Welcome to the 2019 Security 500 report, which includes the 2019 Security 500 rankings and sector reports.

Our annual Top 10 Trends, as identified by Security 500 members, include:

  1. Workplace Violence and Active Shooter
  2. Cybersecurity
  3. Insider Threat
  4. Executive and Employee Travel
  5. Staffing and Training
  6. Business Continuity, Natural Disaster, Weather
  7. Budget
  8. Security Technology
  9. Theft
  10. Mental Health/Opioid Crisis

Honorable mentions include Intellectual Property and Privacy/Regulations.

Additional details on the Top 10 trends will be unveiled in a webinar later this month. For more information on the Security 500 webinar, visit https://www.securitymagazine.com/events/.

 

 

We are also excited to provide data on security budgets – 71 percent of Security 500 respondents reported budget increases from 2018. Additional data includes where Security 500 Members report into within their enterprises; and the use of a security metrics program that defines productivity, value creation and cost avoidance; and whether there is a charter or policy/policies within the enterprise that clearly define(s) the role/authority of security.

A comprehensive list of successes, technology and strategies/philosophy changes that enterprise security executives expect to implement in the coming year will be also be discussed in the Security 500 webinar on November 21, 2019.

 

What was your security organization’s greatest achievement in 2018?

  • Embarked on a multi-year, multi-facet, multi-organization, security transformation initiative with 22 new projects and five new programs that will transform our digital future and position us for a more efficient, effective and secure environment. 
  • Established a global, integrated governance and risk framework/program structure that aligns cross-functional stakeholders to manage enterprise security initiatives.
  • Implemented a cyber and fraud incident orchestration, automation and response solution that enables us to gather data and security alerts from different sources. This helps us to conduct threat analysis and define remediation processes by utilizing our resources to more efficiently and effectively define, prioritize and drive incident response processes.
  • Implemented a new Workplace Violence Prevention training program to manage training for security, clinical, medical and support staff throughout the organization. We fully certified staff working in our Dispatch Center as Emergency Telecommunications Dispatchers through APCO International to ensure that 100 percent of staff are fully competent and trained to handle high-stress emergency calls in potential large volumes.
  • Returning to a proprietary security organization for our uniformed security force on-site after six years of contract security organizations. That new model gave us the ability to pay officers more and make them stakeholders in the operations, and gave us the opportunity to cross train new employees.  
  • Increasing physical security controls at three major class A office locations through implementation of optical turnstile lanes.
  • Implemented a Strategic Performance Management Program with LEAN principals.  The application of this process has eliminated waste and created significant efficiencies across the program, along with assigning accountability for every individual assigned. This has empowered the workforce, provided specific direction regarding the strategy and eliminated all communication deficiencies. The program was recognized and awarded by the CEO.
  • Restructure of the department to add Business Continuity Management and the Global Security Operations Center under one organization and leader.
  • Partnered with District Attorney, Employee Assistance, Fire Department, Police and Sheriff’s departments to improve building security for employees through education and awareness. Our comprehensive training curriculum geared towards specific workplace risks, continues to gain momentum. Well-trained employees are our greatest assets. In addition, the mandatory workplace security training program trains approximately 9,000 employees every two years.
  • Have detected and responded successfully to more than 12 million incidents.
  • Implemented a proactive risk mitigation intelligence program for executives, enabling our team to put executives into a defensible position.
  • Adoption of continuous workforce monitoring as part of our Enterprise Security Risk Management Program.
  • For our security organization, there is no greater achievement than saving a life. We offer Hands-Only CPR training to all employees across our enterprise. Over the past year, three of our Hands-Only CPR students saved three lives using CPR. 
  • We created a Shrink Control Program that helped our company achieve its internal goals for the first time in several years. The program reduced internal shrinkage/loss by more than $2 million.
  • Internal customer service survey scores for security department performance rose. Security took over all property related handling (valuables, lost and found, contraband) and have increased item return rate to owners by 18 percent.
  • Our Global Security organization detected and disrupted a complex financial fraud matter that protected the integrity of a business that generates approximately $1.1 billion in annual revenue. As part of our investigation, the Global Security team proactively identified a serious, previously unknown technical vulnerability in the company's proprietary technology that is a business core process. The Security team also provided technical guidance that was adopted and implemented in the nationwide remediation. The Global Security team was commended by the Board for having successfully identifying and investigating material fraud in the company’s overseas operations.
  • A drop in workplace violence incidents, a reduction in criminal activity on our campuses and approval of organizational structure that added three Captains to oversee six community hospitals.
  • Responded to more than 4,000 calls for the year and maintained an average response time of less than two minutes (from call to arrival on scene).
  • The installation of in-car cameras in all marked police vehicles and the implementation of body-worn cameras and a new property control system.
  • Designed and instituted a global requirement/program for the proof of background checking on contractors who are unescorted in our facilities.
  • Piloted a program with the city fire department to respond to low acuity medical issues for students. This first of its kind public-private partnership provides a municipal paramedic and EMT and SUV at high response times, for quick medical assessment and transport for low acuity student patients, as no cost to the student. This has reduced the stress on the city ambulance system, which operates at 100-percent capacity at all times, and reduces student’s fear of receiving an ambulance bill.
  • Obtained funding to replace security equipment throughout the corporation to ensure all devices are cyber secure.
  • Implemented a specialized Security Educator position that dramatically increased the department’s ability to perform internal and external training on areas related to security. The new employee has provided training for Armed Aggressor, Workplace Safety, Illicit Drug Detection and Identification and Trauma Informed Care for more than 5,000 employees.

 

 

What strategy/philosophy changes do you expect to implement in the coming year?

  • Modernizing our Security Operations Center by updating policies, protocols, equipment and rolling in new oversight of our Medical Center mass notification and overhead announcement processes.
  • Automation to handle tasks that have become labor intensive to allow us to keep up with growth while also addressing budget constraints.
  • Fine-tune our e-commerce fraud technology and metrics and our Shrink Reduction Program at our stores. Currently, our Asset Protection team operates as a shared service model that supports all brands, which is unique within the industry.
  • Strongly emphasize greater employee awareness and early identification of patients and/or visitors of concern who could potentially pose a threat to employee and patient safety. In our training programs, we stress that nurses and other employees with patient-facing responsibilities should contact Security for assistance before the patient escalates to prevent any threat from developing into an unsafe environment.
  • We will increase our spending on training the security team on active shooter situations and medical response.
  • Completion of metal detection and screening stations for all hospital locations. 
  • Refining and increasing the effectiveness of our predictive analytics model.
  • We will implement a new risk assessment methodology for regulatory compliance.
  • Continuing to closely collaborate with and support units across the organization and to enhance integration within the security team.
  • A holistic performance matrix that addresses individual, team and organizational effectiveness in service delivery as well as mitigation of crime.
  • Define standard operating models for all aspects of our security program so we can move across the organization with a sustainable and repeatable program to mitigate risks.
  • Increase our communications capabilities by merging the Cyber Security Operations Center with the Global Security Operations Center to allow a more thorough and enhanced “overwatch” of enterprise operations, and faster communication, which will decrease response times.
  • The cost of salaries are increasing at an unmarked rate. Therefore, we will replace labor via robotics, in addition to the implementation of leaner processes and technology advancements.
  • Develop clear and defined processes to ensure that security-related requests are handled in-line with compliance and legal concerns and that a standardized approach is taken.  
  • Training for security officers to include cross training with local agencies, developing policies and developing operations for pre-planned events and protests. Learning best practices and policies for using various form of social media, especially during critical events, would improve relationships with students and add another form of providing accurate information.
  • Globalization of physical and personnel security policies, security awareness programming and emergency management programming.
  • We will improve end-to-end processing through technology and automation across all security work streams, optimize customer fraud loss processing and extend best in class capabilities to other in-house clients
  • Build security and resiliency into the business vice operating outside of it.  Our team has established partnerships with the various business units to identify and work to close vulnerabilities in their groups. This year we will be “doubling down” and looking to make these programs proactive versus reactive.
  • Create a center of excellence across the staff, promoting a strong security culture, training and awareness and a delivery of services that promote quality, speed and cost efficiency.
  • More streamlined onboarding process for front line associates – one that allows us to integrate better initial training. Poor education in our workforce makes it difficult to train, but this training pays off in reduced losses, reduced accidents and most importantly, reduced turnover.
  • We plan to add additional cameras to our system and continue additional training in the areas of active shooter response, de-escalation and threat assessment.
  • Launch of a multi-year project to open a U.S. Security Operations Center (USSOC) that will focus on monitoring and operational support of our U.S. campus locations, and provide failover capabilities for our Global Security Operations Center (GSOC).

 

 

What security technology/technologies do you expect to implement in the coming year?

  • A new smartphone app that focuses on student awareness for students and that will incorporate shooter detection technologies at our campuses.
  • A PC-based panic button and two-way notification systems throughout the Medical Center to supplement existing hard-wired panic buttons.
  • Automation of video monitoring, audit functions, access to facilities and onboarding of new employees.
  • In partnership with our IT Security team, we will support the implementation of a Data Loss Prevention (DLP) tool to augment our Insider Risk program. The tool will give us insight into activity on our cyber network and help identify potentially suspicious activity more quickly.
  • We plan to enhance our BCP procedures and implement a software technology that will allow for a streamlined approach to updating policies and allow for metrics across all of our brands, stores, corporate offices and distribution centers.
  • We will place IP cameras to cover virtually every aisle in our warehouse distribution center, which will allow us to re-allocate other cameras, as well. This project has the support of operations and safety stakeholders, as the cameras will be used to as “silent witnesses” to document near miss and accidents, aisle injuries, unsafe power equipment operation and other issues.
  • We will transition from analog to IP cameras and implement facial recognition technology to better identify persons entering/exiting areas of  our facility, when necessary.
  • We will upgrade our video surveillance system to save footage for approximately two months. This will help with our risk investigations and will allow for all video, alarms and access control to be monitored in one centralized location. 
  • We are researching radar technology for drone detection.
  • Stand up of a 24/7 Global Security Operations Center.
  • We will implement a new electronic incident management system to improve communication, command and control during an emergency.
  • We will deploy a mobile field reporting program, digitizing the entry of all information into our records management system. This will increase accuracy of information and statistical analysis of any crime.