Go to any security conference and you’ll be quick to discover that getting “buy-in” and maintaining a “seat at the table” are still the predominant concerns among security leaders. After all, unlike other business units that bring in revenue directly, corporate security must show that it is not merely a cost center but a cost- (and sometimes a life-) saver. While security departments have gotten creative about showing their worth, intelligence teams have had a harder time quantifying value. It is time that both analysts and the enterprises they are part of realize that intelligence can contribute to return on investment (ROI) at the corporate strategy level, sometimes in ways that corporate security has thus far been unable to.
Corporate Security and ROI at Present
In recent years, corporate security has adopted the language of business by developing ideas about security’s ROI. In general, ROI is measured as the ratio of net profit to the cost of the investment. Simply stated, the metric shows whether an investment is worthwhile to undertake. Corporate security departments have adopted ROI calculations to demonstrate that investments in security are similarly worthwhile. In the security context, however, the technique is mostly used to illustrate the loss prevented rather than the profit gained. The “loss,” in this case, could be loss of product or something like hypothetical damage to a facility from vandalism, number of injuries to personnel, or the severity of cyberattacks.
Most current discussion of the ROI topic centers on the various techniques security professionals can use to make calculations rooted in subjective estimates. Can we truly estimate how many fewer entries on the premises there will be following the installation of a new alarm system? And how much do these intrusions cost the company in the first place? Depending on the enterprise and the specific security issue at stake, the answers to these questions can sometimes be obvious and at other times nebulous. Regardless, these debates miss a very important point: in all cases, they remain wedded to the idea of corporate security as a department that minimizes costs rather than a team that can help a firm bring in new revenue. Using corporate security’s intelligence analysts in new ways can change this.
Intelligence Analysis and Enterprise Growth
To understand how intelligence can take corporate security from preventing losses to making money requires an understanding of what intelligence analysts can do beyond what they are doing now. Most security teams currently use intelligence to assess issues such as geopolitics, crime and brand risk. In these areas, intelligence analysis (that is, processed information) supports security operations, with those operations taking priority.
This is undoubtedly an important function, but security departments should also see intelligence personnel as potential providers of strategically relevant information and analysis to other business leaders and C-suite executives, including those in corporate strategy, legal/compliance, risk management/auditing, and marketing/public relations departments. If allowed to “spread their wings,” intelligence analysts can help companies make more accurate ROI estimates on profit-making investments in areas ranging from global expansion, to marketing strategies, and even global human resources management. A diagram highlighting how this scheme might work is shown above.
Security is often seen as having nothing to contribute to company growth, or worse yet detracting from it by setting limits on what the risk-taking “dreamers” want to do. The described approach would therefore elevate intelligence teams but also benefit corporate security broadly. Moreover, it would allow corporate security to get closer to reaching another longstanding goal of being more proactive rather than reactive. After all, there is little that is more proactive than inclusion of security analysis in high-level strategy.
Aligning Intelligence with Executive Leadership
Implementing this model of partnership between intelligence teams and enterprise leadership will not be a simple task, and there are many obstacles to overcome. Though some experimentation will be required, the following steps can help corporate security departments push the process along:
- Borrow from research outside of corporate security. In making the case that intelligence analysis can support corporate strategy, use existing research on incorporating issues such as political and social risk into corporate decision-making and strategic ROI. Some primers, such as the Management Accounting Guideline: Integrating Social and Political Risk Into Management Decision-Making by Tamara Bekefi and Marc J. Epstein, are detailed enough to make corporate accountants perk up.
- Change the internal marketing surrounding intelligence. In selling intelligence within the company, corporate security often refers to the speed of alerts and the usefulness of intelligence reports for travel security, executive protection and other standard programs. Emphasis should also be placed on its potential in support long-term corporate planning, even if the standard role of intelligence remains a core focus
- Present proactive and custom solutions. Corporate security must take opportunities to push intelligence into the forefront of custom research on issues of interest to executive leadership, whether it is market entry in the coming fiscal year or due diligence surrounding a major potential M&A. Once the analysis is completed, the presentation must fit the audience. If a typical report doesn’t cut it, perhaps a presentation tied into the latest investor relations documents will. Alternatively, intelligence analysts may need to offer up a spreadsheet to help feed into strategic ROI models
- Find corporate allies. To find a receptive audience among company leadership, allies should first be found among other departments such as risk management or legal, which are natural allies of security. In many cases, personnel on these teams may not even know about the in-house analysis already being produced and would welcome any assistance in fully comprehending risk associated with the firm’s strategic direction
Pushing intelligence analysts into the service of corporate strategy does represent a departure from the traditional activities undertaken by these personnel. This will be perhaps the biggest difficulty of all to overcome. Yet in considering the new role, we must remember that corporate security itself has undergone significant transitions and is still trying to reinvent itself to match evolving private sector needs. Using intelligence analysts to enhance a firm’s strategic direction is the first step in realizing this goal. Corporate security can become more than just a center of loss prevention or productivity enablement. It can facilitate wise investments and profitable decision-making.