Monday, September 30, 2013

Why Your Security Metrics Stink



            Security departments, like police departments, tend to be very good at data collection. The number of incidents, where the incidents happened, time of day and the types of crimes are all key pieces of information collected.

            The real challenge is how to best handle and report the data. The easy solution is to put together some graphs that show what happened, including trends such as whether crime is increasing or decreasing. The problem is that data like that only tells you what already occurred in the past. It is a lagging indicator. If you are relying on only historical data, your security metrics, or measures, will not always get the right level of support from your organization’s senior leadership and c-suite.

            What security leaders worry about may be completely different from what CEOs worry about. In many surveys, when asked about their top fears, security professionals will answer with topics such as terrorism, active shooters, workplace violence and so on. However, when CEOs are asked that question the answer may be very different. In fact, Lloyd’s Insurance Group just released the 2013 results of top business concerns and terrorism was near the bottom, 44 out of 50, although theft, fraud and corruption were in the top 20 risks. The top concerns instead were higher taxes, loss of customers and cyber risk (the only security-related category in the top 10). The top concerns are in the table below, with a green arrow showing an increase in the level of concern since the last survey and a red arrow showing a decrease.



    







            When the security leader presents his concerns to the c-suite, he may as well be speaking a different language in many cases. By presenting historical data only, the job of translating that to a business mindset is left to the senior leaders and that is only if they chose to do so.

            Instead, security leaders need to present both historical and pro-active results in a different context. Keeping in mind that the CEO may be most concerned about higher taxes, which translates to less profit, maybe even losses, requests for new or expensive security components may not be well received. Instead, focus on how security improvements helps customers feel safer and keeps them coming back instead of seeking alternatives. If a customer does not feel safe leaving his car in your parking lot due to security concerns, that customer may take his business elsewhere. Then the request to add lighting or security patrols or whatever component may become much more likely to be approved if it helps the business retain patrons. In that case, a key metric may become feedback from clients on how safe they feel at your business.

            In another study on business risks, healthcare leaders rated worry over excessive regulation as the top concern; not surprising with the implementation of Obamacare. If your organization is facing new compliance issues or regulation, how do you address those concerns? One solution is to become familiar with the requirements, especially those that have a direct or indirect impact on the security operations. Within healthcare, failure to comply or follow regulations can be directly tied to loss of reimbursement or fines.   

            To make your security metrics truly valuable, look at the list of top business concerns on the list below. Give some thought to how each of these relate to security and what impact security can have on reducing those worries. Then your metrics may be of real value to the organization.

Eric Smith, CPP is the leading authority on organizational self-defense. He has extensive experience in law enforcement as well as security management. Eric is available for staff education and security awareness training as well as business coaching to help organizations provide safe workplaces. To learn more email Eric at businesskarate dot com.


If you would like to reprint this post, please contact Eric at Eric at businesskarate dot com.

Wednesday, September 25, 2013

Reality of Gun Violence


Once again, we’ve seen a tragic and senseless mass murder, this time in Washington D.C. at the Navy Yards. Twelve victims were left dead after Aaron Alexis walked through the building with a sawed-off shotgun picking off targets.

Too often following these horrific events, the knee jerk reaction is to focus on gun control even over how to identify warning signs.
Sponsored Link-
Friend of Foe? Learn how to deal with visitor access with this special report (click here).
 

There is a great deal of talk about active shooters and many security professionals focus on active shooter responses. Certainly, that is a critical part of a comprehensive emergency management plan and from some of these events it is clear that armed security can be a deterrent or stop the attacks before more people are hurt.

It is wise to take a step back from the hype and look at some of the data behind gun violence to keep it in perspective.

According to FBI statistics, less than 10,000 people are killed by firearms each year. That certainly sounds like a very large number. However, that is much less than many other dangers that garner little, if any, attention.

In comparison, look at the data below and think about where the greatest risks actually are.

            From a security perspective, violence is a very real concern. Understanding of risk factors and identification of red flags should be a top priority. However, be careful not to get caught up in the hype. Leave that to the media and politicians.

 

Eric Smith, CPP is the leading authority on organizational self-defense. He has extensive experience in law enforcement as well as security management. Eric is available for staff education and security awareness training as well as business coaching to help organizations provide safe workplaces. To learn more email Eric at businesskarate dot com.


If you would like to reprint this post, please contact Eric at Eric at businesskarate dot com.