The Value of Periodic Security Reviews

As posted on LinkedIn Pulse on October 27, 2017

All to often, we find the call for a security assessment in the wake of a serious security breach or breakdown. We believe that it is far more effective and cost efficient, to not wait for the wheels to come off.

For those industries that cater to the public, such as hospitals, hotels, malls, schools & universities, entertainment venues and residential complexes, those assessments often occur after-the-fact. Clearly, one of the most serious incursions are active shooter attacks. These attacks also draw the most intense media coverage. Various news sources from around the country are reporting increases of criminality in hospitals over the past year. One publication states: 1 in 2 Hospitals Have Seen an Increase in Crime This Year. In the aftermath, the question then becomes, who will conduct the post-incident assessment? Will it be the security expert retained by the plaintiff, or will it be the security expert retained by the defense, or both. In either case, this route is costly. The cost benefit of being proactive, is far more efficient than responding after-the-fact.

Those businesses the afford public access must reasonably control the perimeter with the assumption that some bad actors may enter their facilities. Consequently, the security strategy must pay attention to the reasonable security of inner space. This is why CPTED, such as wayfinding and participatory security awareness programs are a must, commensurate with the local threat environment.

The most cost-effective mitigating remedy for either of these options, is to periodically, and proactively, evaluate your security your security program of your own volition, and when prudent, the engagement of a qualified security professional. A qualified security consultant should be conversant with your vertical (hospitals, shopping malls, residential complexes, hotels, entertainment and sports venues, etc. Remember, security is an anticipatory discipline. Don’t wait for the wheels to come off.

Bear in mind, the cost of reaction almost always exceeds cost of being proactive, by a large margin. The cost of not being proactive, includes physical and emotional damages, as well as compensatory damages . There are also a number of indirect costs associated with negative publicity.

Clearly, a robust security assessment should not be driven by the sole motive of litigation avoidance. An effective, multiphasic security review is simply good business. The impetus for an effective security program, should be driven by customer satisfaction and happy employees. A comprehensive security operation will generally mitigate most liability exposure. Security must continue to be a situational discipline that is commensurate with accepted industry standards of care, and the ambient milieu.

Don’t wait for the wheels to come off before initiating a security assessment. Security is, and should be, an anticipatory discipline. The cost of reaction is significantly more cost than the cost of being proactive. Secondly, the ambient threat environment is subject to modification and change. What works today, may not work tomorrow.

An effective security review, should begin with the quantitative defining of both the internal and external, ambient threat environment. This requires the ability to recognize the very special needs of hospitals, with a relatively high standard of care. One must be cognizant with the standard of care for shopping malls or entertainment venues. High-rise and gated communities, as well as office parks, would also benefit from these services. Those consultants that have extensive experience in the profession of security evaluation, and extensive litigation experience, are worthy of consideration. The quantification of Risk require a two dimensional perspective (The probability of occurrence and the financial consequence, of the security breach.) You can’t know where you are going, if you don’t know where you have been. In order to make good decisions, you must have valid and reliable data.