by Brianna Crandall — February 10, 2020 — Security practitioners still frequently struggle to show the value of security programs and improvements, according to new survey results released this month by the Security Executive Council (SEC), a research and advisory firm focused on corporate security risk mitigation strategies and plans.
In October, the Security Leadership Research Institute (SLRI), the SEC’s research arm, asked security practitioners to identify the three biggest challenges their departments face. The number one challenge, chosen by 70% of respondents, was justifying the resources to improve or expand security programs.
Kathleen Kotwica, the EVP and chief knowledge strategist for the SEC and principal analyst of the SLRI, stated:
We weren’t surprised at the top finding. We’ve heard from many security practitioners that they’re being pushed by the business to show the value of programs, which is what this challenge is really about.
The Top 3 challenges were selected by survey respondents from among the following seven concerns (ordered according to survey responses):
- The ability to justify the resources to improve or expand security programs
- Design clear program plans or roadmaps that provide clarity and obtain stakeholder buy-in from the beginning
- Bringing core programs to an adequate or leading practice level that keeps pace with business change
- Developing a cross-functional security operations center (SOC/GSOC) that works for our organization
- Keeping up with new or emerging security issues, trends and best practices
- Find a reliable way to gauge the contract officer program is economically performing optimally and efficiently
- Concern that we may be missing key security regulations or standards in our programs
But, although the top concern was no surprise, there were other responses the SEC expected to rank higher in the survey than they did. For instance, only 16% of respondents listed gauging the contract officer program’s performance as one of the Top 3 challenges they face.
Kotwica continued:
It’s interesting, because in many companies that’s the biggest part of the security budget. The fact that it’s not a front-of-mind challenge for many security leaders may mean that it’s being treated as a set-it-and-forget-it expense — meaning they’re not thinking about whether it can be done better or more efficiently.
We’ve worked with clients on guard force efficiencies who have ended up saving millions of dollars on contract guard programs, so we know that savings is often there, but perhaps too few security leaders are looking for it.
Just over 40% of respondents chose designing clear program plans or roadmaps as one of the Top 3 challenges, followed by bringing core programs to adequate or leading practice levels that keep pace with business change (37%).
For the full results, including percentages for each of the seven challenges, selected “other” answers and insightful participant commentary, visit the Security Barometer Results: What is the Security Department’s Biggest Challenge webpage on the SEC website.