Corporate Security: companies need clear structures and responsibilities in Corporate Security to promote secure working in a networked environment
The risk of cyber attacks, complex supply chains and geopolitical uncertainties in combination with growing interconnectedness and increasing digitalization are having an impact on the areas of responsibility of Corporate Security. It is therefore crucially important for companies to ensure that there is a uniform understanding of the areas of responsibility. Our Corporate Security Benchmarking Survey 2022 shows that there is still further development work to be done, especially with regards to the differentiation of Corporate Security from other corporate areas.
The majority of participants (80 percent) in our survey viewed the Corporate Security function as a “business enabler”. Overall, 76 percent of the respondents see sufficient awareness of Corporate Security at the C-level. The majority of participants view their security strategies for addressing business risks as effective (59 percent “rather effective” and 37 percent “highly effective”). There is a particular need for follow-up measures when it comes to the internal networking of such functions and thus the visibility of the function.
23 percent of CSOs and C-suite believe that Corporate Security is not sufficiently perceived at the C-suite.
Overview of the survey
Corporate Security is an interdisciplinary management function encompassing various solutions that need to be highly networked throughout the company. Such functions often do not gain prominence until a critical situation actually arises. It is therefore crucial to conduct continuous internal marketing regarding Corporate Security. This could potentially be one of the causes for the perception gaps between the C-suite and CSOs.
The majority of C-suite believe there is a need for additional skills and qualifications in the area of Information Security (60 percent) and Security Intelligence (52 percent) compared to a minority of CSOs (37 percent and 24 percent respectively).
Among C-suite, there is a higher perceived need for additional Information Security skills and qualifications (60 percent, CSOs: 37 percent).
While a large majority of CSOs (80 percent) believe that Security Investigations are sufficiently covered by their Corporate Security function, this figure falls to just 64 percent among C-suite respondents.
Almost half of C-suite respondents believe that industrial espionage and the theft of trade secrets will pose one of the largest challenges for Corporate Security functions in the next five years. Only 32 percent of CSOs express the same view.
The varying results show that, in some regards, Corporate Security is assessed differently by C-suite than by CSOs themselves. This could potentially be attributable to lower visibility of the Corporate Security function within companies or to a lack of clarity regarding responsibilities.
We recommend the definition and implementation of a target operating model (TOM) for Corporate Security, which is aligned with the company's corporate strategy and growth targets. For companies with global operations, this also includes determining whether Corporate Security should be organised centrally or decentrally. The goal is to define and implement uniform security standards throughout the company, to clearly delineate the tasks of Corporate Security as well as existing interfaces and thus to ensure an efficient and effective response to existing security risks.
The largest security challenges
Characterised by ongoing crises, technological change and increasing networking, Corporate Security is continuously changing. Due to the various security incidents that have drawn international attention in the recent past, greater focus is being placed on the Corporate Security function of companies, especially those undergoing strong growth. 78 percent of respondents indicated cybercrime as the largest challenge for their Corporate Security in the next five years. Around two-thirds see challenges in the lack of resources (e.g. financial resources or full-time equivalents, not related to skills and qualifications) and supply chain security.
In light of the changing challenges, Corporate Security functions must also undergo a transformation process themselves. For example, it will become increasingly important for such functions to take advantage of the opportunities arising from digitalization in the coming years. Digital tools can improve processes and facilitate communication among each other. 75 percent of C-suite respondents and 69 percent of CSOs believe that their Corporate Security function is already sufficiently digitised. This could either indicate that the digitalization of the function is indeed at an advanced stage, or it could be due to an insufficient understanding of the opportunities arising from digitalisation within Corporate Security.
A clear security strategy is necessary
One decisive factor for Corporate Security is the presence of a mature security strategy to provide guidance for the overall direction of work within Corporate Security functions. Although 85 percent of the companies have a formalised security strategy, approximately one third of the respondents classify the maturity of their Corporate Security as “evolving” or “in need of improvement”.
Target operating model (TOM)
Anticipatory action and an increased ability to react and defend are indispensable in times of constantly changing challenges and the threat of attacks. Following a risk analysis, the development of a TOM is more important than ever. With the help of a robust Corporate Security target operating model (TOM), companies can define and document future optimisation strategies. This provides an increased overview and a more efficient exchange of relevant information. However, there is still untapped potential. Around a quarter of C-suite respondents do not perceive their TOM setup as adequate for the challenges of modern times, and among CSOs, 15 percent still see room for improvement.
From your viewpoint, is your current TOM setup adequate for the challenges of modern times?
Source: PwC study 2022 “Corporate Security Survey”
Three steps to further strengthen the Corporate Security function
- Improve the TOM
- Drive digitalisation forward
- Develop and foster future-oriented skills
Improve the TOM
The Corporate Security function must act rapidly in a forward-looking manner so that it can actively and successfully overcome complex security challenges. In order to do so, the roles and responsibilities of all parties involved need to be clearly defined. This is where a TOM can assist companies by providing the foundation for the work and effectiveness of the Corporate Security function.
Drive digitalisation forward
The increasingly digital way of working also increases the number of threats. Those responsible for Corporate Security need state-of-the-art technologies and software in place to not only react to security risks, but also proactively minimise them. Companies are challenged here to actively promote the digitalisation of corporate security as well. In addition, security managers should develop and expand their digital skills and qualifications.
Develop and foster future-oriented skills
According to our survey, the largest needs for additional skills and qualifications exist within the areas of Information Security (49 percent), Cyber Security (45 percent) and Crisis Management (44 percent). Nevertheless, the discrepancy between the answers from C-suite respondents and CSOs shows that the areas of responsibility and activities are not always clearly defined. This makes it all the more important to communicate clearly with each other within the company and to set common priorities so that the CSOs and the teams can improve their skills in a targeted manner.
“Even if Corporate Security functions work in a less prominent manner than other departments, their contribution to companies should not be underestimated.”
Methodology
As part of our Corporate Security Survey 2022, we examined how Corporate Security was perceived among the C-suite and CSOs.
The data for the survey was collected in May 2022 among 150 respondents from 14 different business sectors. Although the ratio attributable to different sectors varied, there was an equal proportion of CSO and C-suite participants in order to ensure a balanced result. The companies have been divided into three categories according to size: small (total revenue of less than €500 million: 41 percent), medium (total revenue of between €500 million and €1 billion: 34 percent) and large (total revenue of more than €1 billion: 25 percent).
Contact us
