This page contains a Flash digital edition of a book.
Convergence in the parlance of business equals savings.


Many corporations are having this discussion, across the broadest range of services. Maybe through Facilities Management specialists, outsourced probably, but trying to take out cost.


Many respondents to this year’s survey are concerned that these processes remove specialist skills where procurement does not value the key deliverable of service integrity. Vendor organisations are not accepting that they have an opportunity to be the knowledge providers. We see a strong indication that from 2016 many outsourced contracts will revert back to in-house, or at least be separated from bundled processes, with greater client management oversight. Which will send us back to the business cycle pre 2008.


smarter. But there are stark differences in the way organisations deal with events: from a recent CSO survey less than 27% have an in- house forensic capability; over 60% have an investigations function mainly through analysts and less than 11% would classify these as cyber investigators. Entry-level cyber analysts from the public sector fraud investigations or intelligence command starting salaries of £50k (€75k). Most business surveys point out that the highest risk to organisations remains the insider. In the Quocirca 2014 report 41% of organisations rate the ignorant user as the biggest risk to their business, many IT departments continue to spend the majority of their budgets on the outsider, of which most of the actual threat is from viruses that will enter through inappropriate web surfing and directed malware.


In Europe we have had a number of incidents where banking organisations’ IT spending, even those under regulatory oversight, has been very poorly invested, creating organisations that can be a danger to customers and shareholders. Fraud prevention in the physical aspect is around robust approvals, understanding geographic trends, criminal demographics and the ability to respond quickly. In a recent SSR® assignment, using analysts with standard investigations software, they identified that an organisation’s online fraud was being enacted through a very small geographical footprint. Providing timely intelligence event streamers showed an organised group was purchasing stolen credit cards from the UK and USA, but their ‘purchases’ were being completed from URL’s in Latvia and the Ukraine, stealing more than €30m.


© CI TY S ECURI TY MAGAZ INE – AUTUMN 2014


There is also a realisation that in the drive for flexibility in their cost base through employing contractors, many organisations have exposed their ‘crown jewels’ to non-employees. Certainly within most compliance regimes this practice is frowned upon. It certainly is considered, with some informed opinion, that if Snowden had been an employee he would not have been able to steal the sensitive information he did, not because he would have had more loyalty, but because at his pay grade no employees had that level of access.


In security whether it will be CSO to CISO roles or vice versa that will be merged is out with the jury at the current time, but the best chance for survival is envisaged for the individual that delivers the best business case. SSR® observing on a global basis can predict that this will be a close corporate call but certainly the non-executive board members will be a key influence.


Bonuses are rapidly returning


Good news across a number of sectors including financial sector, extractives, pharmaceuticals and logistics. Predictions are that in 2015 bonus pools will exceed those of 2008. The UK Office for National Statistics predicts that employees in the FS sector accounting for 3.8% of total workforce picked up 30% of the £40bn paid in year to April 2014, which is 10 times more than the average bonus paid across both the public and private sectors.


Are those from the public sector more risk averse than private sector colleagues?


Speaking at a recent seminar a leading CSO articulated the differences between those from public and private sectors. He reasoned that those in the public sector were subject to such media oversight and investigation that their organisations had become risk averse. Does that make them good leaders when transferring to the private sector? Whereas those graduating through from the private


www. c i t y s e cur i t yma ga z ine . com


sector, identified in the post-mortem of the banking crisis as working in compliance & audit, accepted increasing levels of risk as part of their organisation’s evolution – when many knew this was plainly wrong.


Whilst the banks are being reformed by being fined billions of dollars from quasi regulators, board room compliance will not be changed until those in charge are prosecuted. Was paying US$16bn by BoAML more helpful to market order than prosecuting senior managers at Merrill Lynch? This might help prevent the next financial bubble from bursting, probably in Asia.


Current projections for all European economies to rebuild to 2008 levels of activity by 2016 look to be promising, certainly outside the Eurozone, but we need to see confidence return, which will free up corporate budgets for investment.


If you are a survivor of the richest recession ever experienced to return to sustained growth we need a corporate mind change from cost cutting to maintain profitability, to a return to investment-led strategies for profitability. This certainly affects the corporate security function where it sits in corporations as a cost, rather than a revenue enhancing service.


Mergers and Acquisitions, limited public offerings and equity sales will reach pre-crash levels by the end of 2014 for the UK, USA and Asia exchanges. In the era of more for less those security departments that are providing services to the M&A teams, such as due diligence, are mitigating risks for the organisation that should have learned the lessons of previous excesses. Whilst most boards want a big bang purchase, many US corporations seeking cheaper tax regimes, inversion can increase ROI by 20% as they re- domicile from the US 35% corporate tax rate. It is estimated that US corporations hold in non-taxed foreign reserves 2 times the current US fiscal deficit. Yet again corporate restructuring will look at what can be cut.


Are you relevant on the Board room dashboard?


Security professionals that do not have indicators on the dashboard are irrelevant to the organisation. How can professionals just allow their function to become absorbed into a mire of functions that cannot demonstrate value? This is probably because the organisation has not had a security champion before and from a senior management prospective has a perceived lack of professionalism. The Chartered Security Professional Register has nearly 100 registrants reaching to the 4 corners of the globe.


Continued on page 13 with a European salary survey for 2014-15.


> 11


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36