THE SECURITY Research Initiative (SRI) has just published its latest report. Entitled ‘The Role of Security in Influencing the Budget’, the aim of this latest research study – sponsored by Axis Communications, Bidvest Noonan, interr, M&S, Mitie, OCS, PricewaterhouseCoopers, the Security Industry Authority and Sodexo – was to explore the extent to which security managers are able to influence the security budget, whether (and why) this matters and how greater influence can be attained.
Results are based on the views of security professionals from both in-house and contract positions (predominantly those currently in a ‘security manager/director’-type role), collected via an online survey in addition to in-depth interviews.
The survey outcomes make for particularly interesting reading. 76% of those security professionals surveyed agreed that being able to influence the budget is key to delivering good security. Influence over the budget was considered important for several reasons. It’s deemed to afford status to security in discussions with other departments, in turn enabling security advice and proposals to commonly be listened to, while also helping to direct the allocation of resources using relevant expertise.
A lack of influence here means that security managers cannot purchase basic and essential resources or plan effectively, duly resulting in security decisions being made by non-security experts.
Levels of influence
Some 51% of respondents in a current security management role had a high level of influence on the budget. 10% were ‘not involved’. 46% of security managers/directors thought that their current budget was ‘insufficient’ (42% thought it was ‘sufficient’). Unsurprisingly, those with the highest levels of influence over the budget were the least likely to view it to be insufficient.
Reasons for the budget being considered less than required included the belief that the budget allocated did not reflect the risks faced and didn’t cover key areas such as training, travel, basic equipment and contingencies. Teams were understaffed, rising costs are not covered and it’s often a case of being asked to provide more for less.
The chances of being allocated an appropriate budget were improved if the security function was seen as being core to business (86% of respondents agreed on this assertion), an organisation understands its security threats and risks (85% agreed) and/or the security team has a high status (83% agreed).
Research participants highlighted a number of ways in which security managers can become influential. For example, they can relate security spend to reducing business risks and improving operations, highlight the dangers and risks in not meeting objectives, ensure the risk owner understands and accepts the implications/risks and use data to underpin the fact that arguments are evidence-based. Further, they can link physical security spend to cyber security (where the latter is is viewed as a greater priority, thereby attracting a bigger budget).
Overall, this latest SRI research underlines the importance of security professionals being able to influence the budget, so too the barriers to them being able to do so effectively.