2011 Security 500 Sector Reports

Security 500 Sector Report: Ports and Terminals

Security 500 Sector Report: Retail/Restaurants/Convenience Stores/Food Service

Security 500 Sector Report:Transportation/Logistics/Supply Chain/Dist/Warehousing

Security 500 Sector Report: Utilities (Power, Electric, Gas, Nuclear and Water)

November 1, 2011

2011 Security 500 Methodology

The Security 500 Benchmarking Survey is based on information from several sources:

• Data supplied directly by the organizations

• Data obtained through public resources/records

The Security 500 tracks 19 vertical markets and collects unique data where appropriate (such as patients in healthcare) and applies this data to key metrics. The key metrics collected this year include:

Security Spending/Person

Security Spending/Revenue

Security Officers/Employee

Security Officers/Facility

“Person” is focused on the type of person the security budget is intended to protect. Examples include employees, citizens, students and patients. Rankings within each sector were primarily based on total revenue or operating budget, security budget and “person” data.

Several sectors had a coach who helped us customize questions for data collection and benchmarking purposes. Therefore, there were a series of general questions that all participants completed and unique questions within each sector. It is important to note that based on input from our sector coaches and our new research partner, the methodology has changed from prior years and results from prior years may have shifted significantly in some sectors.

The 2011 Security 500 Survey includes the following:

• Sectors were measured and evaluated on metrics among peer organizations

• The data requested and metrics used to benchmark within each sector were based on the input of our advisors.

The purpose of the Security 500 is to create a reliable database to measure your organization versus others and create a benchmarking program among security organizations. The results will enable you to answer the question, “Where Do I Stand?” as a basis of an ongoing peer review process.

Due to the greater accuracy of the information provided by security executives compared to that of estimations, completed entries were given greater weight in the rankings than the estimations.

Additionally, the sector in which a company is ranked is based on self-reported information. For example, one clothing retailer may select “Retail” and another clothing manufacturer may select “Manufacturing/Industrial” as their vertical markets.

Based on continued feedback and the goal of creating a valuable resource for our participants and industry, the Security 500 is spread across 19 different sectors.

We recognize that as a result of the continued unprecedented economic changes that some organizations and their security leaders may no longer be in place. The listings are based on the information available at the time of publication. Each participating organization will receive their confidential report by December 31, 2011.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.