Intelligence Analysis in the Private Sector: Growth, Challenges, and Applications

At the SEC we've increasingly seen private-sector clients and Tier 1 leaders turning to intelligence analysis to help them manage risk. According to the Harvard Business Review's 2022 article "How Corporate Intelligence Teams Help Businesses Manage Risk," this trend has resulted in intelligence programs becoming ubiquitous; most major companies either have one or are building one.

From the C-suite's perspective, it's not hard to see why. Intelligence analysis promises the ability to see around corners, providing relevant and detailed insights that can allow a business to foresee and limit certain risks while leveraging others for new competitive advantage. Particularly for large companies navigating a global operating environment, this kind of knowledge can mean improved strategy, reduced loss, and increased profitability.

But despite companies' embrace of intelligence analysis, misconceptions persist about what private-sector intelligence analysis is and how it can aid organizations.

What the Field Is

The private sector intelligence field involves much more than information collection.

It involves carefully selecting sources of publicly available data, legally and transparently collecting and processing the data they offer, synthesizing it into relevant, meaningful insights, and presenting those insights clearly and concisely to the appropriate decision makers in the organization.

Private sector intelligence has multiple aims – facilitating strategic decision making, mitigating geopolitical risks, and mitigating security risks. This casts a wide net, taking in competitive intelligence, cyber intelligence, market intelligence, protective intelligence, business transactional intelligence, geopolitical intelligence, and reputational intelligence.

Each of these subcategories deals with diverse facets of risk that are commonly managed in different functions across the organization.

How It Evolved

For centuries, even millennia, intelligence gathering was viewed as an element of war and political affairs. It wasn't for businesses; it was for governments. Finding relevant information required man-hours, extensive training, travel, access, discretion, flexibility – in other words, a substantial investment of resources. For government organizations, this investment could reap benefits that justified the expense, but not so for most companies. What's more, companies generally don't have the same legal rights to intelligence gathering that governments have.

But the scope and reach of intelligence collection and analysis has evolved quickly with the progression of the Information Age.

Private-sector Intelligence collection spiked in the United States after September 11, 2001, relying in large part on the hiring of and partnership with public-sector intelligence community professionals with government clearances.[2] These partnerships allowed businesses to leverage government intelligence resources with the goal of enhancing homeland security.

At that time, the World Wide Web was in its infancy. Now, however, it is a treasure trove of free, accessible information. The proliferation of publicly available information on the Internet – open-source intelligence (OSINT), including search engines, social media, public records, news sources, libraries, web sites, dark web, image searches - has contributed to a significant uptick in private sector intelligence capabilities. Government clearance is of course still necessary to access many types of intelligence, but OSINT can provide game-changing insights if gathered and analyzed by professionals with the right skills.

Applications for Private Sector Organizations

Businesses can use intelligence analysis in myriad ways. Here are just a few examples.

• To identify reputational risks (e.g., slander, activist action)
• To identify physical and protectional threats (e.g., pandemic, terrorism)
• To identify cyber threats (e.g., attack indicators and behaviors)
• To identify and safely exploit business opportunities in new geographic areas
• To protect and track assets through the supply chain
• To vet and validate third parties
• To understand the potential implications of business decisions
• To inform business strategy
• To understand competitors' strategies
• To recognize industry trends
• To conduct pre-transactional diligence in mergers and acquisitions or management changes
• To support the organization in legal disputes and investigations

The graphic below, created by Lindy Smart, Executive Director of Intelligence Studies at Mercyhurst University, shows how several common applications of intelligence range from protective to revenue-driving services.

Lack of Uniformity

Because private sector intelligence is a relatively new field, it hasn't yet developed all the characteristics of a true profession, one of which is a shared identity with common terminology.[3] This presents some specific challenges.

For one, finding the right place to seat it in any given organization can be a trial.

In a survey of 94 private sector intelligence professionals, Maria Robson Morrow, Program Coordinator of the Intelligence Project at the Harvard Kennedy School's Belfer Center, asked where intelligence roles were situated in the corporate organizational chart.

Twenty-four percent were in Security or under the CSO, 18% in Legal, 16% under Operations, 10% in HR, 9% under the CIO or in Information Security, 5% in Finance, 2% each in Facilities, Supply Chain, Technical Services. A further 13% were in other business units not listed.[4]

Again, it's important to point back to the broad scope of private sector intelligence. Roles that focus primarily on one subcategory of intelligence will likely be situated accordingly. Those who manage primarily cyber intelligence may report through the CIO, while those who deal with market intelligence report through Legal or Finance, and protective intelligence analysts are seated in Corporate Security.

Despite the lack of uniformity in the profession, there are commonalities when it comes to the jobs themselves. Private-sector intelligence professionals are expected to have a fairly standard set of competencies to perform certain accepted responsibilities.

The SEC gathered job postings for titles across the spectrum of private sector intelligence analysis titles and looked for commonalities in responsibilities and required skills.

Common Required Skills

• Proficiency in OSINT tools (eg, Brandwatch, Liferaft, Skopenow, Flashpoint, CLEAR, LexisNexis)
• Knowledge of statistical programming languages (eg, R, Python, Scala, Java, C++) and database query languages (eg, SQL, Hive, Pig)
• Experience with data visualization/business intelligence tools (eg, matplotlib, ggplot, d3.js, Tableau, Power BI)
• Knowledge of the intelligence cycle, including analytic methodologies and techniques
• Research and intelligence gathering skills
• Strong algebraic and statistical skills
• Project management skills
• Expertise in predictive analysis and threat assessments
• Ability to quickly and effectively synthesize and summarize large amounts of information from multiple sources into concise, analytic assessments
• Excellent oral communication
• Excellent written communication
• Excellent presentation skills
• Ability to prepare graphs, charts, tables, maps, and other illustrative devices from collected data
• Critical thinking
• Problem-solving aptitude
• Consistent track record of working with cross-functional teams

Common Responsibilities

• Identify information and intelligence needs
• Conduct research
• Develop methodologies for tracking, assessing, and scoring country-level risk conditions
• Compile and evaluate intelligence products from local, national, and international sources
• Identify subject matter experts and develop relationships for intelligence sharing
• Maintain and update databases
• Process, cleanse, and validate the integrity of data
• Analyze multi-faceted data to show processes, trends, and patterns
• Develop and deliver high-quality written products and oral intelligence briefings
• Present information using data visualization techniques
• Protect and maintain sensitive and confidential information

What the SEC is Doing

The Security Executive Council is working to help security leaders leverage the many security and business benefits of private-sector intelligence while helping to build up the community of intelligence professionals who will serve them.

As part of the internship program started with Mercyhurst University's Ridge College of Intelligence Studies and Applied Sciences in 2021, the SEC has placed more than 120 Mercyhurst interns with security leader clients to provide data analysis and intelligence as well as research and other projects.

In addition, this month will mark the grand opening of the Business Information & Innovation Lab at Mercyhurst University. This joint project will create intelligence research and products for corporate security leaders to use to inform their mitigation decisions and to advise their senior executives.

Contact us for information.

[1] Morrow, "Private sector intelligence: on the long path of professionalization," Intelligence and National Security, Vol 37, Issue 3, 2022

[2] Daniela Baches-Torres, "Private Sector Intelligence: A Developing Professional Environment," APU Intelligence Blog, 4/30/2021, https://www.apu.apus.edu/area-of-study/intelligence/resources/private-sector-intelligence-a-developing-professional-environment/

[3] Morrow, "Private sector intelligence: on the long path of professionalization"

[4] Kolbe and Morrow, "How Corporate Intelligence Teams Help Businesses Manage Risk," Harvard Business Review, 01/04/2022

[5] Ibid.

Download a PDF of this resource below: