Articulating your worth in the Boardroom
The SSR & Executive Profiles annual salary surveys partner with ASIS International. We undertake to review more than 12,000 security professionals – data is gathered from a number of sectors including the finance industry, manufacturing, extractives, FMCG and logistics. SSR separately monitor salary data from the service and public sectors and this is available from their bespoke salary data consultancy.
The Bank of England predicted that 2017 wages inflation in the UK would average 3.5%, including bonuses, against Retail Price Index inflation 2.5%. By mid-2017 there is higher than predicted RPI inflation above 3.5% (mainly due to currency fluctuation), and wage growth has been revised down to 2.3%. With firms feeling they cannot fully pass on costs, many are opting to manage increasing wage costs by not recruiting key roles and increasing management productivity through managing more head count. The BoE believes that unemployment can fall further than previously thought before wage inflation starts to accelerate. The fiscal prudence by many analysts has always been that with an unemployment rate of 4.5% (1.5m people unemployed), salaries and interest rates would, as in previous cycles, have to rise. This is not happening, and financial analysts now consider a 3% unemployment rate before we experience employment inflation or BoE hikes the 0.25% base rate.
With 40 years of access to relatively cheap EU labour entering the UK as countries acceded to the EU, job migrants from Bulgaria, Romania and Hungary are not providing the numbers of applicants required with higher technical skills.
With skills training for years not being a priority of successive UK governments, and the possible restriction in migrant numbers, businesses face labour shortages for the next five years. The opening of UK borders to higher skills from non-EU labour markets is essential.
Security salary review
In the UK, private sector employers were, in 2016, paying, on average salary, increases of 2.5%, against an EU average of 1.7%. Management salary increases (outside personal performance increases) averaged 3.4% in the UK.
According to the latest OECD report, real earnings in the UK have fallen by 10% since 2008, a worse decline than any other advanced country apart from Greece. Real wages – income from work adjusted for inflation in the past 10 years – grew by 23% in Poland, 13.9% in Germany and 6.4% in the USA.
For those in Enterprise Risk, the biggest skills gaps are in cyber resilience and technology applications, resulting in a candidate-driven market. Employers are reviving signing-on bonuses, averaging around £10,000, even at wage levels of £40,000. Workers are so confident in their worth that they are telling bosses that they are going on an interview and receiving a counter offer before their first interview!
Convergence – is it a matter of cost saving or skills enhancement? No boardroom conversation could start or, at least, not end on the subject of convergence with a “this will save us X GBP”. This does a great disservice to those that are opening, closing and barricading doors, against an army of risks from outside the corporation, 60% of the time predicated by the inept insider.
In the profession of security, there is a vying, in some organisations, between the information and physical aspects of the function. In the SSR Future Strategies 2020 project, there was a clear delineation of roles and an understanding that in the main, Executive Boards had, in some organisations, a paradox as to who had that strategic function and budget. According to the majority of respondents, the physical executives, speaking the language of the business, could articulate visually the threats to the C-Suite that they could resonate with. Organisations that lacked that continuity, or perhaps did not have a significant security leader, have filled the gap with third-party vendors. Contracts let to Information Security vendors in 2016 were worth approximately USD 10bn, with Government a major purchaser. Predicted growth for this market on current trends is USD 33bn by 2025. Security is an important lead in business operations, a profit protector, a risk leader, enabler and partner to the enterprise.
In addition to the ever changing issues around governance and compliance, organisations are falling victim to increasingly sophisticated threat campaigns. With the EU GDPR deadline May 2018, it’s a balancing act for security leadership of today to protect and manage vulnerability whilst under unprecedented scrutiny to overcome regulation; what systems to use; what resource to allocate without detriment or burden to the other.
Security of information
While digital transformation fuels the focus for corporate investment, security of information is evolving faster than ever before. The Millennial and Alpha workforce are / will be more tech-savvy. New and disruptive technologies will reach a maturity not seen to date, and the rapid growth in vendor use may also add to your vulnerabilities. In the 2017 City of London Police crime report, cybercrime is estimated to cost the UK £190bn; the UK Government is spending £1.9bn per annum to support the national cyber security strategy until 2021. Yet the Public Accounts Committee states that “the UK is ranked below Brazil, China and South Africa when it comes to keeping our phones and computers safe”. Police forces have stopped investigating crimes where the perpetrators are still at primary school.
The Global Chief Security Officer tends to have a relatively short reporting line – sometimes direct – into the senior echelon (President/SVP level) of the business, coupled with very close relationships with regional security heads. It is this relationship that sets the tone of risk management, be that compliance, regulatory or security. It is evident that the increasing regulatory requirements of the past six years have caused the shift into the Risk function, with many companies taking a more holistic view of risk. This strongly features cyber: cyber dependence v cyber vulnerability.
There is a cycle in the life of every corporation: increased M&A activities, activist shareholders seeking increasing dividends, technology paralysis and lack of talent will all have an impact on the security posture – centralist or regionally divided – but whatever the stage in that corporate cycle, security risk managers will remain in high demand.
Peter French, MBE, CPP, FSyl