Corporate security identifies and effectively mitigates or manages, at an early stage, any developments that may threaten the resilience and continued survival of a corporation. It is a corporate function that oversees and manages the close coordination of all functions within the company that are concerned with security, continuity and safety.
Globalisation has changed the structure and pace of corporate life; the saturation of traditional markets is taking companies to more risky places; the shift towards a knowledge economy is eroding the importance of ‘place’ in the business world; new business practices such as offshoring challenge companies to manage at a distance; and new forms of accountability, such as corporate governance and corporate social responsibility, put added pressure on companies to match their words with deeds, wherever they are operating.
At the same time, security risks have become more complex, too. Many of the threats, such as terrorism, organised crime and information security, are asymmetric and networked, making them more difficult to manage. There is also greater appreciation of the interdependence between a company’s risk portfolio and the way it does business: certain types of behavior can enhance or undermine an organization’s ‘licence to operate’, and in some cases this can generate risks that would not otherwise exist. As a result, security has a higher profile in the corporate world today than it did five years ago. Companies are looking for new ways to manage these risks and the portfolio of the security department has widened to include shared responsibility for things such as reputation, corporate governance and regulation, corporate social responsibility and information assurance.
There are six characteristics of alignment between security and the business:
Core elements of Corporate Security are:
For many years corporate security has been dominated by a ‘defensive’ approach, focused on protection and loss prevention. The head of security was seen as little more than the ‘guard at the gate’, someone whose actions invariably stopped people doing their jobs instead of enabling the business to function more effectively. Typically, heads of security came from a narrow talent pool, namely police, armed forces or intelligence.
There are many reasons companies tend to recruit security managers from these backgrounds. The police and armed forces churn out individuals with intensive training in the practice of security and protection, and have hands-on experience that is rarely available elsewhere. There are a number of reasons greater diversity is essential within the corporate security function.
For security to be aligned with the business, security managers must understand the business and how they contribute towards its objectives.
The Chief Security Officer (CSO) is the corporation's top executive who is responsible for security. The CSO serves as the business leader responsible for the development, implementation and management of the organization’s corporate security vision, strategy and programs. They direct staff in identifying, developing, implementing and maintaining security processes across the organization to reduce risks, respond to incidents, and limit exposure to liability in all areas of financial, physical, and personal risk; establish appropriate standards and risk controls associated with intellectual property; and direct the establishment and implementation of policies and procedures related to data security.