlier, they are more diverse, and there are – slowly but surely – more women entering the function. If corporate security departments are there to serve diverse, multi-cultural and complex organisations, they must do a better job of reflecting them. And they must also do all they can to avoid group think.
The corporate security departments of 15 years ago thought their power and respect emanated from their expert knowledge. Today they realise that they need to talk and walk the language of business, be excellent communicators, and focus on building relationships. Boards do not want to know the minutia of a threat assessment and security process – they just want to know that the company’s problems are in hand. The corporate security directors that cry wolf are a dying and marginalised breed.
For more on corporate security, see The Business of Resilience.