Are cyber and corporate security departments collaborating more? If so, what does it look like?

by Brianna Crandall — October 19, 2020 — A Security Barometer poll conducted by the Security Executive Council (SEC), a US-based research and advisory firm, finds that corporate security and cybersecurity functions have interacted and cooperated more in the last 12 months than in previous years.

The survey, conducted in collaboration with SEC strategic alliance partner ISC2, identified emerging issues of joint interest as the most frequent drivers for the increase.

Comments from participants showed that many security leaders now view cooperation between functions as critical to organizational success and even survival. However, it doesn’t necessarily entail a structural convergence of the two functions.

Greg Kane, senior analyst of the Security Leadership Research Institute, the research arm of the SEC, stated:

It is important for security leaders to realize that interaction and cooperation between corporate and cyber security does not require them to exist in the same reporting structure or report to the same person. A cross-functional committee may produce a more effective solution for the business.

(For more information about this solution, see SEC’s Making the Case for an Operational Risk Leadership Advisory Council.)

Bob Hayes, managing director of the Security Executive Council, pointed out:

Most people look at convergence of cyber and corporate security as an organizational structure issue, but the bottom line is, we are all talking about malicious intent, whether it’s delivered in person or digitally. Convergence isn’t about organizational structure. It’s about aligning risk and strategy, collective knowledge and skills, and optimizing and coordinating the identification, intervention, response, and remediation of risk.

For the full results of the survey and extensive comments from participants, see the Security Barometer Results: Do Cyber and Corporate Security Work Together in Your Organization? page on the SEC website.

For more SEC resources on managing enterprise-wide risk, see the firm’s Risk-Based Security: Board Level Risk/Enterprise Risk Management (ERM) webpage.

The Security Executive Council is a research and advisory firm focused on corporate security risk mitigation strategies and plans. SEC works with security leaders to transform security programs into more capable and valued centers of excellence.