Benchmarking Security Operations

It’s not surprising, given the times we are in, that the Security Executive Council has received a lot of questions lately about how to use metrics to demonstrate cost efficiency. There are a variety of measures that accomplish this, but the ones that have the broadest application and relevance across industries are those that measure security cost per square foot and per employee.

Objective: To demonstrate cost efficiency in a time of extreme pressure on security budgets.

Results Sought: To change the perception of security as a non-revenue-producing cost center.

Strategy: To achieve a level playing field with verifiable data, you need to benchmark with trusted peers or seek out industry sources that annually maintain comparative data. The nearby charts depict two examples of peer benchmarking data.

In these examples, a CSO has contacted several colleagues in his industry who frequently exchange security-related information on a regular, trusted basis. (This may be done directly or through a membership in a trade organization.) In both cases, the CSO needed to carefully qualify a common baseline for comparison. Since physical security operations are common and typically larger expenditures, this CSO calculated the cost of security by including payroll, taxes and fringe benefits for directly employed security personnel, contracted guard force expenses, contract administration, security monitoring, all directly expensed security equipment/systems plus maintenance expenses associated with them, ordinary supplies necessary to operate a security program, vehicles and maintenance, and all other supplies/materials/miscellaneous expenses not captured above.

Square footage included only those occupied spaces served by proprietary or contracted guard force operations and employee data housed within these occupied spaces. You can go crazy with qualifiers, so try to keep it on as common a baseline as possible. This CSO’s data is represented in the top bar of each chart, with each comparator in descending order. Thus, his company’s security department serves 310 employees per officer, and his closest peer’s serves 200. Similarly, this CSO’s security operations respond to 75,000 square feet of occupied space, and his nearest peer responds to 62,000. In both examples, the median spread between his department’s level of efficiency using these two common criteria and those of multiple peers is significant.

Instead of peer benchmarking, you could work with your Facilities or Corporate Real Estate representatives to obtain security cost data from either the Real Estate Executive Board (REEB) or the Building Owners & Management Organization (BOMA) — both of which maintain security cost-per-square-foot benchmarking data. REEB permits the data to be sliced many ways; asset type, geography and industry are the main classifications. Their most recent benchmark for all industries, all asset types and all geographies for security is 91 cents per rentable square foot, and the range for security costs appears to be between 60 cents and $1.15 per rentable square foot.

When your boss asks you, “How do we compare to our peer or industry group?” your best answer is, “Glad you asked. We’ve been benchmarking in a number of areas.” But to be able to say this, you must maintain relationships with your peer colleagues for a variety of risk management benchmarks. Expect your peer partners to ask you to share the resulting data. In this example, consider the implications for the respondents at the bottom of the chart. I suspect there might be some urgency for them to explore how they might significantly improve cost efficiency around these two measures.

While this exercise is focused on basic cost and program performance benchmarking, your ongoing efforts should also consider interchanges on comparative risk dynamics that may reveal trends requiring deeper analysis and attention.

George Campbell is emeritus faculty of the Security Executive Council (SEC) and former CSO of Fidelity Investments. His book, "Measures and Metrics in Corporate Security," may be purchased through the SEC Web site. The SEC is a member organization for senior security and risk executives from corporations and government agencies responsible for corporate and/or IT security programs. For more information and inquiries on membership requirements, visit The information in this article is copyrighted by the Security Executive Council and reprinted with permission. All rights reserved.