Security magazine is excited to present The 2023 Security Benchmark Report, an editorial initiative that collects self-reported data from enterprise security programs across the globe and a wide range of market sectors to determine trends in security roles, responsibilities, technology, training and budget.
Our goal with The Security Benchmark Report is to provide a comparison of enterprise security programs across the security field and within market sectors. Each year we release the report, we aim to build a wider picture of how enterprise security programs change, grow and mature year-over-year.
The 2023 Security Benchmark Report is comprised of:
- Main Report, which includes data across all respondents and sectors they represent.
- Sector Reports, which include data broken down by sector.
- The 2023 Benchmark Achievers, a section which showcases a number of security programs excelling in training, technology, new initiatives and crisis management.
- Benchmark Leader Profiles, which provide an inside look into two enterprise security programs and their accomplishments in the past year.
The Security Benchmark Report is an editorial initiative that collects and reports on self-reported data from security leaders who are responsible, at least in part, for physical security in their organization.
Therefore, the biggest benefit to filling out The Security Benchmark Report survey is that each security executive respondent receives the raw, anonymized data from the survey to compare and contrast across the industry or specifically companies within their sector based on any metric they wish.
This year, we asked respondents to report on the roles, responsibilities and function of their security programs; the type and cost of security training they implemented last year; increases and decreases in their security budgets; metrics they and their leadership find most valuable; and more.
For even more insights, fill out The Security Benchmark Survey next year to receive the raw, anonymized data. The survey will be open from February to mid-July 2024. And don’t forget to join us for a special webinar presentation on The 2023 Security Benchmark Report on November 29, where we discuss the report in-depth and reveal statistics exclusive to the webinar.
Read on for the insights unearthed by The 2023 Security Benchmark Report!
Security Roles & Responsibilities
The Security Benchmark Report respondents were asked about their top issues & concerns in 2023 and 2024 in regards to risk mitigation and enterprise security. The top 10 answers appear above in order. Workplace violence has been ranked as the top concern by respondents since 2021. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report participants were asked where their security function reports to or resides within. The majority of security teams responding to this year’s Security Benchmark Report report to or reside within Human Resources, followed closely by Chief Risk or Legal Officer / Risk / Legal / General Counsel. Respondents who selected Other report into Public Affairs, Customer Service and the Chief Supply Chain Officer, among others. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report respondents were asked to choose the level or title of their senior-most security executive within their enterprise. The choices, which are not exhaustive, are meant to generally group titles for comparison and include: C-Level Executive, Director, Senior Director, Senior Manager, Vice President / General Manager or Not Applicable (N/A). Respondents reported the Vice President / General Manager title as their senior-most security executive role at a higher rate than the previous year, increasing from 24% in 2022. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report respondents were asked to report in which geographic areas their security organization provides risk and security services within their enterprise. Respondents chose as many geographic areas as applicable. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report respondents were asked if their security organization is Centralized, Decentralized or Regional. The majority of respondents reported their security organization as being Centralized. For this survey’s purpose, the distinction between Decentralized and Regional security is that some Regional security programs may behave in a Centralized manner for their determined region, while Decentralized generally means there may be security organizations in multiple locations within an enterprise functioning independently from one another. Those respondents choosing Other reported a mix of partially Centralized and partially Decentralized structures. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report participants were given a list of 36 roles and responsibilities that may fall under the security function at an organization and were asked for the level of responsibility the team has over that role within their enterprise. The above are the 15 most common job responsibilities that the security function owns, leads or manages, according to respondents. For this survey, owning or leading the responsibility means security both manages and funds the program, while managing means security manages the program, but another group funds it. SOURCE: The Security Benchmark Report, November 2023
Organizational Responsibilities: Security Roles & Functions
Respondents report on the responsibilities of their security programs, as well as the level of involvement they have in each role.
FUNCTION | OWN / LEAD | MANAGE | SUPPORT | NOT INVOLVED / DO NOT HAVE / DO NOT KNOW |
Aligning security with the business | 76% | 16% | 7% | 1% |
Asset protection / facilities protection | 70% | 21% | 10% | 0% |
Brand protection / intellectual property / product protection / counterfeiting / fraud protection | 15% | 18% | 53% | 14% |
Business resilience / business continuity / emergency management / disaster recovery | 47% | 14% | 34% | 5% |
Business expansion support | 8% | 11% | 67% | 15% |
Civil unrest / targeted protests | 75% | 12% | 9% | 4% |
COVID-19 response | 25% | 18% | 52% | 4% |
Corporate aviation security | 14% | 5% | 27% | 53% |
Cybersecurity / information technology security / data protection | 8% | 4% | 64% | 24% |
Drug & alcohol testing / background checks / other pre-employment screening | 14% | 12% | 36% | 38% |
Duty of care / traveler protection & support / executive protection | 58% | 11% | 16% | 15% |
Emergency notification | 58% | 14% | 24% | 4% |
Emergency response and planning | 53% | 17% | 30% | 0% |
Event security | 67% | 20% | 8% | 5% |
Hate crimes / terrorism / extremism | 66% | 12% | 13% | 9% |
Health and safety | 21% | 9% | 50% | 20% |
International workforce protection and support | 32% | 10% | 20% | 38% |
Investigations | 64% | 18% | 16% | 2% |
Liaison with public-sector law enforcement agencies | 82% | 9% | 4% | 3% |
Loss prevention / goods protection | 60% | 14% | 16% | 10% |
Mergers & acquisitions (M&A) / business or site expansion / contraction planning & support | 4% | 2% | 58% | 36% |
Parking & transportation security | 40% | 12% | 25% | 24% |
Regulatory compliance / controls assurance, verification & validation | 16% | 20% | 54% | 11% |
Risk & threat assessments / risk management planning / enterprise risk management | 51% | 23% | 24% | 2% |
Security as a competitive advantage | 45% | 15% | 16% | 24% |
Security audits / surveys / assessments | 79% | 14% | 2% | 4% |
Security contract management: Guards / technology integrators / contract employees | 65% | 16% | 9% | 11% |
Security operations center (SOC) management | 73% | 4% | 2% | 20% |
Security staff development & training | 83% | 9% | 5% | 3% |
Security strategy | 90% | 9% | 2% | 0% |
Security technology & integration | 71% | 16% | 10% | 3% |
Social media threat monitoring | 37% | 15% | 36% | 11% |
Supply chain / logistics / distribution security | 22% | 8% | 47% | 24% |
Vendor and channel partner vetting | 14% | 12% | 41% | 33% |
Weather / natural disasters | 41% | 16% | 38% | 5% |
Workplace violence / threat management / active shooter prevention | 83% | 9% | 6% | 2% |
The Security Benchmark Report respondents were asked to report on the security team’s roles and responsibilities within their organization. This year, we asked security leaders for the level of responsibility for each function within their organization with the following choices: Own / Lead Function: Security manages and funds the program; Manage: Security manages the program but another group funds it; Support: Security sets policy, consults on the program (or represents physical security perspective) but does not manage or fund the program; Not Involved: Company has the program but security is not involved in it; Do Not Have; Do Not Know. We have combined Not Involved / Do Not Have / Do Not Know responses for the purposes of this chart. SOURCE: The Security Benchmark Report, November 2023
SOURCE: The Security Benchmark Report, November 2023
SOURCE: The Security Benchmark Report, November 2023
SOURCE: The Security Benchmark Report, November 2023
In order to participate in The Security Benchmark Report, respondents must be responsible, at least in part, for physical security within their organization. We asked survey respondents for more insight into the ever-evolving and changing roles of security, including whether their program is responsible for both physical security and health & safety, as well as physical security and cybersecurity. This year’s statistics represent decreases compared to 2022, when 22% of security departments reported being responsible for cybersecurity and 56% reported responsibility for health and safety as well as physical security. SOURCE: The Security Benchmark Report, November 2023
Security Budgets, Spending & More
The Security Benchmark Report captures information on security budgets and total reported revenue / operating budget in the overall organization. To calculate the security budget as a percentage of revenue across the enterprise, the security budget is divided by the total revenue. Companies that reported information on both security budget and total revenue are included in this number; however, if any numbers appeared inaccurately reported or incorrect, they were removed from the calculation. SOURCE: The Security Benchmark Report, November 2023
Above is the average security budget as a percent of revenue by market sector. The Security Benchmark Report captures information on security budgets and total reported revenue / operating budget in the overall organization. To calculate the security budget as a percentage of revenue across the enterprise, the security budget is divided by the total revenue. Companies that reported information on both security budget and total revenue are included in this number; however, if any numbers appeared inaccurately reported or incorrect, they were removed from the calculation. If a given sector did not have enough accurate data to calculate an average, it was not included in the above reporting. SOURCE: The Security Benchmark Report, November 2023
A majority of The Security Benchmark Report respondents reported an increased security budget compared with the previous year’s budget. However, fewer respondents reported an increased security budget in 2023 compared to 2022. In 2022, 69% of respondents reported an increased budget, while, in 2023, 65% of respondents reported an increased security budget year-over-year. SOURCE: The Security Benchmark Report, November 2023
If The Security Benchmark Report respondents indicated an increased security budget in 2023 compared with 2022, they were asked what percentage that budget increased. The average increase reported by those respondents for 2023 was 14%. If respondents indicated their security budget in 2023 decreased compared with 2022, they were asked for the percentage decrease. The average decrease reported by those respondents for 2023 was 7%. In 2022, the average increase in security budget was 19% and the average decrease in security budget was 11%. SOURCE: The Security Benchmark Report, November 2023
Security Guarding & Operations
Of those The Security Benchmark Report respondents that reported using guard / officer forces at their organization, 48% of security leaders report using both proprietary and contract officer / guard forces, while 18% report having only proprietary guards and 34% reported having only third-party / contract guards. SOURCE: The Security Benchmark Report, November 2023
Overall, 67% of The Security Benchmark Report respondents reported having a security operations center (SOC) or global security operations center (GSOC) within their enterprise. Respondents that answered “Yes” to having a SOC were asked if their SOCs provide security and risk services to the entire enterprise or just a particular region or site. Overall, among all sectors, 75% of respondents that reported having a SOC offer those services to the entire enterprise. SOURCE: The Security Benchmark Report, November 2023
Among the 67% of The Security Benchmark Report respondents that reported having a global security operations center (GSOC) or security operations center (SOC), Security magazine asked respondents which services their SOCs provide to the enterprise, represented in the bar graph above. Respondents were able to choose as many responses as applicable. Respondents who selected Other reported SOC functions including monitoring for infant abductions, providing support for women’s safety, and supporting building automation. SOURCE: The Security Benchmark Report, November 2023
Security-Related Training & Technology
Above is the average money spent on security-related training by sector, based on self-reported information from The Security Benchmark Report respondents. Information that appeared to be inaccurately reported was excluded from these calculations. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report respondents were asked to report the security-related training they held within their enterprise in 2022. Respondents were able to choose multiple populations for each training if applicable. For example, with Workplace violence, some organizations implemented training for both security staff, as well as targeted cross-functional groups. Respondents were allowed to report using as many training types as applicable. “Not Applicable” refers to those organizations that did not implement that type of training in 2022. In addition to these responses, respondents were able to choose “Other.” Some of those responses included: COVID-19 infection prevention; diversity, equity and inclusion; business continuity & resilience; active shooter; human trafficking identification & prevention; and de-escalation. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report respondents were asked which physical and / or electronic security systems and equipment their enterprise currently has in place. Respondents were able to choose as many systems as applicable. Of those respondents who selected Other, additional security technologies they have implemented in their enterprises include: biometrics-based security solutions; gunshot detection; weapons screening; open-source intelligence monitoring; and duress technology. *Two-way radio systems are included here if reported for security personnel only. SOURCE: The Security Benchmark Report, November 2023
The Security Benchmark Report respondents were asked how much their organization plans to spend on electronic physical security systems and services this year. Respondents were asked to choose the range that best describes their planned spending. SOURCE: The Security Benchmark Report, November 2023
Security Teams Using Metrics
Security Teams Emphasizing Metrics to Define Productivity
These security programs report maintaining a metrics program that clearly defines productivity, value creation and cost avoidance.
COMPANY | SECURITY BENCHMARK LEADER | TITLE |
Abercrombie and Fitch | Shane Berry | GVP, Asset Protection and Chief Security Officer |
Adtalem Global Education | Robert Soderberg | Vice President, Chief Safety, Security & Resiliency Officer |
Advocate Health | Randy Stephan | System Vice President for Security |
AMBSE | Joe Coomer | Vice President, Security |
American Electric Power | Steve Swick | Chief Security Officer |
American Family Insurance | Jeff Wiegand | Vice President, Protective Services |
Arthrex | Kevin Cliff | Director, Corporate Security Services |
Associated Grocers of New England, Inc | Alan R. Cote | Director of Risk Management |
AVANGRID | Brian Harrell | Vice President & Chief Security Officer |
Baker Hughes | Kevin Wetherington | Chief Health, Safety, Environment, Security, & Quality Officer |
Ballad Health | Ken Harr | Assistant Vice President / Chief Security Officer |
Big Lots | Robert LaCommare | Vice President, Asset Protection & Safety |
Bridgestone Corp | Josh Walker | Vice President, Corporate Security and Enterprise Risk |
Casino du Lac-Leamy | Pierre Cote | Chief of Operations |
Chico's FAS Inc. | Joe Biffar | Vice President, Asset Protection |
Chubb | Richard M. Kelly | Senior Vice President, Chief Security Officer |
CIP Corps | Karl Perman | CEO |
Clarios | Robb Koops | Global Security Director |
Cleveland Clinic | Gordon Snow | Chief Security Officer |
Corning Inc. | Steve Harrold | Vice President, Global Security/td> |
County of Ventura | David Barley | Division Head |
Duke University | John H. Dailey | Chief of Police |
Ecentria - OpticsPlanet | Gary Stewart | Director, Corporate Security |
Nick Lovrien | Chief Global Security Officer | |
GE Healthcare | Shiva Rajagopalan | Senior Director of Infrastructure and Facilities |
GoDaddy | Jason Veiock | Senior Director, Safety, Security & Resilience |
Hamilton Health Sciences | Todd Milne | Director, Security Services and Emergency Disaster Management |
HMPL | Sambit Nath | Head of Security |
Keurig Dr Pepper | Ryan DeStefano | Director of Corporate Security |
Kyndryl | Catherine Killian | Vice President & Chief Security Officer |
Lexington County Health Services District Department of Public Safety | Justin McClarrie | Director of Public Safety |
Massachusetts General Hospital | Bonnie Michelman | Executive Director, Police, Security & Outside Services |
McLeod Health | J. Wayne Byrd | Director of Security |
Memorial Healthcare | Jeff Hauk, MBA, MSA, CPP, CHPA | Director, Public Safety and Police Authority Services |
National Labor Relations Board | Raymond Hankins | Chief Security Officer |
Nationwide Mutual | Jay C. Beighley | Senior Associate Vice President |
Northwest Community Healthcare | CEO | |
NRG Energy, Inc. | Joe Walters | Sr. Director, Enterprise Security, Real Estate and Facilities |
PepsiCo, Inc. | Michael Lee | Senior Vice President, Chief Security Officer |
Petco | Steven J. Bova | Director, Loss Prevention |
Power Integrations | Balu Balakrishnan | CEO |
Regitt Consulting Services Ltd | General Manager, Security | |
Sabre | Jesse Campbell | Global Safety & Security Leader |
San Antonio Water System | Steven Tijerina | Manager |
Seattle Children's Hospital | Jim Sawyer | Security Director |
State Street | Stephen D. Baker, CPP | Senior Vice President and Chief Security Officer |
Synopsys, Inc. | Jim Fussell | Senior Director, Global Safety, Security & Resilience |
Tampa General Hospital | Tony Venezia | Senior Director of Public Safety |
Texas Biomedical Research Institute | Mark A. Hammargren, CPP | Director, Security & Emergency Preparedness |
University of Alabama at Birmingham | Mike Hasselbrink | Director of Physical Security |
University of Redlands | Stanley Skipworth | Associate Vice President / Chief |
University of Pennsylvania | Kathleen Shields Anderson, J.D., MBA | Vice President for Public Safety |
US DataVault | Marc Shaffer | CEO |
University of Texas Police at Houston | William Adcox | Vice President, Chief of Police and Chief Security Officer |
Victoria's Secret & Co | John Talamo | Senior Vice President, Asset Protection |
Waters Technologies Corporation | Katherine Collins | Sr. Manager, Corporate Global Security |
Xylem | Maribeth Anderson | Global Senior Director |
Yale University Public Safety | Ronnell Higgins | Associate Vice President for Public Safety and Community Engagement |
Yazaki North America Canton HQ | Bert Morales | Vice President, Corporate Security |
The above list (in alphabetical order) are those security leaders that reported maintaining a security metrics program that defines productivity, value creation and cost avoidance. Respondents are allowed to remain anonymous from any listings or rankings within the published The Security Benchmark Report; therefore, any respondents choosing to remain anonymous are not included in this list. SOURCE: The Security Benchmark Report, November 2023