Making Cents of Security

Oct. 27, 2008
Sears Tower Director of Security Keith Kambic and his Integrator, Mark Eggerding, Explore Three Apporaches to ROI

Value is the watchword of 21st century business. We challenge business leaders to contribute value to the top and bottom lines. We expect them to set goals and measure success.
Security and life safety programs are no exception. Organizations demand that security serve the broader business strategy. CSOs can only compete for budget resources if they deliver demonstrable value. Ask CSOs what keeps them up at night, and many will say return on investment (ROI).

This is never truer than when upgrading technology. Security technology reduces risks to life, safety, tangible assets and intellectual property. It streamlines operations and creates efficiencies. It can even help maximize revenue. The CSO’s challenge is to prove it.

Proving ROI begins with sound plans. Security plans drive value when they speak to the goals of the organization’s overarching strategic plan. They emerge from a process that considers the organization’s values, infrastructure, key assets, strengths, weaknesses, opportunities and threats.

Then the CSO faces a choice. There are three approaches to ROI. The first, the risk management approach, considers the actuarial risk of undesirable outcomes. Consider a retail setting — a store, for example, may calculate the probability that inventory will be stolen and then multiply that probability by the inventory’s value. It can then use the likely dollar value of its annual loss as a benchmark against which to gauge its loss prevention program.
Another approach is through measuring cost savings. For example, security technology can help hospitals comply with privacy regulations by auditing who accesses medical records. Technology yields positive ROI if the high-tech solution costs less than the hospital’s previous, manual compliance program.

The third method, which we term the “value added approach,” considers the long-term benefits of a best-in class, comprehensive, holistic security and life safety program. This is the approach adopted by the Sears Tower in Chicago.

As one of the tallest buildings in the world, the 110-story structure features leading edge security and life safety, building and IT communications systems. In a multi-tenant office building, these systems encourage higher occupancy. The Sears Tower’s owners and managers have adopted the value-added approach to ROI for these reasons. Smart, efficient, leading-edge security and life safety systems assist in reassuring lessees and maximizing occupancy and revenue.

Let’s take a closer look at all three approaches to measuring the ROI in security technology.

Risk Management Approach: What Are the Odds?
Risk management is the essence of security. Security incidents disrupt business and carry other potential costs such as property loss, damage and civil judgments. Businesses are wise to avoid the mentality, “That can’t happen to us.”

Instead, many organizations are embracing a risk management approach to security. It compels CSOs to quantify security and safety risks and then adopt a sober, dollars-and-cents approach to mitigating them.
What would it cost your business in productivity if internal systems shut down for an hour? What is the price of vandalism? How much money would it take to replace stolen inventory or other assets? What would acts of violence cost your organization in morale, retention, liability and sales? How expensive would the fines be for failure to comply with privacy or other regulations? And how much does the organization save by preventing these occurrences?

The risk management approach to calculating security ROI grows out of scenario planning. Security planning teams ask themselves what risks are threatening life, safety and property. Then they consider two calculations: the financial impact of an incident and the probability it will occur. Security investments have a positive impact on the bottom line when they cost less to purchase and operate than the probable costs they prevent.
Organizations approach this risk management exercise with varying degrees of sophistication. Investing in software can help organize the process. Software can also supply actuarial data to help calculate incident probability — whether or not the organization has its own data or in-house actuarial expertise.

The risk management approach enables a company to see the cost of having inadequate security in black-and-white. When this cost is flipped to show the effect of incident prevention on the financial bottom line, many companies find that the system pays for itself sooner rather than later.

When companies see the probability of incidents in numbers and percentages, many decide that the risk is too high. The financial cost of installing integrated security technology is countered by the rewards of a safe, productive and uninterrupted workplace.

Cost Savings Approach: Heightened Security,
Lowered Costs

ROI can also come from improving the current security program’s efficiency. New security systems can reduce regulatory compliance costs, optimize the security workforce and streamline operations.
Security forces are evolving rapidly. Historically, security was a low-tech function. Security officers deterred incidents with their physical presence, reassured the public and conducted patrols. Security was a labor intensive activity.

Security technology increases security officers’ utility. CCTV technology enables a stationary security professional to survey every corner of the facility. Intelligent video analytics and security management software call officers’ attention to incidents in progress. They can be deployed as needed, supplementing patrols with just-in-time concentrations of manpower.

Thus, technology transforms the role of the security officer from passive to active. The officer must be technology savvy, exercise superb judgment and remain highly alert.
Other efficiencies come from integrating security and life safety systems with IP communications. Today’s security technology shares an infrastructure backbone with the building’s IT network. It may no longer be necessary to run new cable for a new surveillance camera — often, it can be plugged into an Ethernet port and assigned an IP address. Some equipment may even reside on the wireless network, allowing it to be reconfigured and repositioned easily and cheaply as the facility’s needs change.

Regulatory compliance is another source of cost savings. Facilities must comply with a complex amalgam of municipal, state and federal regulations — and the cost of compliance can be steep and labor-intensive.
The SEC, for example, requires the Chicago Board Options Exchange to collect two years worth of visitation data. Using log books is inaccurate, and the process of compiling log book information into reports is labor intensive. Now the Options Exchange has electronic key card technology for employees and traders, as well as an electronic visitor management system for logging visitors. Reporting is automated and costs far less than the previous manual process.

Security programs used to be low-tech and high-manpower. Today’s security technology streamlines security and life safety programs and can bring efficiencies to regulatory compliance and other non-security functions. Long-term savings often offset upfront costs. When a well-planned security upgrade maintains the organization’s security profile while reducing costs, it yields positive ROI.

Value-Added: The Sears Tower Approach
Both the risk management and cost savings approaches focus on the bottom line. Increasingly, organizations are exploring ways that a well-conceived security and life safety program can also build the organization’s top line. This is the Sears Tower’s approach, where life safety is the first priority. Technology should not just streamline and maintain the facility’s security profile. It should increase the facility’s security profile — adding value and revenue along the way.

The market for high-rise commercial real estate has suffered in recent years. For a few tenants, safety and security became factors they weighed against the prestige of a prominent address and the beauty of the panoramic views on high floors. The Sears Tower partnered with security integrator Johnson Controls to upgrade its technology and procedures.
Upgrades, which are ongoing, include new security gates, a new visitor management system, upgraded access control, new video surveillance and analytics. While some costs savings were achieved, they were not the building owner’s primary goal. In fact, instead of slimming down the security force, the Sears Tower reinvested in it with training and higher wages. Not only are security officers more security savvy, but it does not take a visitor long to notice their skills in customer service.

Security officers at the Sears Tower receive up to 50 hours of initial training and 40 hours of ongoing annual training. Their average seniority is seven years, far exceeding industry averages. The outcome of their training and experience is plainly evident to any building visitor. Visitors often mistake officers for greeters or valets. Every officer has CPR training, and staff response to medical emergencies — which average two per week — takes three minutes or less. That is true whether the incident takes place on the seventh floor or the 70th.

Highly trained and efficient security officers make immediate impressions on prospective lessees. Johnson Controls also helped the Sears Tower create value in less visible ways. Much of the new technology resides on the facility’s IT network. They communicate using commonly accepted open protocols. These measures netted some short-term savings, but their primary benefits will be felt in the long term. They will dramatically reduce the need to rip out and replace technology and infrastructure. As technology progresses, upgrades will be more cost effective.

The top line results are impressive. Occupancy remains high. Eight of the Sears Tower’s 10 largest tenants have been in the building for a decade or more. Four have recently renewed long-term leases. The value of the Tower’s square footage is on the rise.

The Bottom Line
The cost of security systems can be alarming, but what is the alternative? Is it a rise in petty theft? Business interruption? Violence? No matter how it is looked at, the cost is too high.

Upgrading security systems means giving something to get something. ROI, though famously difficult to calculate, is significant. It avoids costly or tragic incidents. It streamlines operations. It reassures prospective employees, tenants in a commercial office tower, customers in a retail setting, patients in a hospital and students at a university, adding value to marketing programs and the organization’s reputation.

The bottom line on quantifying ROI in security, whether using the risk management approach, cost savings approach or the value-added approach used in the Sears Tower, is that value can be presented in dollars and cents. It is evading noncompliance fines. It is keeping merchandise on the shelves. It is reassuring tenants, staff, visitors and the public of their safety.

Keith L. Kambic, CPP is director of security and life safety for the Sears Tower. Mark Eggerding is a senior technical account executive for Johnson Controls.