- Upgrade to Microsoft Office Pro and Windows 11 Pro with this bundle for 87% off
- Get 3 months of Xbox Game Pass Ultimate for 28% off
- Buy a Microsoft Project Pro or Microsoft Visio Pro license for just $18 with this deal
- How I optimized the cheapest 98-inch TV available to look and sound incredible (and it's $1,000 off)
- The best blood pressure watches of 2024
The evolution of the corporate security mission
When we started in corporate security, the emphasis in mission statements was on the protection of tangible assets, specifically people and property. As such, physical security strategies tended to focus on perimeter security measures and infrastructure, a guarding operation, CCTV coverage, access control systems, intruder alarms and the accompanying SOPs and standards that govern how all of these measures and programs are implemented and maintained. Often accompanying the mission is an “in order to” statement explaining the purpose and importance of protecting the organization’s assets. Typically, it is to enable the organization to conduct and advance its business operations. In today’s business environment, we believe that in order to protect the totality of an organization and enable advancement of its business success, physical security team mission statements should include the protection of intangible assets, including culture.
The importance of protecting company culture is becoming more apparent. RJ Scaringe, Founder and CEO of Rivian, said “The strength of the organization we build, the culture we build together, that’s the only real long-term sustainable competitive advantage.”
Successful Founders, CEOs and the C-suite rely heavily on company culture to advance their business — they know that a successful culture acts as a catalyst for attracting the best talent in the industry. Organizations are keen to show off their thoughtful values and successful culture on the career pages of their websites in the hopes of attracting the brightest and best talent, knowing they have a choice of what company they wish to work for. However, company culture is fragile and may be irreversibly impacted or destroyed altogether by a negative event. The consequences of an incident (such as negative media coverage) could put the best candidates off from applying and may be a driver for employees to leave the company — employee churn erodes at an organization’s competitive advantage.
We have found that employees don’t immediately think of a strong safety and security program as being part of a company’s culture or a retention factor for them. However, it quickly becomes a primary factor when employees are impacted negatively by an incident. When an incident becomes a company or media headline, employees en masse will consider whether their safety and security is a priority for their employer. If it is assessed that it is not, it might influence their decision to go to a competitor that prioritizes employee safety and security by embedding it into their culture.
Company culture is more than just fun employee events, generous perks, flexible work arrangements and free food. Company culture is built on trust between employers and employees. That trust is embedded into the day-to-day lives of employers and employees in many different ways, but it is all built on the principle of everyone trusting one another to do the right thing, at the right time. Providing a safe and secure work environment is not just a legal requirement, it is the right thing to do.
Employees frequently cite culture as a key reason for joining and staying with a company. By embedding safety and security into company culture, the platform is there to grow employee participation in security programs, such as emergency preparedness. We regularly benchmark with other security leaders who share their challenges with getting employees to say something when they see something out of the ordinary, and willingly participate in emergency preparedness drills. We have all seen the frustration on employee’s faces (including the executives) when their day is interrupted by a fire drill (even a scheduled one). Pre-drill communications should emphasize that the purpose of fire drills is not solely driven by adherence to fire code. Rather, the purpose of fire drills is multi-faceted, including maintaining the integrity of the company’s culture. Successful emergency preparedness relies heavily on positive messaging that resonates with employees. It is particularly effective when it comes from the executives. Rather than showing frustration at drills and preparedness exercises, executives can lead by example by participating fully, and communicating to their teams that preserving company culture, and thus the competitive advantage, is supported by employees taking as much responsibility as possible for their own safety and security; this includes active and willing participation in emergency preparedness programs. Emergency and business continuity planning should consider how company culture fits into the planning, preparation, response and recovery phases. When conducting a business impact analysis (BIA), we recommend including company culture as a critical business function, or at least as part of an Internal Communications critical business function. Should an incident occur, a resilient and positive culture significantly improves the company’s survivability, pulls employees together in times of adversity and enables them to bounce back quickly, and with more strength than they had pre-incident.
Applying creativity and collaborating cross-functionally helps determine ways to protect company culture. One method of embedding security into a company’s culture is by introducing their security leaders early in the employees’ tenure, such as during new hire orientation. This allows the opportunity for a connection to be established between employees and the security team and for an open discussion of expectations and security best practices. The early development of this connection will ultimately pave the way for the open lines of communication that are so critical in the identification and mitigation of safety and security risks. Further, it helps contribute to the “one team” mentality, and immediately signals to the employees that the company prioritizes their safety and wants them to be owners in the safety and security process. Security leaders can work with internal communications, marketing teams and human resources to create engaging and memorable messaging campaigns leveraging company brands, logos and mascots to help build an enduring company culture while communicating that responsibility to protect that culture lies with all employees. Additionally, partnering with HR can give security leaders access to employee survey results and exit interview data that measures sentiment towards the company’s culture, which can be used to create new and innovative ways to protect it.
Executed correctly, the protection of company culture not only preserves competitive advantage, but can advance the business through upside risk taking. By integrating high benchmarks for employee-involved/facing security programs into company culture (such as access control, security messaging, emergency preparedness and incident reporting), security leaders will raise employee situational awareness and resilience. This could significantly increase the likelihood that 1) security-related incidents are reported quickly, and 2) employees will react to incidents in a way that minimizes the impact and returns the company to normal business operations in the shortest time possible.
More so than ever before, employers are being held accountable by their employees to provide a safe work environment. Company culture is at stake if leaders fail to recognize and act on the signs and symptoms that a security threat may be materializing in their place of work. Company culture is a critical component of maintaining competitive advantage, and therefore it is essential that physical security mission statements include it if they are to protect the totality of the company and its assets.