What’s Wrong with Security Intelligence Today?

In the fifteen years that I have worked with corporate security leaders, I have observed dramatic changes in their relationship with their organisations. When I started out, the head of security was typically the sole in-house representative of the craft, attempting to influence the board to think defensively about risks to people and assets, but very often pushing against the tide.

Today, CSOs wield genuine strategic influence. They position corporate security as a dynamic business enabler, identifying and opening opportunities that would otherwise be unseen or considered too high risk to pursue.

Intelligence has become a vital tool for corporate security in its evolution to becoming an active contributor to both business performance and good governance. The modern corporate security department is very likely to now include in-house and outsourced intelligence resources, tasked with providing analysis, assessments and forecasts to guide decision-making and planning across the enterprise.

A developed intelligence picture can guide senior management through complex and changing circumstances, illuminating pathways and anticipating risks. For corporate security, relevant, timely and actionable intelligence is a highly bankable currency that can cement its role as a true business partner, able to help form and drive strategy.

But as critical business decisions are increasingly framed by intelligence, it is essential that the quality and reliability of assessments are consistently upheld. The pressure is on the intelligence providers to deliver the goods.

Where intelligence vendors fall short

Most corporate intelligence is produced in partnership with external providers. For those organisations fortunate enough to have in-house intelligence analysts, they will be responsible for honing assessments to the specific requirements of the business, based upon their specialist and superior knowledge of its needs. External partners are typically responsible for collection and processing, as well as bridging their customers’ analytical gaps.

The market for external intelligence services for corporate security is vast and continues to grow. Yet we find that it is common for security leaders and their intelligence teams to feel that the sector does not deliver real value to them, or to their internal partners as they seek to fulfill their strategic goals.

Over the years we have regularly heard consistent complaints about what the market has to offer:

It’s not actionable, which is to say that is it might be interesting, but it has no practical value to the recipient’s organisation
It’s recycled news, and so adds nothing new to the intelligence picture
There is too little intelligence or data, which may often be a product of the first two complaints
It’s not timely, so is too late to be of any benefit, may well have fallen behind the news cycle and so is also not actionable
It’s not relevant to the recipient’s job or need and so just creates work in trying to sift out useable nuggets
Reports are unnecessarily long, and recipients just don’t have time to read them
Receiving far too many alerts to read or digest (sometimes referred to as ‘inbox snow blindness’)
It’s not clear what the assessment is of the relevant threat or risk, which hinders actionability
There is low confidence in the information or analysis because of inadequate assessment of its reliability or validity
It’s hard to read and understand quickly, usually because of wordiness, lack of plain language or excessive jargon
The assessments are too ambiguous, either as a result of a lack of precision around the purpose of the analysis or reluctance to make a firm judgement
The author doesn’t understand security and fails to anticipate and address the specific needs of the recipient.

Of course, these experiences are not ubiquitous, but in our experience reciting them to security leaders does tend to elicit something of a grimace, accompanied by a knowing nod. All of which is fairly damning for our sector, not least because the list of objections is entirely antithetical to what makes for good intelligence.

You are often not the primary customer

The disappointment that corporate security leaders feel about the intelligence sector is mostly attributable to a single root cause: they have been fed a diet of intelligence that were not really designed for them. This may seem surprising, given the scale of the intelligence market, but consider its traditional offerings:

Travel risk management, which tends to occupy a large portion of the annual intelligence spend of many corporate security departments. These solutions make sense; they deliver security information at a scale that would be impossible to replicate affordably in-house. Assessments and incident data can be sent directly to the traveller, tailored to their specific itinerary. The downside is the target audience is not the risk-literate security professional, but because of the cost of the service, it ends up being appropriated by corporate security as the base of its intelligence pyramid. As a result, security teams end up inundated with large volumes of low consequence reporting and embroiled in a deluge of anxiety-inducing reactive event reporting. It is a long way from the strategically actionable output that enables them to truly partner with their businesses.
Real-time incident reporting has become a reality in recent years, driven by advances in machine learning and automation, and in pursuit of a promise of global situational awareness. Often presented in geospatial layers that combine data about an organisation’s assets with the latest incident reporting, these services have heralded the rise of multi-million dollar command centres or GSOCs. But while these tools are powerful, they are not a panacea. They often require a substantial crew of analysts to process the output for business use, output that is fundamentally reactive to events and often beholden to the news cycle or unreliable social media output. From a corporate security and business partnering perspective, incident-driven reporting generally lacks desired strategic context and early warning and risks trapping security teams in a reactive and operationally overloaded state.
Political risk analysis is often used by corporate security teams to address their need for more strategic coverage, at the top of the pyramid. Whether conventional political risk or country risk reporting and no matter the quality of it, we often hear it misses the mark for security decision-making. It lacks actionability, timeliness and practical focus. In its strictest sense, the target audience of political risk analysis is investment and insurance decision-making, not security. Its readership is underwriters, actuaries and brokers, risk managers, corporate financiers, government relations and compliance teams. These functions typically often have larger information budgets than corporate security, and political risk reporting is priced accordingly. It is no wonder that corporate security leaders often tell us that political risk reporting often feels like it lacks nutritional value for them, despite its often hefty price tag.

An authentic and targeted security intelligence solution

Listening to and understanding these frequently expressed frustrations led us to build an intelligence service that would meet the specific needs of security professionals. Intelligence that is only meaningful to someone else, isn’t really intelligence after all.

A team of highly skilled analysts that produces only for security professionals can craft its collection and analysis activities to their distinct roles, requirements and idiosyncrasies. It can cut through the noise, focusing on supporting the decision security leaders have to make for their businesses. And with the right methodologies and information, it can focus on actionable early warning – the highest goal of security intelligence – honing the skills and methodologies necessary to consistently provide it.

SIAS was built upon a set of six simple principles and customer expectations about security intelligence. These still define our approach. They are an unrelenting focus on client requirements, early warning, actionable assessment, analytical integrity, clarity and concision, and authentic all-source intelligence insight.

Please get in touch if you would like to hear more.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_1D3J10QGCV	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
BrowserId	1 year	This cookie is used for registering a unique ID that identifies the type of browser. It helps in identifying the visitor device on their revisit.
iutk	5 months 27 days	This cookie is used by Issuu analytic system to gather information regarding visitor activity on Issuu products.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.

Cookie	Duration	Description
__qca	never	The __qca cookie is associated with Quantcast. This anonymous data helps us to better understand users' needs and customize the website accordingly.
mc	1 year 1 month	Quantserve sets the mc cookie to anonymously track user behaviour on the website.

Cookie	Duration	Description
_dc_gtm_UA-44215426-3	1 minute	No description
BrowserId_sec	1 year	No description available.
CookieConsentPolicy	1 year	No description
lpv932963	30 minutes	No description
LSKey-c$CookieConsentPolicy	1 year	No description
pi_opt_in932963	10 years	No description
visitor_id135291	10 years	No description
visitor_id135291-hash	10 years	No description
visitor_id932963	10 years	No description
visitor_id932963-hash	10 years	No description

Intelligence matters – What’s wrong with security intelligence today?

Where intelligence vendors fall short

You are often not the primary customer

An authentic and targeted security intelligence solution

QUICK LINKS

ACCREDITATIONS & AWARDS

KEEP UPDATED