In the fifteen years that I have worked with corporate security leaders, I have observed dramatic changes in their relationship with their organisations. When I started out, the head of security was typically the sole in-house representative of the craft, attempting to influence the board to think defensively about risks to people and assets, but very often pushing against the tide.
Today, CSOs wield genuine strategic influence. They position corporate security as a dynamic business enabler, identifying and opening opportunities that would otherwise be unseen or considered too high risk to pursue.
Intelligence has become a vital tool for corporate security in its evolution to becoming an active contributor to both business performance and good governance. The modern corporate security department is very likely to now include in-house and outsourced intelligence resources, tasked with providing analysis, assessments and forecasts to guide decision-making and planning across the enterprise.
A developed intelligence picture can guide senior management through complex and changing circumstances, illuminating pathways and anticipating risks. For corporate security, relevant, timely and actionable intelligence is a highly bankable currency that can cement its role as a true business partner, able to help form and drive strategy.
But as critical business decisions are increasingly framed by intelligence, it is essential that the quality and reliability of assessments are consistently upheld. The pressure is on the intelligence providers to deliver the goods.
Where intelligence vendors fall short
Most corporate intelligence is produced in partnership with external providers. For those organisations fortunate enough to have in-house intelligence analysts, they will be responsible for honing assessments to the specific requirements of the business, based upon their specialist and superior knowledge of its needs. External partners are typically responsible for collection and processing, as well as bridging their customers’ analytical gaps.
The market for external intelligence services for corporate security is vast and continues to grow. Yet we find that it is common for security leaders and their intelligence teams to feel that the sector does not deliver real value to them, or to their internal partners as they seek to fulfill their strategic goals.
Over the years we have regularly heard consistent complaints about what the market has to offer:
- It’s not actionable, which is to say that is it might be interesting, but it has no practical value to the recipient’s organisation
- It’s recycled news, and so adds nothing new to the intelligence picture
- There is too little intelligence or data, which may often be a product of the first two complaints
- It’s not timely, so is too late to be of any benefit, may well have fallen behind the news cycle and so is also not actionable
- It’s not relevant to the recipient’s job or need and so just creates work in trying to sift out useable nuggets
- Reports are unnecessarily long, and recipients just don’t have time to read them
- Receiving far too many alerts to read or digest (sometimes referred to as ‘inbox snow blindness’)
- It’s not clear what the assessment is of the relevant threat or risk, which hinders actionability
- There is low confidence in the information or analysis because of inadequate assessment of its reliability or validity
- It’s hard to read and understand quickly, usually because of wordiness, lack of plain language or excessive jargon
- The assessments are too ambiguous, either as a result of a lack of precision around the purpose of the analysis or reluctance to make a firm judgement
- The author doesn’t understand security and fails to anticipate and address the specific needs of the recipient.
Of course, these experiences are not ubiquitous, but in our experience reciting them to security leaders does tend to elicit something of a grimace, accompanied by a knowing nod. All of which is fairly damning for our sector, not least because the list of objections is entirely antithetical to what makes for good intelligence.
You are often not the primary customer
The disappointment that corporate security leaders feel about the intelligence sector is mostly attributable to a single root cause: they have been fed a diet of intelligence that were not really designed for them. This may seem surprising, given the scale of the intelligence market, but consider its traditional offerings:
- Travel risk management, which tends to occupy a large portion of the annual intelligence spend of many corporate security departments. These solutions make sense; they deliver security information at a scale that would be impossible to replicate affordably in-house. Assessments and incident data can be sent directly to the traveller, tailored to their specific itinerary. The downside is the target audience is not the risk-literate security professional, but because of the cost of the service, it ends up being appropriated by corporate security as the base of its intelligence pyramid. As a result, security teams end up inundated with large volumes of low consequence reporting and embroiled in a deluge of anxiety-inducing reactive event reporting. It is a long way from the strategically actionable output that enables them to truly partner with their businesses.
- Real-time incident reporting has become a reality in recent years, driven by advances in machine learning and automation, and in pursuit of a promise of global situational awareness. Often presented in geospatial layers that combine data about an organisation’s assets with the latest incident reporting, these services have heralded the rise of multi-million dollar command centres or GSOCs. But while these tools are powerful, they are not a panacea. They often require a substantial crew of analysts to process the output for business use, output that is fundamentally reactive to events and often beholden to the news cycle or unreliable social media output. From a corporate security and business partnering perspective, incident-driven reporting generally lacks desired strategic context and early warning and risks trapping security teams in a reactive and operationally overloaded state.
- Political risk analysis is often used by corporate security teams to address their need for more strategic coverage, at the top of the pyramid. Whether conventional political risk or country risk reporting and no matter the quality of it, we often hear it misses the mark for security decision-making. It lacks actionability, timeliness and practical focus. In its strictest sense, the target audience of political risk analysis is investment and insurance decision-making, not security. Its readership is underwriters, actuaries and brokers, risk managers, corporate financiers, government relations and compliance teams. These functions typically often have larger information budgets than corporate security, and political risk reporting is priced accordingly. It is no wonder that corporate security leaders often tell us that political risk reporting often feels like it lacks nutritional value for them, despite its often hefty price tag.
An authentic and targeted security intelligence solution
Listening to and understanding these frequently expressed frustrations led us to build an intelligence service that would meet the specific needs of security professionals. Intelligence that is only meaningful to someone else, isn’t really intelligence after all.
A team of highly skilled analysts that produces only for security professionals can craft its collection and analysis activities to their distinct roles, requirements and idiosyncrasies. It can cut through the noise, focusing on supporting the decision security leaders have to make for their businesses. And with the right methodologies and information, it can focus on actionable early warning – the highest goal of security intelligence – honing the skills and methodologies necessary to consistently provide it.
SIAS was built upon a set of six simple principles and customer expectations about security intelligence. These still define our approach. They are an unrelenting focus on client requirements, early warning, actionable assessment, analytical integrity, clarity and concision, and authentic all-source intelligence insight.
Please get in touch if you would like to hear more.