november 2023
2023 security BENCHMARK REPORT
By Madeline Lauver, Editor in Chief
main Report
Security Roles & Responsibilities
benchmark report NAVIGATION MENU
The Security Benchmark Report participants were asked where their security function reports to or resides within. The majority of security teams responding to this year’s Security Benchmark Report report to or reside within Human Resources, followed closely by Chief Risk or Legal Officer / Risk / Legal / General Counsel. Respondents who selected Other report into Public Affairs, Customer Service and the Chief Supply Chain Officer, among others. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report respondents were asked about their top issues & concerns in 2023 and 2024 in regards to risk mitigation and enterprise security. The top 10 answers appear above in order. Workplace violence has been ranked as the top concern by respondents since 2021. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report respondents were asked to report in which geographic areas their security organization provides risk and security services within their enterprise. Respondents chose as many geographic areas as applicable. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report respondents were asked to choose the level or title of their senior-most security executive within their enterprise. The choices, which are not exhaustive, are meant to generally group titles for comparison and include: C-Level Executive, Director, Senior Director, Senior Manager, Vice President / General Manager or Not Applicable (N/A). Respondents reported the Vice President / General Manager title as their senior-most security executive role at a higher rate than the previous year, increasing from 24% in 2022. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report participants were given a list of 36 roles and responsibilities that may fall under the security function at an organization and were asked for the level of responsibility the team has over that role within their enterprise. The above are the 15 most common job responsibilities that the security function owns, leads or manages, according to respondents. For this survey, owning or leading the responsibility means security both manages and funds the program, while managing means security manages the program, but another group funds it. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report respondents were asked if their security organization is Centralized, Decentralized or Regional. The majority of respondents reported their security organization as being Centralized. For this survey’s purpose, the distinction between Decentralized and Regional security is that some Regional security programs may behave in a Centralized manner for their determined region, while Decentralized generally means there may be security organizations in multiple locations within an enterprise functioning independently from one another. Those respondents choosing Other reported a mix of partially Centralized and partially Decentralized structures. SOURCE: The Security Benchmark Report, November 2023
Organizational Responsibilities: Security Roles & Functions
Respondents report on the responsibilities of their security programs, as well as the level of involvement they have in each role.
Function | Own / Lead | Manage | Support | Not Involved / |
|---|---|---|---|---|
Aligning security with the business | 76% | 16% | 7% | 1% |
Asset protection / facilities protection | 70% | 21% | 10% | 0% |
Brand protection / intellectual property / product protection / counterfeiting / fraud protection | 15% | 18% | 53% | 14% |
Business resilience / business continuity / emergency management / disaster recovery | 47% | 14% | 34% | 5% |
Business expansion support | 8% | 11% | 67% | 15% |
Civil unrest / targeted protests | 75% | 12% | 9% | 4% |
COVID-19 response | 25% | 18% | 52% | 4% |
Corporate aviation security | 14% | 5% | 27% | 53% |
Cybersecurity / information technology security / data protection | 8% | 4% | 64% | 24% |
Drug & alcohol testing / background checks / other pre-employment screening | 14% | 12% | 36% | 38% |
Duty of care / traveler protection & support / executive protection | 58% | 11% | 16% | 15% |
Emergency notification | 58% | 14% | 24% | 4% |
Emergency response and planning | 53% | 17% | 30% | 0% |
Event security | 67% | 20% | 8% | 5% |
Hate crimes / terrorism / extremism | 66% | 12% | 13% | 9% |
Health and safety | 21% | 9% | 50% | 20% |
International workforce protection and support | 32% | 10% | 20% | 38% |
Investigations | 64% | 18% | 16% | 2% |
Liaison with public-sector law enforcement agencies | 82% | 9% | 4% | 3% |
Loss prevention / goods protection | 60% | 14% | 16% | 10% |
Mergers & acquisitions (M&A) / business or site expansion / contraction planning & support | 4% | 2% | 58% | 36% |
Parking & transportation security | 40% | 12% | 25% | 24% |
Regulatory compliance / controls assurance, verification & validation | 16% | 20% | 54% | 11% |
Risk & threat assessments / risk management planning / enterprise risk management | 51% | 23% | 24% | 2% |
Security as a competitive advantage | 45% | 15% | 16% | 24% |
Security audits / surveys / assessments | 79% | 14% | 2% | 4% |
Security contract management: Guards / technology integrators / contract employees | 65% | 16% | 9% | 11% |
Security operations center (SOC) management | 73% | 4% | 2% | 20% |
Security staff development & training | 83% | 9% | 5% | 3% |
Security strategy | 90% | 9% | 2% | 0% |
Security technology & integration | 71% | 16% | 10% | 3% |
Social media threat monitoring | 37% | 15% | 36% | 11% |
Supply chain / logistics / distribution security | 22% | 8% | 47% | 24% |
Vendor and channel partner vetting | 14% | 12% | 41% | 33% |
Weather / natural disasters | 41% | 16% | 38% | 5% |
Workplace violence / threat management / active shooter prevention | 83% | 9% | 6% | 2% |
The Security Benchmark Report respondents were asked to report on the security team’s roles and responsibilities within their organization. This year, we asked security leaders for the level of responsibility for each function within their organization with the following choices: Own / Lead Function: Security manages and funds the program; Manage: Security manages the program but another group funds it; Support: Security sets policy, consults on the program (or represents physical security perspective) but does not manage or fund the program; Not Involved: Company has the program but security is not involved in it; Do Not Have; Do Not Know. We have combined Not Involved / Do Not Have / Do Not Know responses for the purposes of this chart. SOURCE: The Security Benchmark Report, November 2023
In order to participate in The Security Benchmark Report, respondents must be responsible, at least in part, for physical security within their organization. We asked survey respondents for more insight into the ever-evolving and changing roles of security, including whether their program is responsible for both physical security and health & safety, as well as physical security and cybersecurity. This year’s statistics represent decreases compared to 2022, when 22% of security departments reported being responsible for cybersecurity and 56% reported responsibility for health and safety as well as physical security. SOURCE: The Security Benchmark Report, November 2023
Feodora Chiosea / iStock / Getty Images Plus via Getty Images
benchmark report NAVIGATION MENU