These are anxious times for those responsible for the physical security of people, systems, and facilities. Workplace violence, active shooters at schools or places of worship, insider threat, theft, ransomware, and cyber-attacks dominate today’s headlines. The various impacts of risk to an organization, including the well-being of its people, frequently result in loss of business and profit:
- Cybercrime cost U.S. businesses more than $6.9 billion in 2021 (source: FBI Releases the Internet Crime Complaint Center 2021 Internet Crime Report | WaterISAC)
- Organized retail crime cost stores an average of over $700,000 per $1 billion in sales in 2020 (source: 2020 Organized Retail Crime Survey | NRF.com)
What Is Risk and Why You Should Care
Risk is the likelihood of an event or incident occurring that has a negative impact (harm or loss) on an organization’s assets. Factors used to determine risk include the identification of vulnerabilities, threats that will exploit those vulnerabilities, and the probability or likelihood of occurrence. All these are evaluated against an organization’s assets.
The losses from incidents to or near a facility can be many and be direct or indirect (collateral damage from nearby events). Losses can be significant: employee turnover, merchandise theft, reduced property values, physical damage to the facility or its assets, increased insurance premiums, and/or closure of the business/organization. Industry data shows how damaging the results can be:
- Employee theft costs businesses $50 billion annually (source: 22 Stunning Employee Theft Statistics : Facts Every Employer Should Know | Zippia)
- 33% of all U.S. business bankruptcies are a result of employee theft (source: Employee Theft Statistics: 2020/2021 Impact & Costs to Business | CompareCamp)
- A survey of small business owners found that 54% experienced an increase in shoplifting in 2021 (source: Business.org Inventory Management Software: Best of 2022 | Business.org)
Additionally, organizations are responsible for providing a certain standard or “duty of care.” This means making reasonable, prudent, and good faith decisions to provide for the health, safety, and well-being of those under your care. Failure to meet this requirement subjects the organization to legal ramifications.
- Businesses account for over half of active shooter incidents in 2021. In at least 10 of the attacks, the shooter was a current or former employee (source: FBI Active Shooter Incidents in the United States In 2021)
- Per the FBI report, 28 of the active shooter incidents occurred at public businesses resulting in 57 killed and another 54 wounded. (source: FBI Active Shooter Incidents in the United States In 2021)
Here's What You Can Do
It is never too late to improve your organization’s security posture. As a matter of fact, risk management is a continuous process. But first, you need to have a risk assessment done to analyze vulnerabilities, threats, and impacts and determine what really needs to be addressed. This information should be incorporated into your strategic plan to include priorities and budgeting. Implementation includes program management, planning, coordination, and training. Security is holistic so don’t forget that the networks which connect the systems can compromise your physical security.
Consider Seeking an Outside Expert
Reducing risk is more than just installing the latest and greatest technologies or writing a policy that says “Thou shalt not do…” Consider using an outside security expert to evaluate your risks, for a few reasons:
- Your organization may not have the capability or subject matter expertise to identify what is an actual concern and properly identify the realistic security risks to your organization. They have the experience and knowledge of standards, regulations, and technologies available to mitigate the risks.
- An outside expert can provide an unbiased evaluation to identify the vulnerabilities and the threats to the organization, people, facilities, and systems. Additionally, they can help to identify your assets and the true impacts of a loss of each.
- A knowledgeable security consultant can help you improve and design physical security programs and facility infrastructure; implement appropriate emergency and security plans, policies, and procedures; and identify training and drills to improve your overall security posture.
How We Can Help
Anser Advisory has a solution to meet all your security needs. R-SHIELD™ is our branded and field-tested solution to provide a secure and safe environment for federal, state, municipal, and commercial clients. With R-SHIELD™, our security subject matter experts provide a total package solution to support you from assessment to execution. Partnered with ARES Security, our proprietary methodology offers immediate returns on investment on implemented mitigations for a new or existing location whether it is a single facility or a large campus.
Identify vulnerabilities through interviews and physical assessment across 17 different security topics
Review and identify threats or model (option) the likely path and mode of attack based on over a thousand threats
Optimize threat detection and mitigation implementation
Provide a current and proposed security Posture Score
Provide cost-effective mitigation solutions and quantitative effects to show return on investment (ROI)
Support strategic planning to implement mitigations over time and manage residual risks
R-SHIELD™ was developed and tested at some of the most secure facilities in the United States and around the world. Recently, we led a customer from concept through execution in planning, procuring, constructing, integrating, and delivering an entire secure campus.
Anser Advisory's team of subject matter experts provides project management and security support to our clients in federal, municipal, and commercial environments. From physical and electronic security to emergency planning, most of our current projects involve agencies with needs for enterprise-level and fully integrated systems.
For more information about R-SHIELD™ and how we can support your organization, please visit R-SHIELD™.
About the Author
Jennifer Holcomb, PE, PMP, PSP, CPP, CPD
Jennifer is the senior technical expert at Anser Advisory with the responsibility of identifying, standardizing, and delivering industry-leading security consulting services for the firm. She has spent more than 20 years overseeing complex security missions across the country for state, municipal, federal, and private organizations. As both a senior security professional and project manager, she is routinely sought after to advise, assess, and provide security services to multiple military and federal facilities, state and municipal facilities, and private industry and commercial facilities across the country.
She additionally serves on the ASCE 59 "Blast Protection of Buildings" Standards Committee and has served on the ASIS technical committee to update Active Assailant standards. She authored Chapter 7, Security Architecture and Engineering in the ASIS Physical Security Principles book (2015) and serves as a director on the ASIS International Professional Standards Board. She routinely facilitates security training for corporate clients and professional industry associations. She is a frequent keynote speaker at industry events and conferences, such as the Global Security Exchange (GSX).
Jennifer is a licensed Professional Engineer (PE), certified Project Management Professional (PMP)®, certified Physical Security Professional (PSP), Certified Protection Professional (CPP), and holds the "Crime Prevention Through Environmental Design" Professional Designation (CPD) from the National Institute of Crime Prevention (NICP).