An outlier in corporate security just a few years ago, intelligence analysis is now becoming a critical piece of the overall security efforts for more and more corporations. And from all indications, its usage and influence will be only be spreading in the years to come. In this blog, Christian West shares perspectives on this growing trend based on his experience in corporate security in the US and Europe.
Intelligence analysis used to be something done by governments and the military, not corporations. And let me be the first to admit it: I used to think intelligence analysts didn’t have much of a role to play in corporate security or executive protection. They were the nerdy academics in offices who wrote theoretical reports; we were the guys on the ground who protected the corporation’s people and assets in the real world.
As you’ll see below, my thinking on this has changed. One hundred and eighty degrees. Now, I’m convinced that intelligence analysts deserve an important role in any best-in-class corporate security program. I know because I’ve seen first-hand how intelligence analysis makes security better by making security practitioners smarter, and because I’ve worked in programs with and without the benefit of intelligence analysis. Yes, there are some challenges that need to be overcome, but the bottom line is this: Once you get used to the advantages of integrating intelligence analysis into a corporate security program, you really don’t want to go back. I mean, why wouldn’t a security professional want to make smarter decisions based on relevant intel?
What is intelligence analysis, anyway?
In our context, intelligence analysis is the process of transforming data into information, information into intelligence, and intelligence into actionable insight – all with goal of helping the corporation achieve its objectives by implementing clearly defined security strategies.
Just like their colleagues in government and the military, corporate intelligence analysts spend a lot of time evaluating the risks facing the organization as it implements strategies operationally – now and in the future. They do this by sifting through data and information from vetted and verified sources, both primary and secondary, and working that information into intelligence that informs recommendations and reports that decision makers can act on.
Intelligence reports are the stock-in-trade of intelligence analysis. According to program goals, these reports can take on many forms, for example:
- Regular intelligence reports: Based on company-specific parameters, these reports provide timely updates to enable proactive decisions.
- Ad hoc and/or proactive intelligence reports: On-demand reports on trends and developments that could impact business continuity, staff security, and company reputations.
- Travel intelligence assessments: Improve executive protection and secure transportation with up-to-the-minute intel on specific destinations.
- Event intelligence assessments: Understanding risks and threats to venues and principals is key to better event security.
- Immediate response reports: We provide fresh intel from on the ground when natural disasters, civil unrest or terror disrupt business as usual.
Where does intelligence analysis play a role in the corporation?
Corporate intelligence analysts play an important role in mitigating risks across a wide range of corporate interests and duty of care issues:
- People: Keeping employees safe when carrying out work for the company at home and while traveling, including:
- Executive protection for the CEO and other C-suite members. Relevant intel encompasses, for example, persons and groups of interests that pose actual or potential risk to the principal’s security, privacy and reputation.
- Travel intelligence that provides security overviews of locations, including intel on current and long-term risks, both actual and potential, and recommendations to ensure that travelers have accurate information to make effective decisions in order to stay safe.
- Facilities: Enhancing physical security and preparedness against actual and potential threats, including natural disasters and other emergencies
- Brand and reputation: Maintaining awareness of how the company, its brands, trademarks, and principals are mentioned publicly – and to enable action to be taken against misuse or misrepresentation
- Supply chains: Understanding and monitoring the many factors that can impact business continuity across complex supply chains and vendor relationships. This includes internal and external supply chains both domestically and abroad.
- Geopolitical and regulatory: Gathering and reporting intelligence on political, economic and legislative developments that can impact the corporation’s current and future operations.
- Vetting and investigations: Intelligence analysts also contribute to due diligence processes in mergers and acquisitions, recruitment of critical staff, procurement and vendor relationship management, etc.
For whom in the corporation do intelligence analysts work?
Intelligence analysis is all about enabling better decisions, so corporate decision makers are the main customers of intelligence analysts.
In our experience, intelligence analysis stakeholders are initially closely associated with issues traditionally associated with corporate security, e.g. fixed site security, executive protection and travel security. Decision makers in these areas rely on intelligence analysts for regular and ad hoc reports that help them design and implement risk mitigation programs.
As intelligence analysis programs mature and become integrated in the corporate ecosystem, their group of stakeholders expands and can ultimately encompass many business functions. Those responsible for supply chains rely on intelligence reports to understand threats to business continuity. Marketing departments use intelligence to safeguard large events. Corporate communications directors read regular reputation reports and requisition special reports as needs arise. R&D might require specific reports for reasons of their own.
Due diligence processes related to mergers and acquisitions activity are another area where intelligence analysts may be involved to mitigate threats and risks. This can include anything from evaluating financials and intellectual properties to checking backgrounds of shareholders and key executives, and other integrity research.
At the top of the decision-making food chain, the C-suite, CEOs and other corporate officers are important stakeholders in and consumers of the reports generated by intelligence analysts.
Cyber security is an issue of growing importance to the corporation in many ways – also concerning intelligence analysis. In our experience, intelligence analysts are involved in cyber, too, but only in certain well-defined areas. IT departments handle all the main issues pertinent to safeguarding the corporation against cyber attacks, whereas intelligence analysts can be involved in personal protective security and cyber risk mitigation for the CEO and other C-suite members. This can include monitoring social media and other online sources as well as keeping an eye on “the deep web” for intelligence relevant to the safety and privacy of our principals.
I could go on, but you get the picture: The more entrenched within the corporation the intelligence analysis program becomes, the more stakeholders in more departments begin to benefit from it.
It’s important that those responsible for intelligence analysis programs identify and understand their company’s key stakeholder groups and create a value proposition for each of them. Value adds can be financial, functional or emotional.
If intelligence analysis is so good, why aren’t more corporations using it?
Although many corporations (especially in the U.S.) do use intelligence analysis in their security efforts, many still do not. Many companies simply have no experience with intelligence analysis and don’t have the expertise or experience to incorporate this important tool. They can’t see – or understand – the value of it. They haven’t even begun to integrate intel into security work – let alone all the other areas we discussed above.
This is something we in the security industry also have a responsibility to correct. If people don’t understand our value proposition, then maybe we haven’t formulated it well enough. Value equations have two parts that need to be in balance: perceived benefits and relative costs.
On the benefit side, we in the security industry need to get better at identifying how intel can improve decision making and the ability of the corporation to meet its security goals. On the cost side, we need to make transparent all expenses – and the various ways intel programs can come together.
Clients need reliable information about how intel programs work, who benefits and how, and how much they cost. We need to explain how these programs can be structured and run, and how they can be procured. Should the company “make” or “buy” their intel program? Or should they use a specialist partner to design, implement and staff these niche positions? What are the pros and cons of both?
We see many U.S. companies who already have robust intelligence analysis programs, but not so many in Europe. This is not surprising since US corporations often have considerably larger security programs than similarly sized European counterparts. We think this will change in the future!