strategy+business is published by PwC Strategy& Inc.
 
or, sign in with:
strategy and business
Published: February 12, 2002

 
 

Security Concerns Prominent on CEO Agenda

An exclusive survey shows CEOs are comfortable with their ability to handle threats and discontinuities, even though most anticipate adjustments to internal operations.

While United States chief executive officers are confident about the ability of their companies to continue serving customers in the U.S. and abroad, the September 11 attacks almost certainly will affect the way they operate internally.

“A new approach to corporate security, we believe, has to be internalized at the CEO level. Corporate security is now a strategic issue that no longer can be delegated.”
The findings are part of a Booz Allen Hamilton survey of Fortune 1000 CEOs conducted during the last two months of 2001. Undertaken by RoperASW, the study also found that most CEOs have heightened security concerns they expect will affect the way they operate internally.

Although awareness of security issues has risen overall, we believe that a new approach to corporate security has to be internalized at the CEO level. In an address late last year at the Cyber-Security Summit, sponsored by Booz Allen and Lucent Technologies/Bell Labs, Richard A. Clarke, chairman of the President’s Critical Infrastructure Protection Board and special advisor to the President for cyberspace security, observed that the average company spends .0025 percent of revenue on IT security — “a little bit less than what most companies spend on coffee... And if you think IT security is about the same priority for your company as coffee, don’t come complaining to me when you get hacked,” Mr. Clarke told his audience. “And you will get hacked.”

We believe corporate security is now a strategic issue that no longer can be delegated. And that is a message that needs to find a prominent spot on the CEO agenda.

Current CEO Security Priorities
Seventy-two CEOs from firms with more than $1 billion in annual revenues responded to the Booz Allen survey, which examined how the September terrorist attacks, the anthrax mailings, and their aftershocks had affected their view of security at their own firms, their organizations’ operations, and their companies’ relationships with federal and local government authorities.

“More than three-quarters of the executives interviewed express increased concern for such day-to-day activities as mail processing, travel, and protection of employees.”
The survey suggests that CEOs are paying closest attention to internal operations. More than three-quarters of the executives interviewed express increased concern for such day-to-day activities as mail processing, travel, and protection of employees. Eighty-six percent of CEOs express heightened apprehension about mail processing, and 85 percent have similar worries about travel. Risk assessment, employee morale, and protection of offices and infrastructure are also among their top concerns.

Prior to the attacks, corporate security was a midlevel concern for U.S. CEOs, averaging 6.0 on a 10-point scale. Since September 11, this level of concern has increased to 7.5. These results are consistent across industries, company size, and dependence on overseas sales. Those who don’t plan increases in corporate security — including some energy and transportation firms — report that security was already a major (7.3) concern before the raids. The CEOs with heightened concern about security expect this concern to last at least one to two years; half of this group project that this heightened concern over security will continue at least five years.

Corporate leaders are being thorough in their review of their crisis-response capabilities. Ninety percent of CEOs surveyed have reviewed their firm’s disaster-planning documents since September 11, and more than three-fourths have reviewed insurance policies to ensure adequate coverage and preparedness. For those CEOs who have not yet reviewed their insurance policies, such a review tops the list of planned changes in the next three months.

“Ninety percent of CEOs surveyed have reviewed their firm’s disaster-planning documents since September 11, and more than three-fourths have reviewed insurance policies to ensure adequate coverage and preparedness.”
Who’s in Charge of Security?
Just over half of the CEOs in the Booz Allen survey (54 percent) have a chief security officer (CSO) in place, and 90 percent of those CSOs have been in the position for more than two years. Chief information officers are more likely than other executives to have security responsibilities when there is no CSO. That’s not likely to change soon: 97 percent of firms that do not have a CSO have no plans to create this position in the immediate future.

 
 
 
Follow Us 
Facebook Twitter LinkedIn Google Plus YouTube RSS strategy+business Digital and Mobile products App Store

 

Resources

  1. “Security and Strategy in the Age of Discontinuity: A Management Framework for the Post-9/11 World,” by Ralph W. Shrader and Mike McConnell, s+b, Q1 2002; Click here. 
  2. “From New Economy to Siege Economy: Globalization, Foreign Policy, and the CEO Agenda,” by Jeffrey E. Garten, s+b, Q1 2002; Click here.
 
Close
Sign up to receive s+b newsletters and get a FREE Strategy eBook

You will initially receive up to two newsletters/week. You can unsubscribe from any newsletter by using the link found in each newsletter.

Close