Security's Gains and Gridlocks: 2023



graphic listing various Security innovations and challenges in 2023

In the course of the work we do at the Security Executive Council we get the opportunity to have discussions with many security practitioners who lead programs for a widely diverse number of organizations. This provides us a unique opportunity to hear not only about the challenges they face and what is holding back the programs, but also the about areas where the industry is advancing in unique and innovative ways.

We are confident that you and your security programs can benefit from reading about the most notable gains and gridlocks security leaders have discussed with us in 2023.

Gains

Private Sector Intelligence Analysis

Public-sector organizations have long incorporated intelligence analysis into their security operations, but only recently have the same capabilities become more widely available in the private sector. Executives want and need their security functions to glean verifiable, actionable insights from a glut of available data.

This year, corporate security leaders have increasingly turned to open-source intelligence analysis to fulfill that need, to inform risk management and strategy, and to sharpen both protective and revenue-driving services. To further support the private sector in this journey, the SEC launched the Business Intelligence and Innovation Laboratory (BI2 Lab) at Mercyhurst University, which will provide private-sector security leaders with real-time and predictive information to help them make more informed business decisions.

Because of the speed and quality of such intelligence analysis, one client company was able to move proactively to protect assets and people in the very early stages of the Russia-Ukraine war, avoiding significant damage and loss.

Cross Functional Communication Through the GSOC

Organizations have grown to recognize that risk can most effectively be managed by cross functional teams. The SEC has long seen clients adopting this structure for crisis management, relying on the Global Security Operations Center (GSOC) for communication.

An SEC client shared the story of an employee whose life was saved from a wildfire she didn't know was coming because the GSOC, keeping tabs on weather events and remote employee locales, communicated to her the need to evacuate. The same GSOC was also able to lessen the impact of the disruption for supply chain partners and operations centers in the way of the blaze through early warning.

It's now clear that the GSOC can similarly enable cross functional communication for less critical, less urgent issues. To remain proactive, cross-functional teams must know more, sooner. An opportunity exists here to push the GSOC to the forefront as a solution for the speedy and effective transfer of information across the enterprise – even in non-crisis situations.

Artificial Intelligence for Security

While the exact nature of security's opportunity in AI is still cloudy, it's clear that this technology must be examined for both its potential benefits and its risks. Our clients are starting to ask - How is it being used by those who pose a threat to the organization? How is it being used by others within the organization? What can it do to help security leaders better protect the enterprise and improve their services and value? What is security's role in managing the risks it may present?

The opportunity here at the early stages is to organize meaningful conversations and education about AI so that the security community and individual organizations can develop a plan for how to explore it.

Contact us at contact@secleader.com to find out how you can participate in brainstorming meetings on AI.

Gridlocks

Executive Influence

For more than 20 years, security leaders have told the SEC their biggest challenge is earning the ear and confidence of senior management, and unfortunately, that continues to be the case. We find only about 15% of security leaders have successfully mastered this. Many struggle to secure the budget they need, the staffing they want, the buy-in for projects. They are frustrated that executives do not ask them for input or inform them of shifts in strategy. Others don't realize they aren't on the same page as management until they find out they're being let go.

Security leaders must look critically at their programs, their skills, and their messaging. What specific, high-level risks does security mitigate? What does security do that drives the organization toward executives' - and the Board's - goals? Where can the security leader improve his or her own knowledge and aptitude? How does the program compare with others, what gaps exist, and what would the function be capable of if those gaps were addressed?



Supply Chain Security

In many industries, supply chain security continues to be viewed piecemeal rather than end-to-end. Supply chain has traditionally been owned by non-security functions -- procurement, manufacturing, warehousing, distribution, even HR – without the expertise to recognize the pervasiveness of product risk from raw materials to customer delivery and use. Perhaps they ensure that the warehouse is secure, but the trucks are vulnerable. If the trucks and trailers are secure, is the shipper vulnerable? The definition of "supply chain" simply doesn't encompass the full product lifecycle in many organizations.

Industries that are not highly regulated may not be motivated to begin looking at security across the product lifecycle. But the problem is vast. Security leaders have an opportunity to collaborate with other functions to offer their services throughout the supply chain as a resource but need to be able to articulate the value they can bring.

Failure to Modify to Meet Risk

In many organizations, security has not kept up with risks. Traditional security measures have repeatedly fallen short in the face of rising incivility, new threat vectors, and evolving attack technologies. Security officers often do not carry the authority that many employees believe they have. Camera surveillance is used but often no one is watching or responding. The criminal element has shifted and evolved. Yet security functions too often continue to do things exactly as they always have.

Change is difficult, particularly when support and resources are low. But security's duty of care requires that the function do better to protect employees, organizations, and communities.

Looking Forward

The SEC has advised hundreds of security leaders over the last 18 years. We can help you find ways to approach the gains and fix the gridlocks listed above, and more. Contact us for a discussion around your goals for 2024.

To get the latest insights on security leadership issues, subscribe to our monthly newsletter.