Ahead of a book out in a few months, Mike Blyth considers education in the security sector.
It is estimated that the annual risk consulting and security management market could be valued at over £150 billion by 2010, fuelled by rapid business intelligence needs and the growth of physical security service requirements which enable government and commercial activities to occur, especially in remote, volatile and commercially challenging environments. The United Kingdom and United States is estimated to account for over 70 per cent of the world’s private security needs, with many factors contributing to the dramatic industry growth, including the end of the cold war decentralising common risks and releasing previously constrained threats into a global arena, increasingly complex intrastate conflicts, trans-national and domestic terrorism, as well as ever present and evolving organised and opportunistic crime.
The genre security services spans a spectrum of industry sectors, from the more management orientated services such as risk consulting, investigations, due diligence, project operations, cyber security, intelligence and business facilitation – to the harder edge and more practical services such as close protection, cash in transit, critical infrastructure and event protection. As the globalization of threats becomes more complex, the risk consulting and security management industry is evolving beyond corporations entrusting security to the divisions of health and safety or human resources, with companies gaining a more thorough appreciation of the value of risk mitigation and the need for specialised expertise – leveraging the security industry to offset liability, reputation and operating costs to a corporation or business venture. The importance of effective risk management as an enabler to business continuity was starkly reflected after the World Trade Centre attack, where 350 US businesses went bankrupt, largely due to many of the companies having no crisis management plans in place – the resulting risk impacts significantly undermining business continuity.
Stand alone divisions
As a result, major corporations now are developing stand alone security divisions to deal with the increasingly complex and challenging threats faced from globalisation, perceiving risk consultants and security managers as business enablers, rather than as cost centres. In addition, groups such as the International Organisation for Standardization (ISO) and standards bodies such as the British Institution of Standards (BSI) are developing programmes to formalise business continuity (BS 25999) and security policies and plans (ISI/IEC 27001), reflecting a requirement to mature and formalise the industry. Commercial leadership are also increasingly realising that "no organisation would go into business without significant insurance coverage, yet far too few organisations have systematic and integrated programmes in Crisis Management" (Mitroff and Person), and the industry is evolving and maturing in both the government and commercially sectors as a result.
Historically, security was largely regarded as a guard in the lobby of an office block, whereas within today’s volatile and dynamic business environment, with fluid risk making companies vulnerable to a wider gambit of threats, risk management is now being perceived as a way to do business better, and save program costs through the alignment of risk against business goals, through risk mapping and sound contingency planning. This mindset change better supports businesses seeking new market entry, as well as sustaining operations under changing risk conditions, reducing business interruption and supporting business continuity. As a result, risk and security managers are increasingly being integrated into corporate decision making groups as convergence takes places, resulting in better decision making from the outset of a business opportunity, as well as throughout the lifespan of a project.
Not surprisingly, this elevation of security industry responsibilities, remit and status requires increasingly refined and holistically orientated security professionals.
While the value of security services is now better understood, the preparation of those entering (or operating within) the industry is still heavily reliant upon a military, intelligence or law enforcement professional grounding, or from those lessons learned while undertaking a management or advisory appointment within the commercial sector. While service leavers generally have a solid grounding in many of the principles of risk and security management, there is very little in the way of transitional awareness, nor the appreciation of the unique principles of commercial application. Government sector risk tolerances and perceptions are also very different from the commercial sector, and many companies are exposed to unnecessary risks by neither structuring nor defining their contingency and crisis management approach. Too few companies require, support or provide education and standards for those responsible for developing risk management policies, and implementing resulting security procedures within the corporation – although this trend is changing.
Within today’s market the well grounded security professional will understand the principles of convergence, helping their company bring together multi-faceted resources that enable the organisation to leverage organic and external capabilities, reducing operating costs and increasing overall organisational performance. Commercially attuned security professionals will also understand the tenants of business continuity, being able to identify and avoid risks, as well as develop policies and plans which allow an operation to function during a crisis, or to recover most effectively following a catastrophic event. To be successful within this evolving and maturing field, security professionals must also be able to understand the holistic nature of risk, and how both tangible and intangible risk impacts can result in ripple effects which move throughout an organisation from an initial event, affecting liability, reputation, corporate confidence, employee welfare and business activities. Security professionals are increasingly integrated as part of business and project teams, supporting business leaders in developing an environment in which a pursuit may occur, as well as supporting program design within a risk context.
Increasingly security professionals are becoming a facilitator or catalyst for business success; an important cornerstone for corporate planning and decision making. While the professional development gained from government employment is undoubtedly useful in preparing the next generation of security professionals for the commercial sector, academic courses; from diplomas to PhDs, as well as industry orientated development programmes are of significant value. Postgraduate courses such as those run by Loughborough, Leicester and Cranfield offer invaluable insights into the wider issues associated with the risk management field, from a corporate to program level, providing a broader understanding of the industry, while concurrently providing credibility and an academic reference point to those seeking to persuade and advise industry leadership – from the CEO down to a project manager.
With the elevation in status and remit security professionals increasingly need proven methodologies to demonstrate an evidenced system or reference point to support their rationale, and academic courses such as those run by the Director of the Security Management Postgraduate Programme (Tom Mulhall) of Loughborough University’s CHaRM provide an excellent foundation for accredited knowledge and capability. In addition, vocational training and accreditation, such as that mentored by Parson’s Corporate Security Director (Glenn McLea, CPP) for the ASIS Board Certified Protection Professional programme also supports the growing maturity and growth of a diverse, complex and interesting commercial field.
Security education, whether academic or vocational, provides the basis for expanding and refining knowledge and experience gained outside of the commercial sector, providing an invaluable vehicle for security professionals seeking growth and advancement within the industry. Education also provides the instrument by which companies and their executive leadership can be empowered to pursue and sustain business, developing effective and pragmatic policies and plans to safeguard them from today’s complex and evolving global threats.
About the author, briefly: Mike Blyth, a former Royal Marine and Control Risks consultant, is author of Risk and Security Management: Protecting People and Sites. Worldwide release by publishers Wiley: ISBN: 978-0-470-37305-7 from August 2008.
