Thought leaders from security providers look ahead to 2015
In our winter edition at the end of 2014, we asked security business leaders, in your view, and in light of the increased threat level: What should be the main priorities for those developing and delivering security? What barriers are there to overcome to deliver effective security? What do you see as the emerging trends and opportunities for all those working in security in 2015?
The following senior officers provided their views:
- Neill Catton, Managing Director, CIS Security
- David Ward, Managing Director, Ward Security
- Adrian Moore, Operations Director South, VSG
- Charlie Cleverly, Director London, Wilson James Limited (at time of writing)
- Dr. Christoph Rojahn, Director Forensic, Deloitte & Touche, Germany
- Paul Eskriett, MBE, Strategic Advisor, QCIC
- Andrew Nicholls, MSyI, Industry Sector Lead CSSC and Head of Security and Licensing, Mitchells & Butlers (at time of writing)
Neill Catton, Managing Director, CIS Security
While travelling by train recently, a fellow passenger asked if anyone owned a suitcase that had been left by the carriage doors; no one answered and the man asked again, but this time with a slightly raised voice. I could sense the unease in his tone. The silence, which probably lasted just a few seconds, seemed like minutes. My reaction was to pack up my bag and move on to the next carriage, or should I pull the emergency brake, or wait until the next station and raise the alarm? My dynamic risk assessment was gaining momentum until someone finally claimed the case. I had to see who it was to satisfy myself that this was a bone fide owner. This was a personal realisation that the threat level had been raised. Over the past months tensions have been building and the almost daily news about radicalised Britons travelling to fight in Syria had certainly hit home on the 09:28 to Charing Cross.
The priorities for 2015 are to ensure security leaders are talking about threat and that continuity plans are in place and reviewed. ‘What if?’ scenarios, Desk Top Exercises, Refresher Training are all important to test Crisis Management and focus the Security Professional’s mind. Above all, communication, awareness and observation united with collaborative relationships with law enforcement and authorities will allow the thousands of security professionals both on and off duty to prevent and protect.
I believe that most barriers can be overcome as long as time is taken to demonstrate the benefits of effective security. This may take a little extra effort, but the satisfaction and reward of providing a totally managed security service are apparent.
We will see greater integration with the public sector, although this may become more evident after the general election in 2015. Technology will continue to add another dimension in access control and CCTV through innovations such as facial recognition and smartphone technology.
David Ward, Managing Director, Ward Security
The key challenge is positioning the security sector as one that can provide you with an interesting and well paid career. We need to be attracting graduates and bright young things who can bring new ideas and innovation to the industry, as well as the experienced personnel.
Security is a profession and, as such, people who work in that field should expect that to be recognised and fairly remunerated. As an employer of more than 500 people I know how important financial reward is to my team and also that we are one of the better payers in the industry.
Low pay is certainly a barrier to entry as is a lack of understanding about how the security industry can provide a rewarding and long standing career. It is up to the leaders in the industry to act responsibly, lead from the front and safeguard the future of the industry.
Adrian Moore, Operations Director South, VSG
In light of the recent threat level increase, it has become apparent that many businesses already have a risk management strategy, but not all have fully scalable responses that are rehearsed and regularly drilled throughout the security teams. As a starting point to reviewing this business critical area, a full security threat and vulnerability assessment should be carried out to fully assess the current situation. Irrespective of the threat level, these assessments should be conducted on an annual basis as a minimum to review any threats that businesses may face, whether they be direct or indirect. The assessment can be at the forefront of the security strategy to enable the operational response to be activated at any given time.
This review will give a clear understanding of how effective the existing security measures, processes and manned guarding deployment are. The review should also focus on the protection levels against the critical assets that you identify as having significant importance to your business. These potentially include personnel, physical assets with an intrinsic or commercial value, information which may be sensitive or could be used for competitive advantage, or anything which could significantly affect the reputation of your business, and in many cases the reputation is the biggest asset.
Once the level of threat and physical security vulnerabilities are understood, they should be measured against quantifiable impact levels. This can assist in minimising subjectivity in the overall risk level assessed. It is only when you know the type of threat that is faced, that you can then consider how to mitigate against it and, more crucially, whether you need to.
Whilst understanding the commercial impact this may have, it doesn’t always mean an automatic financial impact; simply conducting such a review could result in a re-deployment of Security Officers, allowing a better use of existing manned guarding resources without compromising security risks.
Charlie Cleverly, Director London, Wilson James Limited (at time of writing)
The transition to a threat- based security provision should be seen as a genuinely achievable goal in light of the diverse, global threat that is becoming ever more apparent.
The threat spectrum from direct and indirect attacks means that clients, and their providers, should be conducting reviews of their current security plans in order to create a risk register from which they can create a robust security strategy in light of changing threats. Budgetary limitations will exist and, therefore, a risk register will enable an informed decision to be made as to where to accept risks and where not.
The need for the integration of the cyber threat into the physical security plan must be acknowledged, as the physical security plan will have a role to play in supporting the cyber plan. A wider understanding of the threat posed by indirect attack should be seen as an essential part of developing the industry; with this understanding being devolved through training and regular updates to the front line operatives. By recruiting, training and equipping front line operatives who understand the threat, technology and how to communicate effectively, we should be well placed to demonstrate the value of the security spend to our clients.
Dr. Christoph Rojahn, Director Forensic, Deloitte & Touche, Germany
Historically, security organisations have been growing in parallel to the growing size of organisations – more employees and assets have usually resulted in (though usually not proportionate) increases in budget and headcount, although it frequently needed high-profile incidents to bring security to the forefront of the agenda.
Today, the realities of globalisation mean that any increase in size is likely to be accompanied by a disproportionate increase both in risk (due to the need to look for opportunities in new and less stable markets) and complexity (as organisations connect with more and more third parties in numerous different jurisdictions for sourcing and support).
Realistically, risks resulting from these changes could no longer be met by sheer quantitative increases, even if companies were willing to make the corresponding investments. Instead, security will need to adapt to become more agile in order to deal with an increase in complex risks resulting from international operations, organised crime, economic espionage and rapidly rising levels of regulation. Meeting these challenges frequently requires a qualitative improvement in processes in general and in the identification, assessment and management of information in particular.
Paul Eskriett, MBE, Strategic Advisor, QCIC
During 2013 and 2014 police and the security services have done an outstanding job in identifying people who have become radicalised and would wish to create terror on mainland UK. They have been dedicated and conscientious in this role, but I doubt anybody would argue with the suggestion that they have also been lucky and the balance of probabilities suggests that luck is unlikely to last forever. Their success has meant that the UK has been attack free for some years and although the threat level has been raised to Severe and the public and security staff are warned to be vigilant, many have become complacent. Complacency leads to a lack of training and awareness as well as the belief that security levels and equipment are sufficient to meet future needs. That is seldom the case.
Although we are being told an incident could happen at any time and we need to be alert, when it happens it will be a shock and initially there will be an element of panic. Therefore, it has become even more important for organisations to have practices and procedures that they can exercise on a regular basis. Staff need to know exactly what is expected of them following an incident and to know what others in the organisation will do, as well as other response organisations. It is also important that all organisations review their security equipment and practices to ensure they are taking advantage of the very latest and most effective technology. This can often best be done by an outside company, which will provide a fresh view and not be constrained by historic and possibly out-of- date views.
Andrew Nicholls, MSyI, Industry Sector Lead CSSC and Head of Security and Licensing, Mitchells & Butlers (at time of writing)
Security management has become not only a very specialised area of any organisation but also increasingly demanding on those who have the responsibility of managing that risk. There is a growing need for qualification and competency and security managers need to be kept fully updated with topical information. At this time of year, when any retail organisation is at its busiest, this is a growing challenge: everyone is busy taking lots of money and the business is attracting interest from criminals who will be looking to take advantage of a vulnerability.
The training and development of the security team is essential and often you will find some hidden talents in the team. People may think that development always costs money, but attending Project Griffin courses is low cost and involvement with CSSC is free. By supporting these great initiatives organisations are better prepared and more informed.
Awareness about the threat is key to protecting people and this includes customers as well as staff and suppliers. The National Counter Terrorism Awareness Week, communicated to business through CSSC, helped achieve just that. Of course, one of the biggest challenges for any security manager is how to communicate the security message. If you send out too much information people don’t read it, but you have a duty to warn to help prevent the same incident happening again. Getting to know and understand the communication systems in an organisation is key to reducing the risk of crime.