A recent report revealed what many in the industry may have assumed. In all security collaborative optimization (SCO) structures, good relationships, strong communication, and transparency are key factors in collaborative success.
The Security Executive Council’s Security Leadership Research Institute has recently released highlights of its study on the state of security convergence, conducted jointly with Kennesaw State University’s Coles College of Business.
The research hoped to determine the veracity of a common assumption in the security field: that most high-performing and successful security functions operate within a “converged” structure, with corporate and cybersecurity reporting to a single security or risk executive. Respondents came primarily from the corporate security realm (rather than cyber or both), most from organizations with international operations.
The research also sought to gauge the state of optimization that can be had with stronger collaboration between corporate and cybersecurity. Among other findings, the study determined that security collaborative optimization can be found not only in organizations where cyber and corporate security are structurally merged, but in organizations where the two functions are separate, with separate leaders and reporting lines.
According to the report, 86% of respondents collaborate on operation for some security programs — 54% on a minority, and 32% on a majority. Only 9% collaborate on all security programs, and 5% collaborate on none. The trend is similar for collaboration on administrative tasks. The report also showed that a structural shift toward a more collaborative form was often due to an unexpected organizational change, such as the introduction of a new leader, a corporate acquisition or spin-off, or a negative security incident.
“Separate with partnerships” was the most common collaboration form at 45%, followed by “Separate without routine partnerships”/Ad hoc at 34% and “Merged” with 19%. The report revealed that both “Merged” and “Partnered” participants commented that good relationships make or break collaboration, regardless of whether the structure mandates collaboration.
The majority of respondents (60%) reported to the EVP/SVP/VP level while 21% reported to the Director level, and 13% reported to senior executives.
Research participants noted the value of SCO is difficult to measure and results are often not found in dollars and cents but as in speed and agility in identifying and responding to incidents.