Leading from the Front It’s a relatively simple question, but do security risk professionals actually see themselves as leaders in the Boardroom? Do they have the capabilities and attributes to hand that would make them the trusted partner for the Board of Directors? Peter French searches for some answers hen The Conference Board surveyed its constituent CEO members in the States around the question: ‘What keeps you awake at night?’, the respondents duly listed their most pressing business concerns (more of which anon). In assessing the Top 5 concerns, it’s apparent many of them could be mitigated by – and, in turn, increase the profile of – the security risk professional. To gain the trust of the Boardroom, those professionals need to be interwoven with the aims and aspirations of the corporation’s structure. Any misunderstanding here means they will not be viewed as a trusted partner. So what are CEOs’ foremost concerns? For one, it appears that many corporations are not fulfilling their talent requirements. This is leading to worries that businesses cannot be innovative and that key entrepreneurial traits are perhaps being lost. Any company’s ‘speed to market’ will be decidedly impaired if it’s not able to attract top talent. People within the business remain the greatest strength – and weakness – of most corporations, potentially exposing the company to inappropriate behaviour at the most senior levels or leading to the acceptance of contracts that hold a high degree of risk. Changing direction, how might customer actions place the company’s reputation at risk? This is a single point of service delivery that security risk professionals could impact very successfully and has a dashboard visibility in the Boardroom. ‘Know Your Customer’ is the compliance mantra in the financial services
sector, for example, and is now becoming a broader term in the consumer environment. There are examples of customers using product which places the life of the end user at risk. When it comes to a branded product, it’s going to be your reputation that’s at stake. Can the corporation leverage new technologies to improve quality and contain – or otherwise drive down – costs? One challenge for security risk professionals across the next few years will be the control of Intellectual Property between increasingly dispersed employees and establishing those all-important secure environments underpinning technology transfer.
Need for knowledge retention Through the next decade, the members of Generation Z and beyond will become less reliant on the ‘secure job’ as they take up roles based on what factors appeal to them. Workers will enjoy a career lattice, not a career ladder. Across the USA and the UK, the percentage of home workers and the self-employed is growing. In tomorrow’s world, workers will be technically integrated into hubs on a remote basis, requiring the use of corporate calibrate tools such that they can function on the move, when ‘coffee shop hopping’ or wherever they feel most comfortable. It does make you wonder what we will use all of these modern corporate office blocks for in times ahead. Reputational and regulatory risk is now such a stark reality that even minor corporations presently globalising their operations through the web should be aware that the Internet sites them in many different jurisdictions. The CEO will increasingly have to think of themselves as the Chief Risk Officer operating somewhere between the caution of legal counsel and the drive of internal business entrepreneurs. The security risk professional has a big role to play in offering oversight for a portfolio of critical operations that can mitigate risks as they’re played out. This is possibly a key component for major corporations that need to have transparent operations by dint of functioning in riskier but also more profitable areas of the globe. That’s not solely because of the colossal fines handed down by regulatory authorities that most of us have never heard of, but rather increasing penetration into countries and regions where lawful business has collapsed. For the corporation and its clients, trust is indeed a basic business trait but what keeps
Risk and Security Professionals: Leadership in the Boardroom
people like Bill Simon – CEO of Wal-Mart – and Larry Page (co-founder of Google) awake at night? You would be forgiven for thinking the answer might involve very different factors, but in truth the reality fits neatly within the standardisation of subjects already outlined.
Shareholder activism and M&A In terms of shareholder activism and M&A, one can lead to the other. We’re living in the age of the mega deal but, as business history recounts, mega mergers don’t always conclude with a successful outcome. Much has to do with the alter ego of the CEO wanting to leave their mark on the business world and wishing to convince themselves – not to mention the rest of the Board – that they will ‘get it right’. Rationalisation of overheads never leads to more employment and, for some communities, the effects can be catastrophic. Set against that landscape, what’s the right path for the CEO? The security risk professional must interweave scenarios and benefits around their programmes and gain the trust of the Boardroom such that they become a ‘go to’ business manager. How can professionals in the sector manage and/or learn to manage risk? We educate. Sometimes through risk scenario exercises played out in classroom-style learning formats. There’s also on the job learning, but who experiences risk as a reality? Who has been privy to the aftermath of flooding, the loss of colleagues due to a tsunami, a volcanic eruption or an avalanche? Given that 55% of those professionals dealing with security risk at a senior level emanate from a formal background – ie the police service or the Armed Forces – they have a natural prevalence towards erring on the side of being risk averse. There’s no gain to be made from being a risk taker. Organisations are risk averse through the media and public scrutiny. Research lead by Raghavendra Rau – Sir Evelyn de Rothschild Professor of Finance at the Cambridge Judge Business School – suggests that experiencing a natural disaster at first hand during childhood has a profound impact on the strategic and tactical behaviour of individuals who become business leaders. That same research also concludes that CEOs who’ve been ‘desensitised’ to risk underestimate either the probability or costs of a disaster.
The research team studied the impact of natural disasters on leading CEOs and, remarkably, found that those who experienced a number of moderate disasters actually had a greater appetite for risk-taking than those who had experienced none at all. The CEOs were also more likely to take on more risk in response to a direct threat to the business. Those who experienced the most extreme natural disasters were found to be most risk averse. In business terms, this manifests itself in various ways. Using data from over 1,711 CEOs, these individuals were then grouped into three categories: those exposed to extremely negative effects of natural disasters during their formative years, those who experienced only ‘medium’ effects of such disasters and those who were not exposed to disasters at all. The researchers then examined the effect of CEO risk preferences on financial leverage, cash holdings, stock volatility, acquisitiveness and the CEOs’ own compensation structures. The results are striking.
Major influence on beliefs and traits Firms run by CEOs from the ‘medium’ group show a 3% higher leverage ratio than those managed by CEOs who experienced no fatal disasters. Medium exposure CEOs were also 3% more likely to announce a corporate acquisition while at the helm. Finally, medium exposure CEOs were also more likely to accept firm-specific risk within their compensation packages. Of course, most of us accept the fact that the childhood environment is a major influence on our being, beliefs and character but, looking at risk make-up, how will the recruiter delve into that background? The risk averse security professional who meets the CEO risk taker will certainly be culturally challenged if certain traits are neurologically ingrained.
Peter French MBE CPP FSyl: Managing Director of SSR Personnel
“The security risk professional must interweave scenarios and benefits around their programmes and gain the trust of the Boardroom such that they become a ‘go to’ business manager” 27 www.risk-uk.com