Security Barometer: Your Biggest Challenges with Executive Management

Return to Demonstrating Value
Home
>
Insight: Demonstrating Value
>
Security Barometer: Your Biggest Challenges with Executive Management
One of the most difficult situations CSOs face is when they cannot get executive support for a particular program element that would enhance the organization’s security posture. When leading a corporate security team, it is not always the best ideas that gain traction. There are a myriad of interrelated aspects that come into play when trying to promote programs or processes within an organization.

This Security Barometer quick poll investigated the challenges security leaders face with executive management. In particular we looked at the following issues:

  • Lack of executive management's understanding of security
  • Lack capability to influence executives' decisions
  • Lack of leadership support for new programs
  • Difficulty communicating project value in terms management respects
  • Difficulty gaining support of newly assigned executives
  • Difficulty conveying strategy in terms executives value
  • Difficulty explaining complexity and professionalism of security to non-security leaders


When asked to select their biggest challenges from this list the two most popular selections were, lack of executive management’s understanding of security, and the difficulty explaining security to them.

The respondents were allowed to choose more than one challenge:



Some of the "Other" responses (edited for clarity and anonymity) included:

  • Funding
  • Board members and executives who do not care about the security of people, assets, operations, and reputation. even though they cognitively understand security risk management.
  • Difficulty of being allowed to be part of decision-making process.
  • Convincing leaders to engage with security early in the planning process.


As part of the polling, we asked the respondents about their title level within the organization:

Chart showing respondents title levels. The category Executive or Senior Management made up 48% of the respondents.

This provided the opportunity to look at the most prevalent challenges from the aspect of the respondent’s level in the organization:

Chart showing what respondents biggest challenges with executive management were broken down by executive or senior management and middle management or below. Responses were similar except higher levels chose lacck of managements uunderstanding most often and lower levels chose diffficulting explaining security to non-security leaders.

Respondents were given the opportunity to provide additional commentary about their responses. The following is a selection of some of their input (edited for clarity and anonymity):

  • Conveying need for updated structure to better support organization
  • These are poor options provided for selection. They assume Security executives are not capable of explaining their subject to other executives. This is usually not the case. By the time a security executive reaches their position, they are experienced, qualified, and are probably of above average intelligence. The main issue is dysfunctional executives and board members who do not care about security because they are not capable of doing so.
  • Difficulty of your executives prioritizing security and listening to the resource needs and nuances that help create a superb security program. Example: When a client asks for a security process and physical security countermeasure to be installed to protect their information and the director of Security’s C-suite boss argues it will not help security and the resources are denied, it is clear that the front office is not supporting his security office or team.
  • In my perspective, this has a dual context. The physical part of security scope (facilities security, access control, surveillance etc.) is the hardest part to get engaged for new projects and investments when it's managed or intermediated by corporate executive mgmt. teams. They tend to do not understand the on-the-ground reality easily. However, projects related to topics such as investigations, information security, brand protection and other more corporate-centric, have better adherence by the executive. So, I would say that depending on the project, we have different challenges with Executive Management.
  • It is always about money … budgets, return on investment … viewing security as a necessity against liability claims and not a valued partner helping to prevent liabilities and security breaches of all kinds from occurring.
  • Our team considers Associates our major goal to protect. Getting new funding is not the issue. IT /Secops support is the challenge. They are over funded and never have the band width for us.
  • Executive Leadership that has no true understanding of Security, but masquerade as a company that is secure.
  • My current organization is a small start-up environment, and while Executive Management will consider Security best practices, etc., other considerations such as lowering costs are prioritized. If we don’t need it right now and it doesn’t support a customer, then it can wait - That's the perspective of Executive Management at my firm. There are some security items that I have fought for and received approval for, but others have been met with resistance.
  • Executive management lacks understanding of Global Security outside of workplace violence and travel safety. In particular, the purpose of risk intelligence information that is intended to provide critical information for management to make informed proactive decisions instead of having to be reactionary after events have already occurred. Management doesn't value the opportunity of knowledge sharing of critical resources pertaining to crisis management and the mitigation factors that can be achieved if groups could discuss briefly known and unknown information, and who's actioning tasks at present to create transparency, limit duplication of efforts, and highlight gaps.
  • Funding for expansion of the team and additional platforms and resources.

Next Steps

Getting executives to understand security is a difficult process. And even if they do understand, you are still likely to be fighting an up-hill battle trying to convince them that enhancing security generates increased profits.

The Security Executive Council believes that before you pitch your plan for security you should have a clear understanding of your "C4R" - your current conditions, culture, circumstances, and resources.

"The components of C4R are generally outside your sphere of influence. You can’t control your organizational culture, your budget, or the trajectory of current events. However, an honest assessment of these things should inform your risk decisions and priorities and will help you to make the most of what you actually have. If you don’t assess them, on the other hand, even your best-laid plans will likely fail to gain traction." To learn more about C4R read You Are Here: How Knowing Where You Are Can Help Get You Where You’re Going.

Contact us to discuss your situation and see how we might be able to assist you to overcome executive management challenges.

You can download a PDF of this page here:
Security_Barometer_-_Your_Biggest_Challenges_with_Executive_Management.pdf
Click to download PDF file
270KB
Return to Demonstrating Value

Career:

Social Media:

We know how to fine-tune corporate security because we've led effective and efficient Fortune 500-level security programs. The SEC helps businesses find the best balance of risk mitigation, cost and innovation.

Have a question for our experts?

Let's Talk

Want insight delivered to your inbox? Subscribe to Security Insight newsletter.

Subscribe
© 2005 - 2024 The Security Executive Council
Privacy Policy