http://www2.csoonline.com/exclusives/column.html?CID=33337 By Katherine Walsh csoonline.com Dec. 09, 2007 Quick quiz: When does the CEO of a big technology company actually love security? Answer: When the executive protection team decides that the CEO needs to travel by private jet or limo anytime, anywhere, whether alone or with family members--for security reasons. According to an analysis of proxy statements filed with the Securities and Exchange Commission by the U.S.’s largest technology companies, corporate jets and automobiles are sometimes considered not luxury items or fringe benefits, but part of the necessary cost of executive protection--not a bad perk for the holiday season. At IBM, the country’s largest technology company, "security practices provide that all air travel by the Chairman and CEO, including personal travel, be on Company aircraft,” according to the most recent proxy statement. The CEO also is driven to and from work by IBM personnel in a car leased by IBM, which may also be used for non-business occasions--again, for security reasons. In all, the company spent $373,187 on CEO S.J. Palmisano’s personal use of company aircraft and $53,409 on personal security. This includes home security and monitoring systems, as well as security personnel for Palmisano and his family and the cost of hotels, meals, car services, airfare and salary for those security personnel. It’s a decent chunk of Palmisano’s total “other compensation” of $922,530. Likewise, at Xerox, CEO Ann Mulcahy is required whenever feasible to use the company aircraft for travel for “security and personal safety.” Using this criteria, most of Mulcahy’s “other compensation” can be classified as a security expense. Of the $296,026 listed under “all other compensation” for Mulcahy in the 2007 proxy statement, $193,300 was spent on personal use of the corporate aircraft, and another $18,679 went towards home security and other miscellaneous benefits. (“All other compensation” typically includes things like matching 401(k) contributions, home relocation assistance, financial planning and other perquisites.) In terms of security perks, however, those numbers aren’t even the big ones. Oracle reportedly spent a whopping $1,708,763 on security for CEO Larry Ellison. The proxy states that Ellison is required to have a home security system but is mum on most other details about what that $1.7 million includes. And Dell reports spending $1,051,000 on personal and residential security for CEO Michael Dell in FY07. According to the proxy statement: “The Board believes that Mr. Dell’s personal safety and security are of vital importance to the company’s business and prospects, and therefore that all these costs are appropriate corporate business expenses.” Security services are also provided to members of Dell’s immediate family and to locations other than his primary residence. Meanwhile, Cisco and Intel don’t even mention the words “security” or “executive protection” in the proxy statement section on executive compensation. So does the fact that Oracle reportedly spent $1.7 million protecting its chief executive, Xerox spent less than $300,000, and Cisco doesn’t mention security at all mean that Oracle is the most paranoid technology company--or that Ellison is the safest CEO? Of course not. For one thing, companies have vastly different interpretations of how they’re supposed to calculate and report executive protection costs. Dell and Oracle do consider personal use of the corporate aircraft to be part of executive compensation--they just don’t state that they consider it a security expense, as do IBM and Xerox. Second, different companies and CEOs have different needs for security. “There is no one piece of security that should, without question, be implemented in every executive protection strategy,” says Tim Horner, managing director at Kroll. Threat levels vary across company and industry, and companies must individualize their executive protection strategies as much as possible. (For in-depth coverage, see “The Six Things You Need to Know About Executive Protection.”) The threat environment of a particular corporation or CEO is dependant on a variety of factors, says Arnette Heintze, a retired U.S. Secret Service agent and now a security advisor at Hillard Heintze. One of those factors is corporate culture. “The CEO of a defense contractor might be exposed to greater risk through international travel than the CEO of a restaurant chain in the United States,” he says. Who the individual is also plays a big part in determining what to spend on executive protection. Henitze gives the example of celebrity CEO (now chairman) Bill Gates of Microsoft. “The security concerns there are not an issue so much because of the company and the industry, but because of the high profile of the executive,” says Heintze. “Executive security can’t be viewed just in one box.” So just how much money does Microsoft spend on protecting its top executives? Ironically, the company’s proxy statement is completely silent on the matter. And that might just make it the most paranoid tech company of all. __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Sun Dec 09 2007 - 23:41:43 PST