To Retain Security Talent, Start with Reframing its Value

Corporate security is at a crossroads. While chief information security officers (CISOs) are increasingly empowered with board-level visibility and robust budgets to strengthen cyber defenses, their counterparts in physical security, the chief security officers (CSOs), often operate under far more constrained circumstances. This disparity is especially stark given the wide scope of risks and responsibilities CSOs are tasked with managing: civil unrest, natural disasters, insider threats, fraud, executive protection, workplace violence, and supply chain disruptions, just to name just a few.

The imbalance between responsibility and resourcing comes at a cost. Understaffed and overstretched teams are more likely to experience burnout, high turnover, and the loss of institutional knowledge—all of which weaken enterprise resilience. As threats grow more complex, polarization deepens, and risks span both physical and digital domains, continuing to treat security as a cost center is no longer an option.

The Imbalance of CISO and CSO Funding

Cybersecurity dominates headlines. Ransomware attacks, data leaks, and nation-state threats frequently make front-page news, prompting swift action and quick budget increases from boards and executives. Cyber risk is increasingly viewed not only as a technical issue, but as a business continuity concern with direct ties to revenue, compliance, and reputation.

Historically, physical security threats unfolded quietly, neutralized behind the scenes before most stakeholders even noticed. But that’s no longer the norm. In today’s environment of geopolitical instability, rising polarization, and increasingly visible threats—from workplace violence to corporate assassinations—physical risks are not only more frequent but also more public and operationally disruptive.

Despite this shift, physical security is often viewed as a logistical necessity rather than a strategic asset. Meanwhile, CISOs seemingly have a clear advantage: Cybersecurity has established, standardized metrics like dwell time, breach costs avoided, and vulnerability exposure, and they map directly to financial and compliance risks, making investment decisions easier for boards.

However, physical security teams also possess valuable data, particularly regarding cost avoidance and risk reduction. For instance, many security teams track the number of workplace violence incidents that were mitigated in a given year. To resonate with leadership, security teams need to go a step further and connect activities to outcomes, then outcomes to business value. For example, don’t just report that 27 workplace violence incidents were prevented; rather, translate that into operational impact, such as avoided legal costs, reduced downtime, or improved employee retention. Estimate the financial exposure avoided or quantify how these efforts supported business continuity.

While CISOs often secure funding for headcount, tools, and training, CSOs are left to stretch limited resources. Reframing physical security metrics in business terms isn’t just helpful, it’s essential to closing the funding gap and elevating the function’s strategic profile.

Don’t just report that 27 workplace violence incidents were prevented; rather, translate that into operational impact, such as avoided legal costs, reduced downtime, or improved employee retention.

The Human Cost: Turnover in Physical Security

Underfunding doesn’t just slow progress; it drives people out of the profession. Physical security teams often face grueling shifts, limited advancement opportunities, and a lack of recognition for their work. Over time, this leads to burnout, disengagement, and attrition.

The loss of experienced professionals comes at a high cost. Security is a field built on relationships, intuition, and contextual awareness. When long-tenured employees leave, they take with them institutional knowledge that is hard to replace. Teams are left with talent gaps, inconsistent processes, and weakened connections with the business units they support.

Recruiting and onboarding replacements takes time and money, and new hires often require months to become effective in complex environments. Worse, turnover can create a feedback loop: As experienced team members leave, remaining staff become more overburdened, increasing the likelihood that they, too, will burn out.

To interrupt this pattern, organizations must prioritize both retention and recruitment. One tangible approach is implementing internal career pathways that align with both team needs and employee aspirations. For example, design a tiered advancement track that combines field experience with opportunities for leadership development, cross-training in cyber and intelligence functions, and industry certifications. By providing team members with a clear path for growth within the organization, leaders demonstrate their investment in their future, which in turn increases engagement and reduces attrition.

In a world where threat actors are increasingly agile and persistent, security programs can’t afford to lose momentum. Yet without dedicated investment in people and culture, turnover will remain a persistent and preventable vulnerability.

Closing the Gap: Strategies for Retention and Longevity

To address the funding and retention crisis in physical security, organizations must begin by reframing the function itself. According to a 2025 survey of CSOs from The Clarity Factory, nearly one-third of CSOs scored “low understanding of security among business leaders” as the top obstacle to the effectiveness of the function. Rather than viewing security as a reactive cost center, leaders must be able to articulate its strategic value and connect the dots between security operations and business outcomes like uptime, revenue continuity, brand trust, and employee well-being.

Leaders must also provide opportunities for their teams to develop, whether that involves improving their soft skills or joining professional organizations. Here are a few ways that security leaders can encourage development and retain top talent:

Tie activity metrics to value-driven narratives. For example, a security team that recorded 500 incidents last quarter can articulate the outcome in a value-driven way: One incident prevented a gun-related threat at a retail location, which resulted in revenue loss avoided of $1.5 million. These data points tell a compelling story and help translate physical security actions into business impact that resonates at the executive level.

Explore joint funding models. A growing number of organizations are exploring joint funding models between CSOs and CISOs, recognizing that many risks now span both physical and cyber domains. According to a 2025 IBM report, 9 percent of malicious breaches are caused by physical theft or security issues, resulting in an average cost of $4.07 million per breach.

Whether it’s protecting access to server rooms or safeguarding executives from doxxing threats, collaboration between the two functions creates a unified approach to risk and makes a stronger case for investment. Boards that understand this interdependence will make smarter, more holistic decisions.

Provide and encourage professional development opportunities. Security professionals must have clear, supported pathways to grow their careers, whether through certifications, leadership training, or cross-training across cyber and physical domains. Investing in skill-building not only boosts morale but also equips teams to better adapt to today’s dynamic threat landscape.

Become technology proficient and AI-literate. As modern security environments become increasingly integrated and data-driven, security professionals must be proficient not only in core technologies but also in emerging tools powered by artificial intelligence (AI). They must be comfortable navigating tools and platforms that connect threat data, facilitate investigations and research on a person of interest, or communicate urgent updates to their employees. AI is also being used to flag anomalies in access patterns, generate reports, and support real-time decision-making. To keep pace, organizations must provide ongoing training—not just in traditional systems, but in how to effectively and ethically leverage AI.

Develop soft skills. The Clarity Factory’s CSO survey found that communication, strategic thinking, and collaboration and teamwork were the top executive competencies that CSOs were looking for in their teams. Developing strong executive presence and presentation skills enables security professionals to effectively advocate for their programs and contribute meaningfully to cross-functional discussions.

Prioritize mental health. Security professionals often engage with serious or traumatic subject matter, which can lead to compassion fatigue and burnout. Organizations should provide tools and training to help team members recognize the signs of mental distress, both in themselves and in others, and ensure that reporting mechanisms are accessible and stigma-free.

Encouraging time off, reinforcing work-life balance, and celebrating the impact of security work are all essential. When people feel seen, supported, and appreciated, they are more likely to stay, perform at a high level, and contribute to a positive team culture.

Utilizing Strategic Retention to Mitigate Risk

If funding gaps and retention challenges are left unaddressed, organizations will continue to lose top talent, and with it, the institutional knowledge and resilience required to manage evolving threats.

Now is the time to elevate corporate security from a reactive necessity to a core strategic function. When boards and business leaders fully recognize the value of security, not just in safeguarding assets, but in protecting people, enabling operations, and sustaining brand trust, they unlock its true potential. By investing in talent, aligning security with business outcomes, and breaking down silos between physical and cyber domains, organizations can build integrated, resilient programs that stand the test of time.

This article originally appeared on Security Management.