Governments around the world stress the importance of private-sector engagement in national security. However, a recent survey shows that private companies conceptualize their own responsibility differently depending on where they are located.
National security is no longer solely about defending the borders; it now includes making society resilient in the face of a wide range of threats. Although governments around the world stress the importance of private sector responsibility and engagement in national security, a survey conducted by the author shows that private companies themselves conceptualize their responsibility differently depending on their nationality.
The findings are presented in Survey on Corporate Security Thinking, which describes the security practices of more than 200 of the world’s largest companies, their practice of security management, and the nature of their collaboration with national security agencies.
The survey covers some of the largest U.S., U.K., Danish, and Swedish companies. In the United States, 87 security directors representing Fortune 500 companies responded to the survey. In Denmark, 51 directors responded, and 34 responded in both Sweden and in the United Kingdom.
The survey shows not only surprisingly strong national differences in the understanding of the role of the state versus that of the company in the current policy on counterterrorism but also very similar corporate attitudes to professionalization and new trends in corporate security priorities. The different national experiences with political violence, such as terrorism, do not seem to affect the security priorities of companies.
The importance of corporate security has increased tremendously during the past decade, and as a result, corporate security directors have moved up the organizational hierarchy. Security management has become a professional field, and corporate security directors see themselves as being bolstered by their expertise, competences, and membership in associations. This development is strongest in the United States, where numerous educational programs have been established to promote shared knowledge and language about security technology, information sharing, and risk analysis.
Security has become an integrated part of the overall business strategy. Whereas companies previously understood security as a rather narrow, technical function—physically protecting facilities and personnel—today the trend is to see a wider range of risk as matters of corporate security.
In the survey, corporate security managers were asked what they consider a corporate security concern. Almost all security managers and directors, whatever their nationality, considered corporate security to include risks ranging from theft to IT issues to terrorism. The agreement on this question was exceptionally high and did not expose any pattern with regard to nationality or company type.
On the question of priorities, the survey again shows a strikingly similar pattern of responses pointing to corporate managerial priorities across nations. Asked about the most important steps companies have taken to improve security, the majority of the corporate security managers agree that “gathering of intelligence about threats to the company” and “access control” are most important, closely followed by “emergency management.”
Access control being a high priority is not surprising, as it is critical to protecting the corporate environment. The high priority of intelligence, however, is new. A 1993 survey on corporate programs for managing terrorist threats found very little emphasis on the intelligence aspect of corporate security. Instead, the 1993 survey showed that U.S.-based multinational companies were occupied with protecting assets and that they relied mainly on physical security hardware to solve potential problems with terrorism.
The key explanation for this growing interest in intelligence information is the increasingly unpredictable risk environment. Without solid intelligence, as a COO of a port authority explains, “You will be all over the place…and you will be spending precious resources” that could be better used elsewhere. Intelligence is understood as absolutely central to the ability to carry out corporate risk analyses and emergency planning in a complex and unpredictable risk environment.
Despite the strong similarity in the corporate security approaches across nations, the survey revealed a divergence in the corporate perception of responsibility for counterterrorism. In the survey, the corporate security managers were asked to what extent they agreed that “counterterrorism is a government task and private companies should only be involved insofar as there is a threat affecting their business.” In the United States, only 15 percent agreed with the statement while 85 percent disagreed.
A similar pattern can be observed in the United Kingdom, where 27 percent agree and 67 percent disagree. (Six percent of respondents chose the “not sure” option.) This stands in sharp contrast to Danish and Swedish companies where 48 percent and 57 percent, respectively, agreed that terrorism is a government task.
Two factors can help to explain these distinctions between the United States and the United Kingdom on the one side and Denmark and Sweden on the other. One has to do with the differences in the government’s level of engagement with companies on issues of national security. Another possible reason is found in the different historical national approaches to the relation between civil society and the state.
Engagement. One must expect that the closer the ties are between companies and national security agencies, the easier it would be to mobilize companies and give them responsibility for counterterrorism. The survey shows that contact between federal intelligence agencies and private companies occurs with varying frequency from country to country, yet there seems to be no correlation between the frequency of contact and the attitude toward the corporate role in counterterrorism. Contact between companies and intelligence agencies is rather frequent in Sweden, the United Kingdom, and the United States. It is rarer in Denmark.
In the survey, 49 percent of those from Swedish companies responded that they are in contact with the Swedish Security Service, Säpo, more than once each month. In the United Kingdom, 65 percent say that they are in contact with MI5, and in the United States, 67 percent indicated that they are in contact with the Department of Homeland Security. In Denmark, however, only 18 percent said that their companies are in contact with the Danish Security Intelligence more than once a month.
These differences in the level of contact between national security agencies and companies most probably have to do with the varying number of public-private partnerships in the countries. In the United States, the number of partnership programs is high and formalized compared to Europe.
Societal issues. Another explanation for the findings on the responsibility towards counterterrorism can be found in the historical role of the state in these different countries. The fact that companies in Denmark and Sweden tend to view counterterrorism as a state matter may have been expected, as the state in these countries historically has been seen as much stronger than in some other societies.
Counterterrorism is a high priority among corporate security managers, and it seems beyond doubt that collaboration with public-security agents is important. What this survey has shown us, however, is that government strategies of engaging private companies have had different resonance in the business communities of various countries and that companies around the world understand their responsibility differently.
Karen Lund Petersen is associate professor for the Centre for Advanced Security Theory at the University of Copenhagen in Denmark.