About the Author
From Cost Center to Value Creator: Four Ways Security Teams Can Prove Their Impact
Modified June 16, 2022 By Nadine Araksi
At Resolver, the common theme we repeatedly hear when talking to corporate security professionals is that the resources they are given don't necessarily match the job they're tasked with. One reason for this is that security teams are often seen as a cost center and are challenged to access bigger budgets and gain respect in their organizations.
The problem is that, as a group, we security professionals struggle at quantifying and conveying our value back to the business. If corporate security teams want to be part of the business, they must align with the organization's strategic goals.
In our webinar for ASIS International, Proving the Value of Corporate Security, Resolver’s Vice President of Sales, Darren Hill, takes you through real-world examples from his years of talking to security professionals and executive security teams. We’ve summarized his insights down to four ways to prove the value of your corporate security team impact and become a trusted, influential partner for your senior leadership and the business overall.
1. Rewrite the narrative to shift the security mindset
To shift the psychology of the security team from a “cost center” to a “value-add” department, you need metrics to show your value-adding activities beyond just checking boxes. And you need to be able to speak to those numbers in a way your leadership team understands. Focusing on the activities with the most significant impact and quantifying the positive influence of your team’s efforts can spark the transformation of how corporate security is seen throughout the business.
World-class security teams often positively impact the bottom line, and that can reach into the tens of millions of dollars. Those organizations don't complain about budget restraints nor see their security team as a drain but rather as partners in the business. These teams have thought about how key results are determined when objectives are set out. When organizational mantras are designed or iterated, they're used to attract employees by providing safe places to work.
Corporate security teams can also help attract customers through positive brand recognition, preventing adverse events, and keeping them out of the media when they happen. They promote strong partnerships through secure transactions with vendors. What matters to your organization will vary depending on your industry and corporate goals. Spend time aligning your team’s objectives with your organization's goals. Put mechanisms in place to measure against those goals and build your systems and infrastructure around them.
2. Capture and communicate your team’s data effectively
We are still in the early stages of the 5-Stage Corporate Security Maturity Model as an industry. The maturity model is designed to help security teams get to efficiency, where they're providing value back to the business. When we look at the progression of the model, we start at the basics. The physical controls are in place—the guns, gates, guards—yet incidents still happen because we can't be in every corner of our footprint. Security teams must start by capturing incidents in their simplest form at the very first stage of the corporate security maturity model.
Articulating your team’s value effectively is all about capturing the right data. (Read more on how to measure importance in corporate security here.) Once we start capturing what's happening, we can begin to put context around it. This is where we start to track the components that deliver value to the business: how we capture and present data and the choices we make based on what the data is telling us. To show meaningful value back to the organization, you need to be able to present leadership with the metrics that show the long-reaching benefit of what you do.
(For more assistance communicating your team’s value, download our free corporate security business case presentation template.)
3. Create transparency and visibility on your team’s activities
It's natural to think, “Well, people know what I do,” especially for security professionals. You may wear uniforms that say “Security” and stand behind the security desk. How can you be any more transparent? But if you ask other colleagues, ”What do security professionals do?” you might be surprised at their answers. The responses are rarely accurate. Most jobs—not just in security—are like icebergs. The world only sees 10% of what you deliver. True transparency comes when you can build an understanding of the bigger picture of what you do and—better yet—you include them in it.
In terms of visibility, people feel safe because they can see you, the security pro. They know you're there, and they like you there. The more important piece is incorporating the people in your business, bringing them into your team’s efforts by showing them the benefits of their involvement. Make sure your organization feels included in your programs. For security teams to start to influence the business, the involvement has to go both ways.
Often incidents go unreported because employees don’t understand how an incident can grow from something seemingly small to a catastrophic event. By being transparent and creating the organizational understanding of incident impact, you can transform your company's mindset and get buy-in by making everyone feel like they are contributing to creating a safe workplace. Some suggestions include:
- Reward desired behavior to encourage compliance and incident submission
- Track and post safety benchmarks
- Track and analyze trends and lifecycles
- Show improvements over time
4. Define the ROI of security team efforts
ROI stands for Return on Investment. Most executives want security teams to track ROI to prove that the resources and budget allotted to your programs or department deliver an equal value impact. If your team is doing anything and not measuring it, it’s challenging to show that you’re providing value on the money spent.
Establishing your security department’s value or ROI is the way to ensure your team gets the respect, resources, and budget they deserve. Work with your executive team to level set how your team’s activities and successes will be measured. Decide how you’ll articulate what tools and technologies can bring to the table to help determine whether they are resources the organization wants to invest in. Ensure executives are aware of the consequences of adopting or not adopting that resource.
If your organization cannot define your team’s ROI with you as a partner, then work on delineating which organizational objectives you can directly impact. Which incidents typically happen that directly affect the bottom line and how does your team track and measure them? Here are some thought-starters for tracking—think quarterly or year-over-year (YOY)—and communicating that ROI:
- Number of incidents that occur
- Number of incidents prevented
- Safety incidents vs. security incidents
- Total losses
- Frequency of incidents
- Severity of incidents
How Resolver can help
Resolver’s suite of applications improves data capture, increases operational efficiency, and generates actionable insights to let security teams stop chasing incidents and start getting ahead of them. In a recent survey, 100% of Resolver customers surveyed report improved accessibility of incident, risk, and other security data with Resolver.
With powerful built-in reporting capabilities, our platform enables security leaders to prove the value of their program and fast-track investments by connecting security initiatives to outcomes that matter to the broader organization. Designed for “no-code-required” implementations and supported by our highly skilled and experienced implementation team, choosing Resolver ensures you’ll have an easy-to-use, best-in-class solution up and running quickly.