Security is often treated as an operational detail—something to be delegated, outsourced, and trusted to “the experts.” For boards, this can create a dangerous blind spot.
When organizations contract out security, they frequently lose visibility into how risk is actually being managed on the ground. Inputs and outputs may be visible—guards posted, incidents reported—but the internal workings of the system remain opaque. Perhaps dangerously so. In systems language, security becomes a black box.
This piece explores why that opacity matters, what governance responsibilities boards retain even when security is outsourced, and the kinds of questions that can surface hidden risk before it becomes harm.
The Governance Problem Hiding in Plain Sight
Boards are not responsible for managing day-to-day security operations. That responsibility belongs squarely with the executive team.
However, boards are responsible for ensuring that material risks are visible, understood, and appropriately governed. When security is contracted, several dynamics can quietly undermine that responsibility:
- Information about training, readiness, and staffing capacity may be overly filtered or summarized
- Incentives between the client organization and the security vendor may be misaligned
- Cost pressures may drive decisions that increase risk without explicit acknowledgment
- Executives themselves may lack full visibility into the realities faced by frontline guards
In these conditions, the board may receive reassurance without receiving insight.
When Security Becomes a “Black Box”
In science and engineering, a black box is a system whose internal workings are hidden; only inputs and outputs are visible. Something similar happens when security is fully outsourced without strong governance touchpoints.
From a board’s perspective, the organization may see:
- Guards present at facilities
- Contracts that specify “armed” or “unarmed” coverage
- Incident reports filed after the fact
What may be missing is visibility into:
- How guards are trained (or not trained)
- Whether staffing shortages are quietly normalized
- Whether “temporary” workarounds have become permanent
- How risk is shifted onto frontline personnel to manage cost or liability
This is not a hypothetical concern. It is a structural one.
A Fictionalized Scenario (Grounded in Real Constraints)
An organization contracts with a national security firm to provide armed protection at several high-risk locations. Over time, staffing shortages and under-investment in training make it difficult for the vendor to supply fully-qualified armed guards. Rather than alert the client to the depth of the problem, the vendor proposes a temporary adjustment: unarmed guards will be placed at certain sites “until licensing backlogs clear.”
Executives, focused on continuity and cost, agree—reassured that this is common and short-term. Guards are issued body armor but receive no additional training or authority. They are paid at a lower rate and placed in environments originally assessed as requiring armed coverage.
On paper, security coverage continues uninterrupted. In practice, risk has shifted: onto guards who lack tools, onto organization staff who assume protection exists where it does not, and onto the organization, which now carries exposure it does not fully see.
Perhaps no one intends harm. But the system quietly accepts it.
Why This Is a Board-Level Issue
Boards do not need to manage security. But they do need to ensure that:
- Material risks are not obscured by vendor relationships
- Executives are receiving unfiltered information
- Cost-saving measures do not quietly undermine safety or ethics
- Human impacts are considered alongside financial and legal exposure
Just as audit committees ask how numbers are generated—not only what they are—boards should occasionally ask how security capacity is produced, not merely whether a contract exists.
Questions Boards Can Ask (Without Micromanaging)
Boards can fulfill their governance role by asking a small number of well-framed questions, such as:
- What assumptions underlie our current security posture?
- How do we verify that contracted capacity matches assessed risk?
- What happens when vendors cannot meet staffing or training requirements?
- Where does security leadership report, and how is bad news surfaced?
- How are frontline guard safety and readiness factored into decisions?
These questions are not adversarial. They are stabilizing.
The Role of Moral Courage
There is an additional dimension here that rarely appears in contracts: moral courage.
Choosing unarmed coverage where armed protection was assessed as appropriate may reduce cost or liability on paper—but it can increase risk to the very people tasked with standing in harm’s way. Boards that care about institutional integrity must be willing to name this tradeoff honestly.
Good governance does not avoid hard realities. It brings them into the open.
Closing Thought
Outsourcing security does not outsource responsibility.
When boards treat security as a black box, they may unintentionally accept risk they would never knowingly approve. When they ask a few disciplined questions, they help ensure that protection—like governance itself—remains grounded in visibility, accountability, and care for human consequences.
Further Reading (Optional)
Andrew Tufano—The Violence-Free Workplace: A Blueprint for Utilizing Professional Security Officers to Prevent and Respond to Workplace Violence
A governance-oriented examination of workplace violence that emphasizes prevention, reporting structures, and the strategic placement of security functions. Particularly useful for understanding why security leadership must have clear access to senior decision-makers.
Alana Semuels, “In the World of Private Security, There Aren’t Many Rules or Regulations,” TIME
An investigative article—part of a broader reporting arc—examining regulatory gaps, uneven training standards, and structural risks in the U.S. private security industry. Especially valuable for boards and executives seeking to understand how outsourcing security can obscure accountability and frontline realities.
Holly Jean Buck—After Geoengineering
A masterful exploration of large-scale risk interventions and their unintended consequences. Buck’s use of fictionalized future scenarios offers a model for thinking rigorously about systems we do not fully control—and the ethical weight of decisions made under uncertainty.