Physical security risks are a growing concern in today’s world, with businesses around the world facing security threats almost every day. Investing in physical security to protect employees and assets has become increasingly important, especially since the COVID-19 pandemic.
With supply chain disruption, civil unrest, gun violence, global pandemics, catastrophic weather, war, inflation and fear of recession, we’re in a new era of risk.
Organizations have never faced a more extreme or uncertain threat environment. Business leaders should stop asking if they will face a crisis and get prepared for when.
Most businesses are already doing this in the area of cybersecurity, which they view as the top business risk. CEOs now need to apply the same rigor to physical security as they do to cybersecurity.
The case for prioritizing physical security
Protecting an organization’s people, places or assets from physical threats is often overlooked, and physical risk mitigation is often under-resourced. Yet the consequences of physical threats are severe.
These include unplanned operational downtime, product loss, customer churn, brand reputation damage, broken vendor or supplier relationships and loss of investor confidence. The risks can even include human injury or loss of life.
Leaders should start by assessing today’s risk landscape and identifying the threats most likely to impact their business – especially as threats spike to unprecedented levels.
At a time when the national discourse remains focused on a possible recession, many businesses are taking another look at their profit and loss statements. As they contemplate current budgets and possible future expenses, investment in physical security is likely to come into question.
Threats to physical assets don’t stop because of an economic downturn.
But threats to physical assets don’t stop because of an economic downturn. The hurricane approaching your coastal headquarters doesn’t care that there’s a recession looming.
It can help to view investment in physical security as more than just a cost center. Instead, it can actually be a strategic advantage.
Companies that are proactive in the face of uncertainty create a culture that is more agile and resilient in all conditions, according to PwC.
With this in mind, the business leader who proactively addresses physical threats might not only make their employees and operations safer, they might also make their company more recession-resistant and able to outperform underprepared competitors.
Top five security threats
The success of any business in any industry relies on a risk assessment and functional physical security measures to identify present hazards and to avoid future threats. But what threats are deemed the most serious, and how can they be prevented?
The top five security threats detected in 2022 were workplace violence, crime/theft, natural disasters, biosecurity and the shift to remote and hybrid work.
Workplace violence can range from threats and verbal abuse to physical assaults and even homicide. The types of relationships that can cause workplace violence typically are worker-on-worker, customer/client, personal relationships and criminal intent.
According to the Society for Human Resource Management, one in seven people don’t feel safe at their workplace.
If employees don’t feel confident in their daily safety, how can you expect them to do their jobs adequately?
That’s an alarming number of people who spend 40-plus hours per week feeling uneasy or unsafe while contributing to the success and growth of the company. If employees don’t feel confident in their daily safety, how can you expect them to do their jobs adequately?
Not only does workplace violence affect individual employees, but about US$130 billion is lost to workplace violence every year.
What your business can do:
- Access control: Control who you’re letting into your facilities and when – even your employees. Employees cause 21 percent of workplace violence incidents; 79 percent involve people who shouldn’t have been able to enter the building in the first place.
- Identify warning signs: Technology tools can help identify threats and compliance issues across social media and the dark web. This is relevant for both internal threats from employees and external threats.
- Workplace violence prevention policy: Create a policy that outlines what is considered workplace violence and how it will be addressed.
- Training: Provide training to employees on how to recognize and respond to workplace violence. Encouraging employees to report any incidents of workplace violence or threats of violence.
- Support: Providing support and resources to employees who have been affected by workplace violence.
Crime and theft within corporations can take many forms, including embezzlement, fraud and theft of intellectual property.
There has been an increase in crime since the pandemic swept the nation in early 2020. Companies of all sizes are more at risk of burglary, robbery, vandalism, shoplifting, theft and fraud than ever before.
Three-quarters of retailers reported an increase in organized crime in 2020.
An unfortunate trend supporting this increase is the rise of flash-mob-style burglaries. The criminals’ strategy is to commit crimes en masse, limiting the likelihood of police or security apprehending all of the suspects.
The traditional security guard is not equipped to stand up to a sizable group and cannot handle this situation.
According to NRF’s ‘2020 Organized Retail Crime Survey’, three-quarters of retailers reported an increase in organized crime in 2020, with losses averaging US$700,000 per US$1 billion in sales.
What your business can do:
- Controls and measures: It is important for corporations to have strong internal controls and security measures in place to prevent and detect these types of crimes.
- Social media monitoring: Most of these crimes are highly coordinated ahead of time via social media. Social media monitoring can sometimes detect these events in time for physical security measures to be implemented.
- Utilize technology: Take advantage of technology that would allow high-value items/your location to be locked down quickly and to record the crimes in progress.
- Policies and procedures: Corporations should have clear policies and procedures for reporting suspected criminal activity, and should work closely with law enforcement to investigate and prosecute any criminal activity that does occur.
Natural disasters can have a significant impact on workplaces. Depending on the severity of the disaster, workplaces may be damaged or destroyed, making it difficult or impossible for employees to work.
Natural disasters have increased by a factor of five over the past 50 years.
Natural disasters have increased by a factor of five over the past 50 years, primarily fueled by climate change. With these disasters only expected to worsen and happen more often, companies need to prioritize more useful security systems to keep their employees and assets safe.
Fortunately, thanks to improved early warnings and disaster management, the number of deaths from these disasters has decreased almost threefold. However, there are still snags in current systems that do not adequately communicate warnings and plans to employees.
What your business can do:
- Business Continuity Management: This is crucial for corporations after a natural disaster because it helps them to maintain business continuity, protect their reputation, reduce financial losses and ensure compliance with regulatory requirements.
- Emergency plans and training: Design and implement your emergency plan for natural disasters likely to affect your corporation’s locations. Constantly review and update your plans and conduct regular training exercises.
Now, more than ever, employee and company safety comes with an emphasis on physical health. Although the need for biosecurity is currently top of mind, it is not a new need.
Pre-pandemic, annual influenza epidemics cost American workers more than US$16 billion in lost earnings annually.
Companies taking charge of their biosecurity will benefit society as a whole.
Security systems are now available that utilize all data inputs for enhanced contact tracing to combat and prevent major pandemics like COVID-19 and the flu. Putting these systems in place will help protect your company’s most significant asset: your employees.
Companies taking charge of their biosecurity will benefit society as a whole. Protecting the physical health of their employees will prevent the spread of disease within the company and community, therefore minimizing the risk for pandemic.
Back to work/hybrid
When the pandemic started in early 2020, millions of people worldwide transitioned from working in the office to home. Suddenly, keeping people safe on the job also meant protecting employees while in their own homes.
With some going back to in-office work and others permanently working from home, the physical security of an organization’s employees and its assets has become a more complex issue that requires more attention.
According to Omida’s 2021 ‘Future of Work’ survey, 36 percent of employees primarily conduct work from home or remote-based, 24 percent of employees are permanently based in an office and 22 percent utilize a hybrid work environment.
As the dynamic of work changes, the way you approach security has to change too.
What your business can do:
- Workspace management/registration: Having people register for a desk before they come in lets you know who will be in the office and when. If something abnormal happens, like an employee unexpectedly using access control to enter a building, the right teams can be notified immediately and take action.
- Visitor management: Having a record of who visited when is even more important for things like contact tracing.
- Merge the siloed cyber and physical security teams: These systems need to work together to understand how they affect each other for total operational efficiency.
Be proactive, not reactive
To ensure your company can stay strong during a crisis, sufficient preparation is of the utmost importance. Each employee must trust that every person, from leadership to entry level, will know what to do when a crisis hits.
First, try to determine which physical risks are most pertinent to your operations. Identify the five biggest threats to your organization and then rank them based on severity and probability.
These risks are dictated by the company’s industry and operational complexity. For example, if you’re a trucking company or distributor, a tornado or heavy snowstorm that affects warehouses and major highways may be at the top of your list.
After you’ve assessed potential threats, it’s time to create a risk-mitigation plan.
If your company is headquartered in Los Angeles, wildfires may be something to prioritize. If you’re a manufacturer or financial company with call centers or factories in the Philippines, you’d consider prioritizing severe weather, protests or even landslides local to that area.
Identifying these threats will provide a framework in which businesses can analyze threats cross functionally – that is, account for how one threat may affect different parts of the business in different ways.
After you’ve assessed potential threats, it’s time to create a risk-mitigation plan. Your plan may include roles and responsibilities during a crisis, travel protocols and methods of communication.
The plan should also promote alignment on crisis response to mitigate confusion if a threat materializes and take into account every possible impact the threat could have across the business.
Although risk mitigation plans should include stakeholders from multiple departments, there should be one person who has clear ownership of physical security, with an easy way to monitor threats as they unfold and establish a reporting structure to minimize confusion about who’s in charge if a threat becomes real.
Plans should also include the formation of crisis-management teams. These individuals should be able to communicate where to go, what to say, and what to do should certain events occur during the threat.
To help crisis-management teams perform quickly in a crisis, business leaders may also want to remove procedural friction points so that an emergency response can run smoothly. This could mean, for example, providing quick access to emergency funds or pre authorizing overtime for employees.
Remember to regularly update mitigation plans as risks unfold and make those plans accessible company wide. It may help to implement a tech solution that can sort new risk data faster and help ensure plans remain current and relevant.
Additionally, AI can help automate updates and minimize errors in the face of a crisis. It can detect threats by processing millions of data points, allowing organizations can make smart, quick decisions when every minute counts.
Also, remember that practice makes perfect. In preparation for a crisis, it’s vital to run tabletop exercises to practice responses. This ensures plans work and stakeholders are prepared when a real event happens.
After a crisis, debrief and hear from all stakeholders about their experience. This will help to avoid potential mistakes in the future.
It’s also important to remember work operations may have to change for a period after the threat passes, giving people time to recover and return to work. This will show employees that their wellbeing is the company’s top priority.
Companies owe a duty of care to their employees to keep them safe and protected from the ever-growing complexity of physical security threats.
Companies owe a duty of care to their employees to keep them safe and protected from the ever-growing complexity of physical security threats. With the increased intricacy and amount of physical threats, new approaches and technologies are necessary to protect employees and prevent physical security breaches effectively.
Properly assessing and gathering all the physical security data available to a company allows them to become proactive instead of reactive, protecting companies and their employees and saving lives.
Business leaders need to implement new operational strategies and cultivate new skills to protect their organizations. Specifically, this means creating new risk frameworks and implementing well-defined crisis plans to protect their organizations proactively.
It’s impossible to avoid all risk. But businesses can leverage organizational structures, processes and technology to create organizational resilience in the face of unprecedented threats.
As we approach a time of uncertainty with inflation and rumblings of recessions, successful companies find profitability even in the midst of an economic downturn. Achieving resilience does in fact generate a return.
A former British Special Forces Soldier, a two-time world record holder, adventurer, philanthropist and author, Dean Stott has advised at the highest levels of security, counter terrorsim, crisis management and business continuity. Regarded as an expert in his field, he has advised and supported presidents, VIPs, governments and royal families. Stott has passed on his experiences in support of others, authoring the book Relentless, supporting charities and presenting keynote presentations for Fortune 500 companies, military, sporting bodies and educational institutions.