It’s all about the metrics

This month presents Security magazine’s 2021 Security Benchmark Report. In the past, this magazine has published its Security 500. However, this year marks a new approach and a new name to the report, with a new focus on data that security organizations can use to measure their security organizations against their peers.

In this year’s Security Benchmark Report survey, we asked respondents to report overall enterprise revenue or operating budget, security budgets, number of guarding personnel, security technologies, roles, responsibilities, reporting structure and much more. This year’s report also includes averages on “security budget as a percent of revenue” and “security budget per employee.”

We also asked this year’s security leader respondents which metrics were most important to their security programs and the enterprise as a whole. We received an array of responses that ranged greatly depending on the maturity of the individual security program, main roles and responsibilities of security within the enterprise and the sector of the organization — but across sectors, there were a few trends and similarities.

One of those metrics that we saw listed time and again in a variety of words was regarding workplace violence: number of incidents, number of injuries, number of threats, average number of staff days missed from work due to workplace violence incidents, de-escalation versus use-of-force statistics, etc.

From the data, it’s clear that workplace violence is top-of-mind for many security leaders right now across all sectors. Not only was workplace violence one of the most frequently cited metrics, but it was also the Top Critical Issue reported by Security Benchmark respondents for this year.

Further illustrating the importance of workplace violence mitigation, 93% of Security Benchmark Report respondents reported holding workplace violence training for some population of staff within their enterprise in 2020, whether for security staff, targeted cross-functional groups or enterprise-wide. (Seventy percent of those respondents reported holding workplace violence training for the entire enterprise.)

Metrics from the security organization certainly help security leaders tell a story to the C-suite and other organizational leaders — a story of risk and threats; a story of improvement or vulnerability; a case for a bigger budget; a case for more responsibility or a larger team and so on. While metrics can allow security organizations to prove their worth and value, they also enable security leaders to determine areas to tighten up efficiencies, identify areas of focus, or streamline staffing.

One Security Benchmark Report respondent said that metrics allow his organization to show value for each investment made. Indeed, because of that, this respondents reported the security organization’s budget remaining stable in 2021, even with significant cost-reduction pressures from within the company. “The only reason our budget remained relatively untouched was our ability to tell a compelling risk mitigation and value creation story via our security metric program,” he shared.

Another respondent said, “Our #1 metric tracks security services rendered — Most senior leaders do not understand the depths of security and the daily duties. Security typically operates in a vacuum, which makes it difficult to tell our story. For each security program that we have, that service is tracked. The data helps the Chief Security Officer (CSO) share security's story and determine whether security programs provide value to the agency or if it is costing them unnecessary funds. The extra effort is worth it and will return on your investment (time) in time and money. This method ultimately saves the agency money at the end of the year and provides value to the agency and its mission. It also benefits the agency in other areas, resulting in the procurement of security equipment, systems, or even training. That data also supports staffing requirements. It is vital to the agency and its mission to have the data to justify security program needs.”

In addition to workplace violence, some of the other metrics that this year’s Security Benchmark Report respondents identified as being important metrics for their team included:

Shrink/loss performance, fraud recovery rates;
Accident rates;
Investigations: cases, follow up, etc.;
Threat management rates and trends;
Mental health incidents;
Crime (both within the organization and the surrounding community), including violent crime incidents, outcomes, etc.;
Turnover;
Crisis management, security awareness and other security-related training numbers of completion, etc.;
Calls for service, call times, response time, incidents, outcomes, etc.;
Metrics related to showing progress on creating a diverse and inclusive environment;
Compliance metrics across programs, including cybersecurity, investigations, training and safety initiatives, emergency response and more;
Operational losses due to pandemic-related illnesses or closing, civil unrest, workplace violence, OSHA and more;
Risk assessments and measures of likelihood of certain events or risks;
Business continuity planning stats and deployment timeline;
Occupancy rates and data;
COVID-19 dashboards;
Vaccine and return-to-work readiness plans;
Metrics showing digitalization, technology or automation reducing workload or FTE costs;
Guard-tracking stats;
Cost avoidance achieved via pre-employment background screening;
Security cost as a % of total revenue.

Security leaders can find common ground and gain detailed insights into other security organizations by benchmarking with others. Benchmarking can allow your organization to grow and evolve with the ever-changing landscape of threats and risks to the enterprise. Just as security leaders and their programs continue to reevaluate and evolve, so too will The Security Benchmark Report.

I encourage all of our security leader readers to fill out The Security Benchmark Report survey each year. One of the advantages of filling out the survey is further, more detailed insights and raw data beyond what is reported online and in our eMagazine. Continued participation will help us tell your stories, while providing year-to-year comparisons when possible.

Read on for the 2021 Security Benchmark Report.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.