Clarity Up Front:
- The corporate security function’s journey from ‘corporate cop’ to the C-Suite over the past 25 years mirrors that of HR over the same period, and there is much that corporate security leaders can learn from HR’s journey.
- The current global business operating environment offers opportunities for corporate security to add enhanced business value.
- Focus on the value you deliver to the company, not what you do as a function. In the current global operating environment, corporate security has a plethora of skills, assets, and know-how that can help to solve some of the problems that business leaders care about most.
- Delivering the core mission of the corporate security function is non-negotiable, even if security is not a top business priority for executive focus in your company.
- Corporate security functions are one of the best-connected functions in the business and connectivity helps them to deliver effectively. The function is missing opportunities to contribute to the priorities of business leaders, most notably supply chain resilience.
- Demand for timely insights has never been higher; today, business leaders must make decisions at pace with an ever-narrowing margin for error. Corporate security functions have highly developed intelligence capabilities, but their insight asset is not being applied to solve some of the problems that business leaders care about most.
- C-Suite executives recognise that corporate security professionals are effective crisis managers. Beyond their role within formal crisis management structures, there is an opportunity for corporate security to add business value by developing crisis leadership capability across the whole company, but this is largely untapped.
- You can’t assume that the rest of the business knows what you do, and you can’t assume that business leaders will join the dots between their problems, and your skills and know-how. It’s the job of corporate security leaders to tell the story of the business value of corporate security. Corporate security must continue to professionalise, to ensure it has the appropriate talent and technology expected at C-Suite level.
The journey from ‘corporate cop’ to the C-Suite: corporate security and HR
Over the past 25 years, the corporate security function has been on a journey from ‘corporate cop’ towards the C-Suite. Today, most corporate security leaders in multinational corporations are much closer to the C-Suite than they were a quarter of a century ago, but very few have made it onto the Executive Committee.
Ours is not the only function to embark on this journey; 25 years ago, HR also owned the moniker ‘corporate cop’, as a result of the fact that it enforced policies, policed what managers could and couldn’t do, and managed a series of technical administrative processes, such as payroll.
Writing in the Harvard Business Review in 1998, influential HR thinker, Dave Ulrich, described the position of the function at that time:
‘Should we do away with HR? In recent years, a number of people who study and write about business—along with many who run businesses—have been debating that question. The debate arises out of serious and widespread doubts about HR’s contribution to organizational performance.’
Today, HR is on the Executive Committee of most multinational corporations, and many companies also have a board-level position concerned with talent and people. Just 16 years after Dave Ulrich was issuing a warning to the HR community, the role of Chief Human Resources Officer (CHRO) was being described as a game-changing business enabler in the Harvard Business Review: ‘This role is gaining importance like never before. It’s moved away from a support or administrative function to become much more of a game changer and the person who enables the business strategy.’
HR’s lessons for corporate security in the journey to the C-Suite
Why did HR succeed in moving from ‘corporate cop’ to C-Suite? There are four key lessons corporate security leaders can and should learn from their HR colleagues.
Timing
Three decades ago, the world was changing; key trends, including globalisation and digitalisation, made talent a business-critical issue. Finding and keep good people and being an ‘employer of choice’ were vital to staying ahead, and business leaders understood that talent was central to business profitability and growth. Smart HR leaders recognised that their function had the skills, assets, and know-how to solve the talent problem, a key concern for business leaders.
Today, the global business operating environment – characterised by geopolitics, volatility, interconnected risks, and crisis – offers similar opportunities for corporate security leaders. Terms that have been commonly used by security professionals for decades are now part of the everyday vernacular for business leaders. It was no surprise that ‘permacrisis’ was Collins Dictionary’s word of the year in 2022 and that it features consistently in World Economic Forum reports.
Focus on what you deliver, not what you do
One of the most important lessons security professionals must learn from HR’s ascent to the C-Suite is the importance of focusing not on what you do, but on the value that you deliver to your company.
In his 1998 Harvard Business Review article on the state of HR, Dave Ulrich issued a challenge to the profession: ‘The question for senior managers [then] is not should we do away with HR? but What should we do with HR? The answer is: create an entirely new role and agenda for the field that focuses it not on traditional HR activities, such as staffing and compensation, but on outcomes. HR should not be defined by what it does but by what it delivers—results that enrich the organization’s value to customers, investors, and employees.’
Security leaders should not assume that, because their company’s security risks have increased, the C-Suite considers the work of the security function to be business critical. For some companies, it is and perhaps always has been. For most, security is more important today than it was 2-3 years ago, but it is not one of the handful of issues that dominates the limited bandwidth of its C-Suite.
Focusing on the business value of the corporate security function requires a mindset shift similar to that adopted by HR, from defining contribution solely in terms of the processes, activities and outputs that you are responsible for – security assessments, travel safety programmes, and executive protection – towards articulating value in terms that relate to the concerns of business leaders in today’s global business operating environment – supply chain resilience, investor confidence, ESG, crisis leadership, and market entry and exit, for example.
A function’s business value is usually less about what it does, and more about what it knows, who it is connected to, and how it works. In the current global business operating environment, corporate security functions have a plethora of skills, assets, and know-how to help solve some of the issues that business leaders care about most. It’s in the middle of the Venn diagram, where business concerns and security assets meet, that we find the business value of corporate security.
The business value of corporate security
My research shows that there are four key areas of business value for corporate security: effective security, connectivity within and outside the company, intelligence, and crisis leadership.
1. Effective security
While security is not at the top of most board agendas, business leaders I interviewed do recognise the increased importance of security in today’s global business operating environment, and they expect the function to be effective. As one C-Suite executive told me, ‘I look to them for absolute guidance, counsel, reassurance, and a view. I take what they say as expert input and am guided by it as to what we are looking to do. I have a lot of confidence in our CSO and his team. It would be very, very rare that I would actually go against what they say.’
Delivering your core security mission is non-negotiable, even if it’s not always a top business priority for executive focus.
2. Connectivity
The second business value of corporate security is connectivity; across the business and between the business and the outside world.
Connectivity across the business greatly enhances a corporate security function’s effectiveness; there are few areas of its responsibility that are not enhanced by collaboration with at least 2-3 other functions. For example, workplace violence programmes are more impactful when conducted in conjunction with HR, facilities management, and cyber security. Senior business leaders recognise the connectivity of the corporate security function; one C-Suite executive told me, ‘Security is unique in their ability to reach right across our business.’
This connectivity also offers an opportunity for corporate security to add business value beyond its functional remit. In the face of an interconnected risk environment, executives increasingly demand a unified view of risk, and corporate security is well-placed to act as ‘corporate glue’ to help its company break down silos that can exacerbate risk.
My research shows that corporate security leaders recognise this potential, but that opportunities are not being fully realised. I asked CSOs whether their team was involved in a series of business-critical issues managed elsewhere in the business. It is encouraging that a majority are involved in new country and market entry, and ESG, but fewer than half contribute to one of the most important challenges facing business leaders: supply chain resilience. In a recent survey, 46% of global CEOs said they have already or are currently considering changes to their supply chains because of geopolitics. Corporate security has knowledge and assets relevant to supply chain resilience, but most functions are leaving this opportunity on the table.
Corporate security professionals also have extraordinary connectivity outside the business, which is critical to their ability to get their own job done. The business leaders I interviewed recognised this, but when asked about how these connections could be used elsewhere in the company, none had considered this potential.
3. Intelligence and insight
The third business value of corporate security is its intelligence and insight. In the current global operating environment, business leaders must make decisions at pace with an ever-narrowing margin for error. The demand for timely insights has never been greater.
Over the past decade, corporate security functions have developed sophisticated intelligence capability; three-quarters have analysts and two-thirds plan to increase this capacity over the next 1-2 years. Business leaders recognise the importance of intelligence; 52% of C-Suite leaders said they would like to see more intelligence capability within their corporate security function.
Corporate security intelligence plays a critical role in helping the function to deliver on its responsibilities, but fewer than half of CSOs task their analysts with collaborating with business intel teams elsewhere in the company. A key corporate security asset is not being applied to solve some of the problems that business leaders care about most.
4. Crisis leadership
The fourth business value of corporate security relates to crisis management. Today, crisis is the price of doing business, and most corporate security functions play a critical role in their company’s formal crisis management structure. The C-Suite executives I interviewed recognised the unique crisis capabilities of security professionals; ‘They are just naturally much better at this stuff than anyone else in the company.’
In a permacrisis world, formal crisis management structures are necessary, but not sufficient. When an event reaches the threshold of ‘crisis’, it is vital it is handed to a well-practiced team to manage. Alongside this, companies also need business leaders right across the corporation who are crisis confident and crisis competent, comfortable operating in volatile conditions, and who understand how their own actions and words can help avert or enflame problems. There is an opportunity for corporate security to add business value by helping to build crisis leadership capability at the executive leadership level, but this is largely untapped at present.
You have to tell the story – again, and again, and again
The most important lesson corporate security leaders should take from HR is this: tell the story. When HR leaders realised their potential to add business value by owning and solving the talent problem, they didn’t assume that busy executives with limited bandwidth would work this out for themselves. They knew they couldn’t even assume that executives knew what they did – they were, after all, just corporate cops at this stage. Instead, they educated, demonstrated, and told the talent story – again, and again, and again.
I was reminded of the importance of telling the story recently when I was running a workshop for a client, a FTSE 100 company, for whom security is most definitely business critical. The CFO – present for the whole day, which is a sign of commitment and interest – was confused about the inclusion of ‘geopolitics’ in my presentation; “I can understand why I’m interested in geopolitics, but why is my security team interested in geopolitics?” Even at a moment of full engagement, busy people don’t always have the time or headspace to join the dots; that’s the job of corporate security leaders. You must not wait for business leaders to work it out for themselves and then call you up for duty.
Develop your talent and technology to meet the expectations of the C-Suite level
The final lesson for corporate security is the need to professionalise. Twenty-five years ago, HR leaders realised that their talent and technology were appropriate for operating as ‘corporate cops’, but that they would not meet the standards of excellence required by the C-Suite. As Dave Ulrich wrote in 1998, “HR cannot expand its role in an organization without the requisite expertise. Becoming a strategic partner demands a degree of knowledge about strategy, markets, and the economy… If HR is to effect real change, it must be made up of people who have the skills they need to work from a base of confidence and earn what too often it lacks—respect.”
Little by little, HR began to invest in its people, processes and technology, and corporate security must do the same. The function needs people who have business acumen and strong administrative skills, are proficient communicators and influencers, and are digital and technology natives. They also need technology and processes that can scale, as demand for this business value-add increases.
A unique window of opportunity
Corporate security is at an inflection point; world events have changed the global business operating environment and created problems for business leaders that play to the assets, skills, and know-how of corporate security professionals.
There is much that the security profession can learn from the journey that HR took from ‘corporate cop’ to the C-Suite over the past twenty-five years: seize the opportunity, focus on what you deliver rather than what you do, tell the story, and invest in your talent and technology so you are match-fit to operate at executive level.
There has never been a time when the opportunities for corporate security to add business value have been greater than they are today. Realising those opportunities requires a shift in mindset and a concerted campaign to educate, demonstrate, and tell the story of the business value of corporate security.
The Business Value of Corporate Security by Rachel Briggs OBE is published by The Clarity Factory.
Photo by Serkan Bayraktar