Measurement has long been positioned as the ‘holy grail’ of internal communication—the missing link that once perfected will recession-proof our industry and provide a definitive linear link between how much effort is spent on internal comms, and how much is saved, earned or generated by the company or client as a direct result. 

 

For the most part, most of what we measure falls short of making that silver-bullet distinction clear.

 

But while I have yet to find a client willing to measure it effectively, one area in which I have been working in the last few years shows enormous potential in terms of the impact effective communication can have—and in demonstrating a linear relationship between communication effort and money saved by a business:  IT Security communications.

 

IT security, or Infosec as many of the field’s pros are wont to call it, is hardly the sexiest venue for an internal communicator.  But Infosec is a field where effective communication can quickly make a measurable difference for several reasons:

 

  • Most information security efforts are technical in nature—built around intricate hardware and software.
  • Many information security lapses, however result from either laziness or ignorance on the part of employees, if not outright mischief
  • While staff technically may be “required” to apply certain standards of vigilance to their usage of computers and other corporate information assets, corporate Infosec functions lack the staff and wherewithal to prevent every potential breach
  • However, effective internal communication that identifies specific desired behavior changes and respects the ability of users to choose whether or not to make those changes can lead to reductions in targeted breaches and lapses.

 

Measurement in these cases is not a simple linear exercise—as an uptick in communication often leads to higher reporting rates of incidents for a quarter.  But factoring in that increase in reporting rates then allows one to see the impact that effective internal communication, whether it is traditional stuff like posters and newsletters or more sophisticated approaches like working Infosec messages into other organizational media, has on specific targeted lapses and incidents.

 

For the most part, major lapses and incidents have been attributed with monetary figures, based on internal data or on a University of Michigan study on the costs associated with information security incidents.  So, within three quarters, factoring out the first quarter for increased reporting rates, one can produce measurements that demonstrate a relationship between internal communication effort and money saved by the organization.

 

This is a reason why internal communicators can be well served to seek out opportunities to support their company’s information security efforts.  But the effort does not have to stop with information security.  If communicators can demonstrate a significant return on investment (ROI) in information security, they can also imply a significant ROI case in less easily measured arenas like leadership and strategic change.  Surely, if a company’s Infosec communication ROI is 10-1, there are managers who would be willing to give communicators the benefit of the doubt in less obvious areas.  For that reason, the ROI of pursuing Infosec work may be quite reasonable for an ambitious internal communicator.