Chair: Professor Martin Gill
Eva Mueller – Global Human Resources Business Partner at Hilti Group (Switzerland)
Timothy B. Mhagama – Vice President, Finance at TE Connectivity Automotive (APAC) (Singapore)
Mike O’Neill – Group Managing Director at Optimal Risk (UK)
Eva Mueller notes that when there is a good partnership between HR and security, where they are each operating as compatible business enablers and then is a seamless process, then things work well and people are safer and the organisation is better protected. That said, her HR colleagues note this rarely a reality. Too often there is a silo mentality, the relationship is complicated and cumbersome, often characterised by a lack of mutual understanding, with a duplication of effort, so costs are increased and security lacks impact. This can be avoided. In reality they benefit from working with each other, but this is more important for security than HR. Security needs to work to take a seat at the high table, this is a journey HR professionals know about, they have been there and they too have had to assess their role and seek to position themselves as business enablers offering a value adding service via a good understanding of business operations. One gap is that HR don’t always understand what security brings, this needs to be addressed.
Timothy B. Mhagama, accepts that those working in Finance can both support and undermine security professionals. They support by proving funding but also by engaging with security professionals about issues that are of concern, such as a data breach which can have financial implications or a fraud threat that security can manage. But Finance is about investing and while security seeks this, it faces the challenge that it is seen as an expense, a cost, and on the wrong side of the line. Tim accepts that Finance professionals need to take time to understand security and help identify where security does add value and it has not always been good at that, nor though have security professionals, in presenting a good financial case. Interestingly, Tim notes he works for a manufacturer and Finance is not a core activity so he too has to show he adds value and is key to business strategy, the challenge rests even with established functions, not just security.
Mike O’Neill notes that there are many different types of security professional, working in different sectors, undertaking different roles and accountable to different stakeholders and each facing different types of internal relationships. Mike makes the point that security needs to present its case from an understanding of the threats faced by companies and interpret these in the ways that are important for different corporate functions. That is the basis of showing value and that is the key to forging meaningful internal relationships and also from stepping beyond the focus and tendency to see security purely in terms of costs. It is also a case of trumpeting achievements, facilitating the safe travels of staff is one thing but it means that the organisation can operate effectively and that is the important output. Mike believes that amongst his reference group about 60% of security professionals are up to this challenge but younger security professionals show great potential. Interestingly he encourages security professionals to forge links with those involved in Business Impact Analysis as they understand the costs of business interruption and metrics, and that is key.
In response to a question, panellists were invited to identify what they saw as the main barriers to effective communication between security and other functions. Eva, speaking from a viewpoint of HR, turned the question on its head and pointed to the factors that would govern a good rapport namely, mutual understanding of business operations; an alignment in goals and vision; and a commitment to stakeholder management. Tim highlighted the need for communication, there are other factors buts it stems from the ability to do this well. He admits that, from the view point of Finance, it is easier to deal with HR professionals as they have a longer tradition and a greater understanding of each other, so security has a challenge there. Mike too places an emphasis on communication; involving security early can be cost effective so it makes commercial sense. The opportunities are obvious, sometimes the barriers less so, this panel offer important insights to guide our thinking.
30th June 2022