|
|
Security @ The Millennium
A White Paper Presentation From Security Magazine And The Security Group, Cahners Business Information
Presentation at ASIS International Seminar and Exhibits
Sept. 27-29, 1999
Copyright 1999. SECURITY Magazine. ALL RIGHTS RESERVED.
Preface By Ira S. Somerson, BCFE, CFE, CPP, President,
Loss Management Consultants, Inc., Blue Bell, Pa.
Standard security practice mandates that an organization's assets cannot be adequately protected without knowing what risks will be faced. Future risk dictates every market that will then protect an organization's assets (people, information, property or reputation). This standard security practice also urges a continued future risk assessment process to support the deterrence, detection, denial, response to, and/or recovery from foreseeable risks. Markets will therefore be driven by future risk.
In the 1950s, 1960s and the early 1970s, business felt that the investigative and protection skills of law enforcement and in-house security forces were what were needed to fulfill their agenda. The Rand Report and the LEAA's Study titled "Private Security" were landmark reports that, to a large extent, criticized the security industry. Then in the early 1990s, the Hallcrest Reports (I & II; Butterworth-Heinemann) spelled out the failings of the law enforcement community and private security to work together in achieving their objectives. The growth of the security industry during the 1970s and 1980s, both proprietary and contract services, was enormous. It was during this period that vast technological improvements in security markets evolved.
The 1990s persisted with growth and change. With it came "downsizing," "rightsizing," and "re-engineering." The information age and the economic boom it has created have widened the gap between the haves and have-nots. There is enormous pressure from those having little or no security blanket in our society to express their anger and frustration. Violence in the workplace has become a dominant U.S. threat. There was a time when business only had to cope with the competitive pressures from other domestic companies. The world has shrunk and most industries now face global competition. Businesses are not only concerned with the ethics and mores of a domestic environment, but must now deal with the values of a dynamic world market. Vast new technologies in communications have placed enormous pressures on businesses to protect their data and the assets that pass through these technologies. Not only are informational assets exposed to traditional foreign and domestic intelligence threats, but they are also vulnerable to those committed to a violent and destructive agenda. Fraud and violations of corporate trust continue, but are only exacerbated by the window of opportunity created by new technologies. All of these and other future risks as well as vicarious liability, sanctions from the Federal Sentencing Guidelines and the new proposed guidelines from OSHA (safe workplace) have set the stage for a new breed of corporate security executive. This new executive must be capable of stewarding asset protection as well as other organizational missions. Future markets must therefore reach these new executives.
It is now 1999 and the new Millennium is fast approaching. Corporate America has still not placed asset protection on its top burner. Undergraduate and graduate business schools still energetically resist adding asset protection and related curricula to heighten a student's awareness of future risks. Business students are entering the marketplace never having any studied appreciation for the many facets of future risk and their impact upon an organization's competitive position, profitability and yes, survivability.
Security @ The Millennium takes aim at these important objectives and provides an essential market overview as to what the next millennium will produce. Are you looking into the future?
In the most comprehensive study of its type, an article in the October issue of the Journal of Law and Economics (University of Chicago Press) says that crime costs $4,100 per person, or $1.7 trillion in 1997 dollars. The report, researched and written by David Anderson, an economist at Davidson College in North Carolina, covered such details as police and private security expenses, corrections costs, expense of crime-related injuries, amount of theft. Anderson says that criminals annually steal $603 billion in assets while also creating an additional $1.1 trillion worth of lost productivity.
| Shoplifting Loss Per Incident | — In 1998 the average was $60.74
— In 1997 the average was $58.43 |
| Restaurant and Fast Food Employees, Loss Per Employee | — In 1998 the average was $218
— In 1997 the average was $96 |
| Employee Theft: How Employees Look at Themselves | — 13% Dishonest; Will Undoubtedly Attempt Theft
— 21% Basically Honest; Will Never Steal
— 66% Will Steal If Others Do Without Repercussions |
Source: Analysis by The Security Group, Cahners Business Information, of a study of 500 employees nationwide by Michael G. Kessler & Associates, Ltd.; the 1998-1999 Retail Theft Trends Report, conducted by Loss Prevention Specialists with a funding grant from Sensormatic Electronics Corp.; and the Fourth Annual Survey of Restaurant and Fast Food Employees, administered by NCS information services company.
- At the close of the `90s, a strong, robust economy surpassed crime and the perception of crime as the number one force that influences the purchasing of security products and services.
- Expect growth in new and growing markets for Systems Integration, Home Systems, Emergency Response and School Security.
- Random acts of violence, while increasingly troubling, do not unilaterally top the short list of concerns. Instead, more common and chronic risks of employee theft and property crime emerge uniquely to the type of business and property at stake.
- Computer Security now ranks among practitioners as the area of most increasing concern — nearly 25 percent ranked it as their top problem compared to 22 percent last year. Among Industrial security managers, computer security ranks as the number one threat to people, buildings and assets.
- Reported incidents of computer hacking, industrial espionage or employee sabotage are actually limited. But almost one in five corporate security executives surveyed said they lost computer equipment or company data as a result of an information security breach.
- Increasingly "open" access control technology will integrate more non-security systems into the protection function — asset tracking and time and attendance are prime examples.
- Security will move into new realms of inventory and asset management. A telltale sign: 30 percent of all security executives have added non-security functions to their responsibilities last year.
- Of all tools in the security arsenal, closed circuit television surveillance is currently the most often purchased category, and it is the most often "planned purchase" in the next year.
Security at the close of the 1990s is in a powerful shift. Now and for the near term, the strong engine of a robust economy has surpassed crime, or the perception of crime, as the factor that most influences the purchase of security equipment and services. For 75 percent of all dealers/installers and just as many end-users surveyed in SECURITY/SDM market research, economic conditions — including but not limited to indicators such as business capital expenditures and residential building activity — affect security purchases now more than ever before.
The decade ends in an ebb of what was once a flow of consolidation among security alarm companies. In a typical pattern of heavy acquisition followed by "breather" years, alarm dealers and installers are facing new forms of competition. As they do, they tend to diversify as well as specialize, to carve out strong niche markets for strength against large, national competitors. Utilities, regional bell operating companies, even cable companies, have forayed into the security market, but even collectively, they are not considered a threat to the health and success of the range of security dealers and distributors. In fact, most security system dealers project healthy, double-digit growth in stride with a strong, general economy.
Among corporate and government security end-users, the powerful force of today's competitive economy has become a mandate for greater accountability. Scare tactics or status quo purchasing is out. Direct, bottom-line return on security investment, lean and efficient operation or consequential cutbacks, are now standard operating procedure.
U.S. construction, a barometer of economic well being, reflects healthy potential for the after-market of security system sales, especially in newly built homes and offices. Half of all 1998 construction spending went to residential projects, and homeownership rates have reversed since the `80s to current all-time highs, according to the Joint Center for Housing Studies at Harvard University.
New and reconstruction of commercial properties, expected to sustain steady growth in keeping with the overall economy, also bodes well for near-term security sales. In general, low interest rates couple with high employment needs to promote greater demand for commercial office facilities. Office construction that plunged in the `80s — with urban and suburban vacancy rates hitting as high as 21 percent in some areas — has rebounded sensibly. Since 1977, vacancy rates have leveled around 10 percent, construction has returned to robust levels, and savvy developers are likely to ease up on construction to prevent the overbuilding mistakes of the 1980s.
Securing those spaces spawns the need for access control, surveillance, garage and parking lot protection. And as developers seek to lure tenants and businesses to new or renovated facilities, security is becoming part of the sales picture — with services and features that ensure stable occupancy.
| Long Term Factors That Drive Security Sales | — Economic conditions
— Crime
— Sales and marketing prowess
— Disposable consumer income
— Capital spending by businesses |
As the economy expands, and even as it may contract or hold, security sales stay in stride by evolving as niche sales. Diversified among dealers and installers, who are becoming increasingly specialized, security sales are increasingly fine-focused on the types of systems and service that each company provides the user. Among the emerging sectors and trends to watch:
Systems Integration. SDM Magazine began defining this market in 1996 as companies that earn more than half of their revenues from sales and installation of Access Control/CCTV-based integrated commercial systems. Tracking this market sector, SDM estimates that Systems Integrators accounted for just over $1 billion in sales last year — a number that may be considered conservative. Expect traditional burglar alarm companies to expand into this market, especially as networks and dealer programs allow regional stalwarts to compete for national accounts. For commercial security end-users, expect the market to evolve with identifiable subspecialties such as HVAC or energy management systems, or by application, such as retail or industrial systems specialists.
Home systems, home theater and installation of potentially converged systems. Another area of security market growth and specialization is emerging from the advancement of consumer electronics and home communication. Cable, direct broadcast satellite television and other emerging whole-house systems will be among features sought by new and trade-up home buyers. Home systems that dovetail with security are a natural growth for installing companies. Among them, digital home TV theater, home automation and whole-house audio will increase, as will closed circuit television (CCTV) as a home or look-in adjunct. Witness the proliferation of nanny cameras and day-care CCTV as a case in point.
Emergency response and medical monitoring. Because of the close links between safety and security, because both involve around-the-clock monitoring and fast, efficient response, and because both areas are as technology-driven as they are technology-dependent, expect closer alliances and even single-source supply as security companies and corporate security departments naturally expand the range of service. Look for simple, automatic external defibrillators to buttress emergency medical response in public-service businesses such as airlines and cruise lines. Alarm monitoring and security companies may expand here, particularly where home health monitoring is medically prescribed and central station monitoring is already underway.
School Security. The country's school stock is aging. More than one-third of the U.S. primary and secondary schools need "extensive repair or replacement" according to the American Society of Civil Engineers. Just as many schools have "inadequate" building systems, such as HVAC and security. Moreover, enrollment is increasing as baby-boom offspring reverse the flat-to-declining enrollment trends of the `80s and early `90s. Therefore, education construction spending has been a top-performing market sector, sustaining double-digit growth since 1997.
Couple these trends with highly publicized school shootings, hate crimes and increased concern of violence among youth, and security for this changing market can only improve. Over 50 percent of school security executives say they have taken extra action in the last year to prevent violence. The most common school security measures currently in use are 2-way radios, burglar alarms and facility intercoms. Tools most likely to be purchased in the next year: video cameras, anti-graffiti products and 2-way radios.
Public dollars are obtainable for school security improvements. New and recently enacted legislation will make more federal funds available for school construction and renovation over the next several years. One bill, for example, provides $25 billion in bonds to states and local districts through 2001 to modernize 6,000 public schools. Other initiatives include private tax credits to pay interest on school modernization.
As we stated, the close of the `90s brought a shift in which crime and risk were less of a driving force than a powerful economy. That does not discount crime and risk, however, as real forces that continue to shape security. In fact, crime is the second-most influential factor in security service and system sales.
Overall crime rates have declined over the decade, but the perceived need for a secure workplace is only on the increase. And in fact, SECURITY Magazine reports, lower crime rates tend only to focus corporate attention on other issues such as computer security and white collar crime, where loss potential is enormous. To be sure, insider crime and employee theft have long surpassed outside concerns of street crime, vandalism and violent or property crime as a private security concern.
| Top Commercial Security Concerns | 1. Employee theft
2. Property crime
3. Access/egress control |
Market research reveals that computer security is the area of most increasing concern among security practitioners. Nearly 25 percent of SECURITY Magazine study respondents ranked it as their top 1999 problem compared to 22 percent the year prior. Among industrial security managers in one study, computer security was the top-ranked threat to people, buildings and assets. For one head of security at a Fortune 50 company, computer security is described as "our fastest growing function," met head-on with a cross-discipline approach.
The computer security problem not only includes desktop hardware and laptops, but more so, the information those systems contain.
Reported incidents of computer hacking, industrial espionage or employee sabotage are actually limited to about 13 percent of respondents surveyed by SECURITY Magazine. But almost one in five corporate security executives said they lost computer equipment or company data as a result of an information security breach. Further, the number of respondents reporting breaches relating to the Internet increased 9 percent between 1997 and 1998, tallying almost one in four.
To secure the computer world is to secure a PC-domain. More than eight in 10 security executives describe their environment as PC-centered, while six in 10 report they are more local area network or workstation oriented. For 50 percent, server and Internet orientations or platforms are beginning to emerge in demand of security.
- Enterprise purchasing of computing equipment continues at a steady clip. Among SECURITY readers, a 7 percent annual increase in computers requiring security is typical.
- Facilities Managers teamed with Information Systems Managers or Directors continues to be the most involved contingent in information security equipment purchases, according to exclusive SECURITY Magazine research.
- Most companies define baseline security requirements, maintain documented computer security policies, and use password software and data encryption to protect information.
- For physical security, responsibility is much like computer systems today: distributed. Local department managers are increasingly accountable for the physical security of sensitive business data within their domain.
- Corporate security forms partnerships across disciplines and deploys both physical and information security products and services to help departmental managers protect computers. Among the most common:
| Information Protection Currently Used | Planned to Purchase | 1. Document shredders
2. Lockdown devices/systems and alarms
3. Password software | 1. Key control software
2. Incident reporting software
3. Additional security management software |
Like Computer Security, workplace violence puts new spotlights on business protection. The spate of headline-grabbing, massacre-level shootings in schools and private businesses has raised glaring questions to which security must respond.
While workplace violence outranks risks such as terrorism and natural disasters in some studies, in the day-to-day protection of people and property, random acts of violence do not unilaterally top the short list of concerns. Instead, most day-to-day concerns fall into the categories of employee theft and property crime, which have ranked as top problems throughout the decade. Generally, the degree of all risks varies according to the type of business and property at stake. (See Chart, "Ranking Risks.")
Still, security specialists agree that workplace violence, once limited to the convenience store, liquor store or gas station, has spilled too far into the mainstream. One security head of a Fortune 50 corporation says, "we'd like to think workplace violence is a rare tragedy, but it's starting to look more like a trend." Corporate restructuring, increased pressure of a global competition — many factors lead to new levels of potential for workplace violence. In point, workplace homicide is now the leading cause of work-related death among women and the third-ranked cause for men.
But in fact, when drawing conclusions about crime and risk, security professionals concede that the exact threats vary by the type of business and nature of the facility. And certain risks are clearly pervasive across all businesses (See chart). These risks are real and gripped daily. They don't grab headlines or spark widespread panic as do school shootings and workplace violence. But the daily risks span all businesses and demand consistent focus. These risks also are evolving and are, in some ways, cyclical in nature, too.
As Ira Somerson points out in his Preface to this White Paper, technology and globalization are two elements, for example, that impact the ranking of risks as well as the emergence of new risks or new types of threats that create or increase risks.
| Risk | Industrial | College & University | Hospital/ Healthcare | Primary/ Secondary School | | Computer Security | #1 | #2 | #4 | | | Theft, burglary | #3 | #1 | #2 | #2 | | Controlling Access/Egress | #2 | #2 | #5 | #5 (tie) | | Drugs/Alcohol | #4 | #5 | #3 | #4 | | Violence | #10 | #8 | #7 | #5 (tie) | | Vandalism | | | | #1 | | Parking lots | | | #1 | #3 |
Whether it's the random act of violence, the drain of employee theft, or the growing demand for information protection, solutions lie in two areas: changing technology and the manpower of security services. Security specialists point to advancing technology — such as improvements in access control to instantly delete access privileges of discharged employees — as the most hopeful factor in establishing comprehensive security today.
Information and physical security — particularly premises such as parking garages and privately operated but open-to-public properties — are on the short list of concerns. Variations on access control and video surveillance augment basics such as hardware as the main lines of defense — whether the risk is computers inside or people outside.
Today and tomorrow, access control systems are computer-centric. Of most importance, increasingly open architecture and flexible interfaces will continue to provide easier integration. True connectivity and data sharing between access control and other security systems such as burglar alarm, CCTV, intercoms, guard paging and audio intercept is fast becoming a reality — often regardless of the systems' manufacturer. And there's more: non-security systems are increasingly dovetailing, if not integrating with, security. Time and attendance and asset tracking for inventory management lead the trend.
In the words of one high-ranking corporate security executive: "The convergence of manufacturers, the real integration of systems rather than just interconnecting boxes, is the industry's most significant advancement. As that trend progresses, we can truly reap cost savings of installing integrated systems, and we'll see a boom in use of those technologies."
Among the most widely used commercial security technology, access control is currently used by 85 percent of SECURITY readers — most often to manage employees. The typical or median budget for a new purchase is $59,000, and the average is $233,000. Some 50 percent of such systems are bought with direct involvement a manufacturer, but nearly 80 percent also involve the dealer/installer or a product distributor.
| Access Control: Multiple Site Monitoring | — 27% Monitor 1 facility
— 32% Monitor 2 to 4 facilities
— 23% Monitor 5 to 14 sites
— 18% Monitor 15 or more (most often in education, government, and w/security budgets over $1 million) |
The degree to which security computers are networked, and on what platform, is particularly in flux as the millennium draws to a close. In the balance hang the need for 24-hour, 7-day-a-week, uninterruptible protection on the one side, and the efficiency of enterprise-wide networks and their cost-saving infrastructures on the other. Just how readily and reliably security can tap into such existing corporate computing is, at the end of the `90s, the topic of the moment.
Right now, 48 percent of all access control systems stand-alone. Slightly less than one-third of users describe their systems as integrated, but among government security end-users, that number is just over half. Thirteen percent say security is part of a local area network (LAN), with the highest percent of those in healthcare and educational institutions. LAN-based security is most common in companies with security budgets over $250,000 and over $1 million. Less than 3 percent of end-users describe their systems as either Wide Area Network — or Intranet-based.
Microsoft Windows is, and at least for the near team will remain, the most common platform. However, which type of Windows and how quickly a business migrates from one operating version to another deserves deeper analysis. Security end-users cannot afford to be an experimental group — the demand for proven performance and reliability won't allow it. So, it's little surprise that at the close of the `90s, 43 percent of access control systems are Windows 3.1, and another 28 percent are Windows 95. Windows NT — the corporate networking operating system — currently tallies less than 9 percent, and just as many use UNIX or "other". Fifteen percent of systems use a proprietary operating platform.
Cards, badges or access control credentials top the list as the item most users will be purchasing most often over the next year — and proximity is the leading choice. Seventy-two percent of systems users currently opt for cards or badges, most often with a photo. For nearly half of the respondents, that image is digital. And for slightly more than a third, the card is multi-functional. And yet interestingly, keypads earn the highest levels of users confidence. Biometric reading devices are still evolving, with one in 10 end-users planning a purchase in the next 12 months.
| User Confidence, Ranking "Most Reliable" | — Keypads
— Hardware, i.e. locks & keys
— Magnetic stripe cards
— Proximity access cards |
Like other types of security technology, cards, particularly proximity cards, are expected to become smaller and smarter. Manufacturers point to next moves of small key-card-locks in the door, and more significantly, proximity (radio frequency-based reading) technology affixed to track laptops and other portable properties. Some plan to imbed IDs in products such as computers during manufacturing for trackable identification intelligently linked to the user. Such trends will shift security into new realms of inventory and asset management. A telltale sign of the shifts: 30 percent of all security executives surveyed said they added non-security functions to their responsibilities last year.
The ID changes are imminent. Some 23 percent currently describe their systems as "asset tracking" or "inventory oriented." In a recent study of Identification Technology, 44 percent said they use ID products on physical assets, another 30 percent specified computer media and vehicles. As manufacturers take ID technology to the next level, expect application to become increasingly computerized and integrated.
Of all tools in the security arsenal, closed circuit television surveillance is currently the most often purchased category, and it is the most often "planned purchase" in the next year.
Technology that drives the CCTV demand:- Greater light-sensitivity for low-light surveillance at less cost
- Improved picture performance, better camera resolution
- Better signal transmission, with lower costs, closer refresh/update rates and emergence of networked video
- Color cameras on par and price with black/white models. Sales of color CCTV cameras are climbing to equal or surpass black/white cameras.
- Systems and units that are easier to install, i.e. integrated camera domes and housings that withstand range of climates.
Dealer involvement in CCTV sales is high — over 73 percent — while manufacturer-direct sales are lower when compared to other types of security equipment. During the last half of the 90s, dealers reported that the percent of revenue they derive from CCTV climbed about 1 percent per year to nearly 13 percent. Median or typical purchase retail price expected over the next year is $45,000; the average system planned in the next year is $215,000. Most likely because they specify systems for multiple clients, security consulting and architect/engineering firms, have the highest average CCTV sale: $533, 000.
CCTV monitors will be the second largest planned purchase overall, 57 percent — and it's the number one choice of educators. Time lapse video recorders are the third most mentioned CCTV purchase — top among financial service firms. Multiplex and controllers are in next year's budget for 48 percent of users. In terms of CCTV transmission and signaling — 43 percent plan a purchase in the next year and the gap between fiber optic and coaxial cable is closing: 25 percent and 30 percent respectively.
Most security technologies must be maintained and monitored. To that end, demand for security guard services is on the increase. At least seven in 10 SECURITY readers use private protection officers. The vast majority are trained to handle life safety, are unarmed, and do not have police powers. More than one in three of these respondents say they use more security officers than they did three years ago. Only one in five use less. Near term, two-thirds will keep guard numbers the same; one in four plan to increase.
Security officers are increasingly a blend of both proprietary and contract officers, affording business a degree of manpower flexibility. Still, 35 percent use straight proprietary guard forces, and nearly 30 percent are contract-only. Among all users, the perception is that proprietary officers are "more effective" than contract officers in fulfilling security needs. Regardless of type, officers earn the highest confidence levels for: monitoring security systems; operating access control systems; patrolling — especially by car; and controlling visitors by temporary badging.
Sixty percent of all security end-users rely on contracted security monitoring through alarm company agreements they most often review annually. And among those, nearly four in 10 are asking for more services from their provider than they did three years ago. Most often, systems monitored integrate or include fire alarms, access control and CCTV. To a lesser extent, systems interface with building systems and human resources.
Security systems are beginning to dovetail into inventory and asset management. Technology is tying other disciplines to security. The business of protection in the next millennium will adapt to more and varied responsibilities. The potential for large internal losses and rare but random violence will mandate that security decision makers work closely across enterprise disciplines. More than ever, these teams will rely on technology. More than ever, computer technology and the vital business information it processes, will demand protection.
|
| |
|
|
