What Growing Outsourcing Means for Security Management
Today’s corporate security function requires a variety of specializations, but not every department is equipped or funded to bring those roles in-house. Outsourced security roles—from guarding to GSOCs to intelligence analysis—are on the rise, but are management skills keeping up?
In a survey of chief security officers (CSOs) by SI Placement and The Clarity Factory, 42 percent of CSOs said they outsource at least one quarter of the roles within the security function, and 25 percent outsource more than half. That proportion is expected to grow—36 percent said they expect to increase their outsourced roles in the next two to three years. The survey noted a growing trend of outsourcing regional or country security managers, and some companies are outsourcing whole security functions.
Looking at budget instead of headcount, 50 percent of CSOs said they spend more than half of their corporate security budget on outsourced services currently, and 46 percent expect this to increase in the next two to three years.
“Increased outsourcing partly reflects the growth of security technology, which is often purchased externally rather than built in-house,” according to the survey report, The Future of Talent: Outsourcing takes hold in corporate security. “A vast majority of CSOs (82 percent) expect the proportion of the security budget spent on technology to increase over the next two to three years, with only 1 percent expecting this to decrease.”
The increase in technology use could result in a lower headcount in some areas and growth in others, such as the use of artificial intelligence (AI) to reduce the number of analysts needed to write intelligence reports.
“Outsourcing is especially high for intelligence roles, which in the current global operating environment are becoming more business critical,” the report said. “CSOs should consider the balance between in-house and embedded analysts to ensure continuity of service, given outsourced roles are often the first to go when cuts are made. It is also important to ensure outsourced personnel are properly integrated so they can deliver a service fully aligned with business needs.”
That doesn’t mean intelligence analyst roles are disappearing, but job hunters in this field will need to adjust their expectations as in-house positions evolve with the adoption of new technology, says Kathy Lavinder, executive director of SI Placement and one of the authors of the report.
“Anyone thinking about a career as an intelligence analyst will need to understand and accept that working for third-party vendors will be an employment option they should not overlook,” Lavinder says. “It's not unusual for outsourced analysts to move in-house, so working for a third-party vendor at the outset can be a means to an end. While being a third-party consultant may be viewed as a short-term option, some consultants report high levels of job satisfaction simply because their work responsibilities, assignments, clients, etc., can change.”
CSOs need to adjust their expectations around outsourced vendor management, too, the survey said. A majority of CSOs surveyed (73 percent) said they have vendor management and contracting skills, and more than 80 percent said they have associated skills such as project management, stakeholder management, and communication and influencing skills. However, fewer than one in five CSOs have received training on vendor management and contracting.
“It would be advisable for CSOs to undertake some of the same training in project management and vendor management as their rank-and-file workers,” Lavinder says. “It’s a little counterintuitive, but managing outsourced and remote teams is actually more work for managers, not less, if they want their outsourced resources to be successful and effective.”
The level of outsourcing means that vendor management skills are critical for effective corporate security, the report found, but only 3 percent of CSOs said they were one of the top three skills necessary for security team members. Younger survey respondents were more likely to value vendor management skills—10 percent of individuals surveyed under the age of 45 ranked vendor management in their top three.
Moving forward, “project and vendor management skills will be essential,” Lavinder says. “Some organizations have in-house training or professional development opportunities. For those who work in environments that do not, self-study can advance one’s knowledge and readiness to assume these responsibilities. Many universities offer ad hoc courses in project management, and Google Career Certificates include project management. The Project Management Professional certification, through the Project Management Institute, is another option.”
Younger security professionals also have a leg up on vendor management because more of them have worked in another business function—such as HR, supply chain, or operations—that has a more established vendor management program.
“There is generally less exposure to other functions among CSOs, with only one-third (34 percent) having worked in another part of the business,” according to the report. “CSOs who outsource more than half of their roles are twice as likely to have worked in another function (56 percent versus 27 percent).”
New report by SI Placement & Clarity Factory. Is outsourcing taking over corporate security? The Future of Talent: Outsourcing in Corporate Security explores trends, impact on talent strategies, and skills for success.https://t.co/1KljgUCuec
— Rachel Briggs OBE (@rachelbriggsuk) September 16, 2024
Overall, there are inevitable pros and cons to outsourcing, Lavinder adds.
“The biggest pro is that organizations can gain access to additional resources, specialized talent, while not adding to headcount,” she explains. “The savings on benefit packages can be significant, although some third-party vendors wrap those costs into their pricing as ‘overhead.’
“More importantly, in my view, is access to highly specialized knowledge workers for a period of time; for example, during a time of programmatic build out or reorganization, or for a limited duration project. Outsourcing also enables organizations to request personnel changes when they see a potential benefit or they have identified a deficiency.
“Cons include the loss of control, which can have negative consequences if the vendor’s personnel underperform,” she continues. “This approach also means that organizations are not actively developing talent in-house for the long term.”
The report added, “As outsourcing of both roles and spending increases, the nature of the relationship between corporate security core team staff members and the rest of the business will shift. As one CSO commented, ‘In the future, there will be much more outsourcing, so it will be less important to have on-the-ground experience in your core team. It will also mean that the core team will behave more like consultants to the business. It will be more important that they have experience relevant to the business, such as how a manufacturing site works, business processes and structures, and so forth.’”