One suggestion is that risk management emerged and prospered mainly as a means to help the major US corporations develop and quantify their own self-insurance programmes or 'captive' companies. Possibly so.
Only one problem. Risk management is viewed by some industry commentators to be synonymous with insurance, while other practitioners have simply changed their job title from 'insurance officer' to 'risk manager' and carried on as before. Some cynics would add "with a 100% increase in salary and a much better company car". Either way, it's the dependence on insurance that has hindered the rightful development of security as one of the key factors in risk control.
By contrast, safety management – together with fire protection – tends to have a statutory basis whereas the existence of a security function is at the whim of senior management.
In its best existence, however, risk management has developed several useful tools which can be acquired by security practitioners. These tools are easily summarised. Take the example of a workshop where it may be necessary to use a particular flammable solvent-based chemical. The solvent is a hazard. It can easily be ignited, and may well cause a fire. The risk to the premises and its contents is the fire which may occur. That risk can be managed in one of several ways:
- risk elimination – find a non-flammable alternative;
- risk control – minimise the quantity of liquid stored in the building, keep it in a secure container inside a proper flammable liquid storage cabinet, ensure that adequate fire protection measures are in place to prevent, detect and extinguish fires and make sure that structural fire precautions will contain the fire and minimise the damage wrought;
- risk avoidance – don't undertake the industrial activity;
- risk transfer – contract the process out to another organisation;
- risk financing – take out insurance or make financial provision to underwrite the risk;
- risk acceptance – after reviewing the whole process decide that the risk is acceptable.
Given that risk assessment is really the first step in understanding and controlling risks, security professionals should work closely with risk managers – and use the strengths and influence that the risk management function can bring to bear on security problems.
The impact of technology
The single biggest change in security technology in the last 25 years has been the development of the microchip. As late as 1982, some major suppliers of alarm control panels were still producing units with electromechanical relays. Now, the computer-based system is everywhere.
CCTV cameras used to be expensive, large and bulky – and required significant amounts of power. In addition, most cameras provided only black and white pictures, and performed poorly in low light conditions. Now, cameras based on a single chip and requiring only tiny amounts of electricity provide colour images in near darkness. They also cost less than the lens of the pre-microchip models.
On top of that, a range of intruder detection sensors can protect a building in a variety of ways. Biometrics will allow authorised individuals to enter a building by scanning and measuring features ranging from fingerprints to retinal blood flow. For their part, laser and hologram-based ID cards offer high quality colour reproduction and access cards that are highly secure from the dangers of photocopying, forgery or tampering. There's no doubt that the list of systems advances is endless. Clearly, manufacturers stand ready to meet any and all security needs. For a price.
The greatest problem with this proliferation of technology is the sheer difficulty of keeping up with what's on offer and the speed of development. Today's state-of-the-art system may be obsolete tomorrow. At the same time, the old demands of reliability and low running costs are not always seen as priorities by suppliers and manufacturers.
Taking their cue from computer software manufacturers, all-too-often systems are shipped before they have been 'debugged'. On occasion, products are announced in the marketplace, sold and installed before they've been fully developed. The end user is then left responsible for a system which should still be on test in a laboratory.
The sheer scale of new developments, and how to keep abreast of them, also causes problems for the corporate security professional. That said, the opportunities inherent in this explosion of technology are clear – and the order of priorities would probably be agreed by most working in the field. What most practising professionals would like to see in their security hardware would be reliability (and freedom from false alarms), ease of operation, low maintenance costs, simplicity of installation and ongoing support from both systems provider and installer.
The greatest problem with the proliferation of security technology is the sheer difficulty of keeping up with what’s on offer. Today’s state-of-the-art system may be obsolete tomorrow. At the same time, the old demands of reliability and low running costs
The global revolution in telecommunications – which resulted in part from the development of satellites, fibre optics and the microchip as well as a relaxation (in many countries) of the state control of such systems – has had a significant impact on the security sector.
As you all know, it's now possible to monitor premises on a computer via a CCTV camera down a telephone line from anywhere in the world. In theory, come close of business in London there would be nothing to stop a company in Europe transferring all of its alarm signals and CCTV links to a monitoring station in Chicago. Monitoring could then be transferred to a central station in Singapore when the mid-West goes home. 24-hour coverage, then, without any security officers having to work night shifts.
Security and The New World Order
It seems almost as though the collapse of the Eastern Bloc and the conversion of most of the former Communist states into nascent democracies has been accompanied by an increase in the use of violent protest as a demonstration of dissatisfaction. It's certainly true that many companies who have never before been forced to contend with such activity must now do so. Petrochemical and construction companies, pharmaceuticals giants, fashion and clothing companies, meat producers, travel agencies and airlines, tax offices and court buildings have all been subjected to the same abuses.
Some of the attacks are easier to rationalise than others. Attacking petrochemicals installations and the utilities outfits has a history stretching back to the early 1960s and the US protest movements instigated by the Symbionese Liberation Movement, the Black Panthers and others.
Attacks on a number of these groups can be explained by the increasingly fanatical fringes of some respectable pressure groups. For instance, the various pressure groups involved with campaigns in the UK against cruelty to animals encompass both the ultra-respectable Royal Society for the Prevention of Cruelty to Animals and the Animal Liberation Front – a group that's often deemed to be more dangerous than the Provisional IRA.
It may even be the case that more extreme tactics have been adopted by some groups who see the relative success of the Irish Nationalist campaigners. It is certainly true to say that certain industries (eg the fur trade and the transport of live animals to Europe) have been severely disrupted or even wiped out by the actions of a very small number of people.
Other groups, meanwhile, have chosen a wider agenda, campaigning first and foremost as environmentalists firmly opposed to any further industrial or commercial development. Such groups variously oppose nuclear power generation, road building, new airport terminals, construction in once strictly rural areas, genetically modified crops and the burning of fossil fuels, etc.
In some cases, passive protest methods have been adopted (eg building underground tunnels and tree houses to delay roadworks), but all-too-often such activity spills over into violence and criminal damage.
Both last and this year's demonstrations in London opposing capitalism have caused the authorities much concern. At the root of the problem is the fact that the mobile telephone and the Internet have rendered traditional hierarchical structures inside subversive organisations completely unnecessary.
The problem for security managers and the police is simple: if you don't know who is organising a demonstration or attack, how can you hope to take steps to prevent it?
Companies engaged in any kind of business activity which may be deprecated by even a small group of protestors must plan to provide enhanced security and a swifter response to threats. A number of UK pharmaceuticals concerns have had to do just that to provide protection for some of their research facilities where Animal Rights groups have set fires, planned bombs, released laboratory animals and threatened scientific and laboratory staff.
Companies engaged in any kind of business activity which may be deprecated by even a small group of protestors must plan to provide enhanced security and a swifter response to threats
Litigation and liability
The extension of corporate liability for a range of real or imagined wrongs is likely to assume even greater importance in the years ahead. While neither the frequency of litigation nor the extreme range of damage awards now seen in the US is likely to extend to the rest of the world, it's clear that society now demands much higher standards from corporations.
Here in the UK, for example, the laws are being extended to provide for the new offence of corporate manslaughter, whereby a company's directors may be indicted as a result of certain types of accident in the workplace. At the same time, a climate which encourages large financial settlements of consumer claims means that liability insurance will (at best) become more expensive or, ultimately, unavailable in certain markets.
Security has a key role to play in protecting the assets of a corporation, at the same time providing key data in the forms of surveillance tapes to convince the courts and insurance companies that appropriate measures were taken. The ongoing trend towards so-called 'consumer terrorism' also needs to be countered by strengthening employee screening and validation of personal work histories to ensure that minimal opportunity is given to the members of terrorist groups to obtain first hand experience of the company.
Protection of intangible assets
Very much a part of this whole corporate security ethos is the extension of protection to all company assets – not just plant, machinery and buildings but also things like commercially sensitive information, process secrets and, of course, information derived from expensive research operations.
It's blatantly obvious that some secrets are vital to a company's future. The recipe for Coca Cola may well be a very good case in point. In addition, details of the manufacturing process for a new wonder drug might be the only tangible results a company has to show for 20 years and millions of dollars worth of research. If this is lost or stolen before a patent application is filed an unscrupulous rival could pre-empt the whole process.
It should also not be forgotten that the reputation of a company can be just as valuable as its products. In the time of global brand names and instant communications, the information that Company A has taken its best selling soft drink off the market in Country B because of contamination is big news around the world. As we have seen with a number of recent cases, the impact may be significantly greater than in the one country where the product recall is warranted.
What does this mean? While accidental contamination spells bad news, the opportunities for deliberate contamination (for whatever reason) can be infinitely worse.
Reputations may well be affected by other external activities ('A change of scenery', Security Digest, Security Management Today, May 2002, pp44-46). Both Proctor and Gamble and MacDonald's have been the subject of various 'whisper' campaigns – ranging from allegations that they have supported witchcraft to the suggestion that their commercial activities are directly linked to damage of the rainforests.
The speed with which the Internet can spread rumours as well as factual information suggests that this is likely to be a possible future problem for corporations.
Looking to the future
Whatever the future may hold for security professionals, there are a number of foreseen occurrences that appear certain to be realised: increased globalisation, the MegaCompany (and, possibly, the Corporate State), instant and cheap access to information (with the potential for super hackers and even cyber wars) and new threats to companies and corporations alike.
All of these require the attention span and activity levels which only a good, solid security operation can provide. When viewed in this light, it's apparent that security professionals will have to prepare the ground to ensure that proper plans are put in place (at the same time taking the necessary steps to minimise any impact on the corporation's bottom line).
Source
SMT
Postscript
Stewart Kidd is principal of the Specialised Loss Prevention Consultancy
No comments yet