Responsibility and blame in the security sector
Security is a serious issue; getting it right can protect a business from commercial damage and its employees from harm
It’s understandable why those appointed to sign off on security decisions can feel a huge weight of responsibility on their shoulders. The role of a decision-maker can be likened to that of a goalkeeper.
No matter how many great saves you make, people will only remember your worst mistakes.
When security works perfectly it’s unlikely that those responsible will be congratulated or even acknowledged. It’s only when a breach occurs that discussion is raised as people look to place blame. So what exactly are the challenges faced by security decision makers and what role does responsibility and blame take?
Barriers to accountability
Security is often seen as a “black art” by businesses. Clients who do not fully understand security or perhaps don’t even value it can be influenced into making misinformed decisions based on price.
This can be counter-intuitive as initial cost and lifetime cost are often disparate. Carefully selecting a security measure based on effectiveness, quality and lifetime will be more cost-efficient, reduce maintenance fees and offer a better standard of security in the long term. Making these decisions intelligently requires proactive research and an understanding of regulatory bodies and their recommendations.
For example, the Loss Prevention Certification Board (LPCB) makes assessments and provides guidance on security specification which is available to designers and specifiers.
Another challenge is making sure that business owners realise and appreciate the threats they face. It can be difficult to convince CEOs to spend money on something they can’t see. Too many take a passive approach, avoiding considering potentially catastrophic consequences until there is an attack close to home.
Fear and blame culture
Worry invariably plays a part in decision-making, whether it’s a concern about being blamed for security failures or the risk of incident as a result of cutting corners to avoid going over budget. Unfortunately, when it comes to security, fear, impatience and the desire to be seen to be taking action often lead to uninformed or rash decisions.
Security decision-making needs to be founded on evidence, risk analysis and modelling. According to research we conducted amongst UK security decision makers, 81% said the consequences of their company’s physical security being compromised are significant. However, 41% had a reactive, passive or indifferent approach to security. This suggests that while they understand the risks, many are not acting on them.
Framing security within the context of risk and vulnerability can help business owners quantify security decisions as commercial ones. All companies have risk registers. Business people understand that if their service is vulnerable, it has an impact on the bottom line, although they don’t always consider security in this way.
Our findings highlight the reason for this contradictory approach is largely due to costs and resourcing, cited as a challenge for over 75% of those commissioning security projects.
Who is responsible for physical security?
Everyone within a business has some responsibility for maintaining the safety and security of a site. Poor staff training and ineffective processes can undermine even best-in-class security investment and design, leaving a company vulnerable.
We asked those working in security specification who they thought was responsible for physical security at their workplaces. While a large percentage said their employer (70%), one in five (18%) said building management and 5% suggested it was those who designed and constructed the building, suggesting a lack of clarity over who is responsible.
In some cases where national security is concerned, even the public plays a significant role and should be kept informed about major issues. Here, the media can have a big influence. Heightening fears of perceived, and sometimes inaccurate threats directly impacts the security measures being specified and implemented.
Businesses, regulatory bodies, designers, architects, contractors, property managers and even tenants all have a role to play in assessing and managing risks, physical security and ensuring safety. Security is serious and as such, those making decisions feel the weight of responsibility. However, this should not distract them from making choices based on assessment, research and expertise without worrying about blame.
Managing Director, Jacksons Fencing