Charles (Chuck) Randolph, Chief Security Officer at Ontic, provides some guidance to security executives when facing financial constraints – and how they can retain influence and protect assets to ensure their organisation doesn’t risk exposure as a result.
Every executive’s career will sometimes involve budget cuts that affect their department. Security executives are no strangers to this scenario; about one out of every five security departments experienced budget reductions between 2020 and 2022, according to Security Magazine’s Security Benchmark Report.
It’s always a challenging situation. And when I talk to executives with relatively short tenures in their roles, they are often either unprepared for the news or didn’t see it coming. Others need to learn how to justify their budget and prove the value of their team’s work to others in the business, leaving them vulnerable to cuts that are arbitrary or deeper than they should be.
So how can security executives better manage bottom-line financial situations without compromising on their critical solutions or people? No magic bullet works every time, and while my suggestions are more art than science, here’s where to start:
- Know your options: Articulate budget and planning scenarios by laying out options for what risks you must address and those resources tied to your mitigation strategy. Also, be clear about requirements concerning compliance – the things that absolutely cannot be cut.
- Create deltas: Once you know your absolute minimums, add back items of higher priority. What can and can’t your department do at various budget levels beyond the minimum? What capacity issues will occur if you cut one or five people from your team? You need to be able to explain what your team will not be able to accomplish at certain expenditure levels. Know what your organisation will lose and what risks your organisation will be more exposed to at certain expenditure levels.
- Align security to business goals: You must speak the language of strategy and business if you interact with decision-makers. Tying your department to the company’s future growth and the bottom line shows a more profound consideration for their issues. For example, is the company considering a change within its supply chain, a new vendor, or opening new locations? All have security implications a leader must address, and if threats slip through the cracks, they could seriously impact company growth and reputation in the market.
- Build networks: Success here is often facilitated by relationships the security department has forged across the organisation. By studiously and strategically expanding their networks within the organisation, especially with critical cross-functional teams, security executives can ensure that they are in the loop regarding business planning and not just in the critical moment.
- Use technology to augment security: From case management software that federates information to AI-fueled social media analysis and investigations tools that centralise data, technology can enable security teams to scale their operations to cost-effectively meet the organisation’s needs.
- Adapt a fully integrated solutions strategy: Many case management and intelligence solutions are point solutions, and as teams grow, tools continue to accumulate, as do their associated costs. Adopting a centralised platform that can conduct in-depth investigations and fully manage its lifecycle is a way to combat the rising costs from a point solutions strategy.
- Consider the all-hazards approach: Organisations are confronted with a volume and variety of threats like never before. Nearly every aspect of a company has some physical security risk – human resources, supply chain, executive protection, and more. Centralising risk data will help security teams act faster. This force multiplier allows organisations to peer around corners, facilitate information sharing across departments, and proactively capture pre-incident indicators.
An organisation’s security function is often seen as a cost centre. As long as that viewpoint prevails, it will be essential for security leaders to gain and retain the influence to preserve resources and retain the budget and people needed to act on threats proactively.
Technology-fueled security operations add value to organisations, and to show it, leaders need to apply business acumen, build support, and drive transformation.
As organisations continue to operate in a highly dynamic risk landscape, security has never been more critical – and that’s worth continued investment.
Source: IFSEC GLOBAL