‘The role of security in influencing the budget’ is the latest report from the Security Research Initiative, whereby the consultancy Perpetuity Research regularly produces findings on matters of security industry importance, physical and cyber.
The aim of the 2022 study was to explore how much security managers are able to influence the security budget, whether and why this matters, and how security managers can gain greater influence. Like past years’ SRI reports, it is based on the views of security professionals from in-house and contract positions (mainly those in a ‘security manager/director’ type role), collected via an online
survey and some in-depth interviews. You can download copy of the report from https://perpetuityresearch.com/category/publications/security-research-initiative/.
As for some of the findings in brief:
Most, 76 per cent agreed that being able to influence the budget is key to delivering good security. Influence over the budget was considered important for several reasons including: giving status to security in discussions with other departments enabling security advice and proposals to commonly be listened to; and being able to direct the allocation of resources using relevant expertise.
A lack of influence meant that security managers could not purchase basic and essential resources; or plan effectively; and resulted in security decisions being made by non-security people. About half, 51pc of respondents in a security management role had a high level of influence on the budget; 10 per cent described themselves as ‘not involved’. And about half, 46pc of security managers-directors thought that their budget was ‘insufficient’ (42pc thought it was ‘sufficient’). Those with the highest levels of influence over the budget were the least likely to view it to be insufficient.
Reasons for the budget being considered less than required included: the budget allocated did not reflect the risks faced; and did not cover key areas such as training, travel, basic equipment, contingencies; teams were under-staffed; rising costs were not covered; and Security was being asked to provide more for less.
The chances of being allocated an appropriate budget was improved if: the security function was seen as core to business (86pc agreed); an organisation understands its security threats and risks (85pc agreed); the security team has a high status (83pc agreed). Research participants highlighted a number of ways in which security managers can become influential, for example: relating security spend to reducing business risks and improving operations; highlighting the dangers and risks in not meeting objectives; ensuring the risk owner understands and accepts the implications or risks; using data and ensuring arguments are evidence based; and by linking physical security spend to cyber security (where this is viewed as a greater priority attracting a bigger budget).
Overall, the authors suggest, this work underlines the importance to security professionals in being able to influence the budget, and the barriers in being able to do so effectively.
Professor Martin Gill who led the research said: “Based on our sample, it is striking that so many security managers do not have the desired level of influence over the security budget, and that so many consider their current budget to be inadequate, especially given that having influence was widely considered to be key to delivering good security. In the current climate of economic uncertainty, recruitment challenges, cost of living increases, and budget cuts, the advice offered by our sample should be heeded.’
About the Security Research Initiative
SRI is sponsored by the security sector (buyers and suppliers) and involves an annual study. The reports are made available for free to provide a more informed information base about the workings of the security sector. Visit https://perpetuityresearch.com/security-researchinitiative/. The initiative is supported by the security associations ADS, the UK chapter of ASIS International, BSIA, IFPO UK, IPSA, Security Institute and from the information security world The SASIG.
The SRI members that sponsored this piece of research were Axis Communications, Interr, Bidvest Noonan, Mitie, M&S, OCS< PwC, the Security Industry Authority, and Sodexo.
