Security gets a seat in the boardroom


In a growing number of boardrooms nationwide, corporations are making room at the table for a once-obscure executive: the corporate security officer.

At many high-profile companies, the title predates the Sept. 11 terrorist attacks in Washington and New York. But it's one that is receiving more attention and clout as businesses increase their spending on safety and security in an effort to satisfy new government regulations, reassure employees and reduce potential liability.

"I think Sept. 11 was a horrible attack on the U.S., but it served as a wake-up call that was probably needed," said Mark Gerencser, a partner with consulting firm Booz Allen Hamilton, which recently launched a new practice focused on strategic security. "What's changed now is the CEOs are more attuned to security."

As did a lot of consulting firms, Booz Allen experienced a flood of inquiries from companies looking to evaluate their security risks after Sept. 11. The level of interest faded along with media attention late last fall, but is starting to pick up again as companies study ways to incorporate security into their strategic planning.

The trend has placed a premium on law enforcement expertise as security consulting firms and deep-pocketed companies compete for top talent. Their favorite targets are high-powered experts from an alphabet soup of three-lettered government agencies, where salaries usually don't measure up to the largess of the private sector.

Salaries at top companies reach well into the six figures and are rising, industry analysts said, making recruitment and staff retention difficult for federal agencies trying to increase their ranks in response to the new terrorist threat.

"I think there are quite a few people who actually are leaving government in order to assist in the private security sector," said Michael Brave, who this month left his post as chief of the intelligence and investigative operations unit for the Department of Justice to take a job with API Services Inc., an international consulting firm. "Demand for expertise in these areas has increased dramatically since Sept. 11."

The Federal Bureau of Investigation hasn't kept track of how many of its agents have left for the private sector since Sept. 11. But a spokeswoman said it's not uncommon for agents near retirement age to be recruited for high-paying corporate jobs.

"The name [FBI] carries a lot of weight and there's the prestige of it all," said FBI spokeswoman Angela Bell.

Arlington, Va.-based US Airways looked to government sources when it recruited Donald Mancuso, a former inspector general for the Department of Defense, to replace its previous director of corporate security. The airline brought the 25-year federal law enforcement official out of retirement this month to oversee its security programs and coordinate with government agencies battling terrorism.

Mancuso is more than just a hired sleuth. Top executives meet with him throughout the day and consider him a key member of the staff. Though airlines have always employed security experts, the industry as a whole has stepped up its efforts and is working harder to coordinate with law enforcement officials, US Airways officials said.

"It is a heightened focus in light of the events everyone is confronting now," said Lawrence M. Nagin, US Airways' executive vice president of corporate affairs and general counsel.

Other companies are taking a similar tack. Utility companies such as Baltimore-based Constellation Energy Group Inc. have increased security at some facilities, though details are kept secret. Banks and high-profile companies such as AT&T; Corp. and Walt Disney Corp. also have invested in tighter security.

Bank of America raised the bar this month by hiring Neil Gallagher, former assistant director of national security for the FBI, as director of homeland security for the bank. Gallagher, who has 29 years of intelligence and counter-terrorism experience, is to help the bank incorporate security programs across all its business units.

A new importance

"What we're certainly seeing now is folks are looking at security as if it is a major business element," said James Francis, vice president of the security services group for Kroll Inc., an international security consulting and headhunting firm.

A Booz Allen survey of corporate CEOs found that more are paying attention to security matters now. Among those with revenues over $1 billion annually, nine out of 10 have reviewed disaster planning, and a majority expect to spend more on security in the future.

The price of such caution varies. When a security chief first arrives on the job, much of what is undertaken is fairly low budget. It can be as simple as updating disaster plans, educating employees about proper security procedures and studying a company's risk of attack. For example, does the company own an internationally recognized building or have a prominent brand name? Is it part of the national infrastructure, such as a water or pipeline company? If so, the risk could be greater, experts say.

Updating surveillance technology, conducting employee background checks, scrutinizing executive travel plans and making sure buildings are secure is also on the checklist.

The most sophisticated security chiefs are likely to come armed with business degrees and will spend weeks dissecting a company's entire operation looking for vulnerabilities that could be exploited by terrorists, computer hackers or white-collar criminals bent on committing fraud.

Huddled in their research labs in Annapolis Junction and Northern Virginia, Gerencser and other Booz Allen security experts contemplate ways that terrorists could disrupt business and government. The $2 billion firm is known for designing complex war games that simulate terrorist attacks and other scenarios.

"We have to think of the unthinkable," said DeAnne Aguirre, a Booz Allen vice president who, along with Gerencser, heads the firm's new strategic security practice.

A new wave of security experts is focused not just on making the workplace safe, but also on turning heightened security into a competitive advantage. For example, Gerencser said, protection against widespread cyber-attacks ensures that business will continue if computer systems are targeted. Spreading business among several suppliers is a way of increasing competition while making sure that the supply chain isn't disrupted if one is knocked out of commission. And conducting background checks on employees can protect against future loss at the hands of, say, a rogue employee with a criminal record or terrorist ties.

"The philosophy of security is shifting and needs to shift from something that was always viewed as a cost to something that can be seen by private industry as a strategic advantage," Gerencser said.

Legal liability looms

There may be a legal incentive for the strategy, as well. Before Sept. 11, companies historically incurred limited liability when terrorists ran amok, resulting in deaths or severe financial losses. The argument was that a "reasonable man" would not have foreseen such events and taken extraordinary steps to prevent them.

Some say Sept. 11 sent a message to corporate America that anybody can be targeted and that companies are obligated to take basic steps to prepare, such as updating evacuation plans, screening employees or developing crisis management policies.

"We think the 'reasonable man' standard has been tightened," said George Foote, a partner with Washington law firm Bracewell & Patterson. "More things are foreseeable now and more is going to be required of companies."

Insurance companies are already responding by assessing their clients' risks and introducing new policies that insure against terrorism. Companies that implement heightened security practices are likely to get a break on certain premiums, experts said.

That trend is part of what is driving CEOs to pay closer attention. Foote likened it to the early stages of the environmental movement. Years ago, CEOs paid limited attention to environment matters, leaving the details to subordinates. Today, major acquisitions and development deals are rarely consummated until a comprehensive environmental assessment and impact statement are completed.

"That same level of consciousness is going to follow the security field," Foote said. "You will have CEOs put security planning and risk at the top of their list. Every deal they do, it will be, 'Have we done a security audit?'"

Copyright © 2019, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad