Security and the Boardroom

Security issues must be at the heart of strategic management for any FTSE-100 company in this post-9/11 world. Global organisations face both domestic and international security challenges and, as such, the security issues raised can only be successfully addressed by those tailor-made for the job. That said, security is no longer the sole preserve of ‘security professionals’ – it is one of the key factors which must be addressed by chief executives and Boards of Directors.

Part of the problem remains the clandestine and misunderstood image of the security sector. CCTV evokes pictures of yobbish behaviour and public riots, mobile telephones are associated with the memory of investigations into serious crime – even murder – while the ‘dodgy dossiers’ referred to in the Hutton Report have done the industry no favours at all. Even the public lexicon changes!

Sadly, it is always security failures and lapses that hog the media spotlight, while the triumphs pass by unnoticed. Although security as a topic is known in the public domain, the amount of information on it that’s publicly accessible is (more often than not) incomplete.

Security, of course, also means different things to different people, which merely adds to the public’s general confusion and apparent misunderstanding. In truth, security should command any company’s undivided attention, not least because it is a crucial ingredient in building and maintaining corporate reputations. Breaches in security attract the wrong kind of publicity.

Reputations can be tarnished

Once businesses are damaged, particularly in terms of their reputation and/or branding, it’s very hard for them to recover. The name of Anderson will always be associated with ‘dodgy’ accounting. It is hard to think of Ratner’s jewellery without remembering then chief executive Gerald Ratner’s revelation – when addressing an invited audience at the Institute of Directors – that he was selling “crap”. And who can forget Matthew Barrett, the chief executive of Barclays, who didn’t do too much for the image of credit cards when he stated that he’d never let his children use them as they were “too expensive”.

The reputation of a business is a delicate matter. It takes a long time to nurture but, in some cases, only a few minutes for it to be wrecked. Was Enron a security failure? How about BCCI?

Shell took a very long time indeed to recover from the bad odour surrounding its proposal to dismantle Brent Spar. It didn’t matter that Shell was intellectually right as the company had lost the PR battle. More recently, one only has to think of Jarvis and Hatfield.

Today, security lapses – just like accidents and health scares – make for headline news and memories that last. Often for the wrong reason.

Drawing attention to security

If security is undeniably so important, what can the industry and its senior managers do to draw attention to that fact?

Any organisation is merely an amalgamation of its people, and security should be seen as a route to general management at the top. If you want the best, seek new people with new ideas for this role and challenge the status quo to change the culture

The image is certainly in need of an upgrade, with more and better regulated activities and the implementation of professional standards (and recognition for them). Slowly but surely, this is beginning to happen, but it’s one part of a lengthy process which will require much effort before we finally see the results in the public domain.

There is a light at the end of the tunnel amid signs that security is now increasingly being seen as a core functional responsibility, and not just an issue to be managed by trained professionals. FTSE companies are changing their attitudes as chief executives and their Boards begin to view security in the same light as Health and Safety, and therefore deem it to be their responsibility.

Ten or 15 years ago, security simply wasn’t on the agenda, but in 2005 the subject has taken its seat at the altar of corporate governance. It is a key support function alongside Human Resources, finance and Health and Safety. Furthermore, for senior management, security is no longer seen as a specialist niche but rather as a career development opportunity for the brightest and the best. This is indeed the situation in many of our larger companies.

As awareness grows that security is becoming a top general management function, it is clear that such positions demand top quality management skills as well as technical experience. Security is no longer to be left to the so-called professionals: making mistakes places the business and its people at risk. The times when complacency was common – “we are not a security risk” – are long gone.

Even today, the national media tells us that the IRA threats so common in England 10 to 20 years ago may not be gone for good.

Route to general management

Any organisation is merely an amalgamation of its people, and security should be seen as a route to general management at the top. If you want the best, seek new people with new ideas for this role and challenge the status quo to change the culture. If there are 100,000 employees in the company, make sure that security is on their radar. As the representative of one major pharmaceutical manufacturer said to me only recently, even the most apparently harmless products are potentially dangerous. “I control everything I do inside the factory fence,” he stated, “but I cannot control the integrity of the water supply.”

It is only by bringing objectivity and a different perspective that you can move forward on security issues. That’s where the right kind of recruitment comes in. So-called ‘talent management’ is as important in security as it is in other management and professional scenarios. Responsible senior managers are always looking for the best recruits. They recognise the need for changing corporate cultures, and the requirement to move towards everyone believing and feeling that security is their responsibility. This mirrors exactly what has been happening in the safety management arena these past 20 years or so.

Recruitment is all about defining the role, ensuring ‘buy-in’ across the organisation and then identifying (and subsequently matching) skills sets with the functional need.

It’s always worth remembering that no two organisations are the same. Each will require a unique combination of skills and background experience. Finding the correct people and making the match right is pretty much the essential differentiator.