Analysis of Security Metrics, Data, Proactive KPI’s, and the C-Suite value Proposition

Analysis of Security Metrics, Data, Proactive KPI’s, and the C-Suite value Proposition

Quality data collection and considered metrics analyzed professionally, provide organizational opportunities for cost savings, streamlining activities and will even support strategic goal determination in your forward security plan. If your organization is information and intelligence driven, you can quickly move to a culture where accurate reporting, ensures managers are not left scrabbling for crumbs from the fiscal budget table. Funding allocations are then targeted, justified and proportionate. Your C-Suite will love the clarity, and here at Lions Gate we can ‘deep dive’ into the data on your behalf, to develop a business case.

Budgets allocated based on identified need are focused, they ensure you are ‘getting the grease to the squeak’ and they result in both cost savings and enhanced performance.

Security Key performance indicators (KPIs) are measurable indicators of progress towards business goals.

As an actual but sanitized example, directly related to cost savings, and streamlining activities, Lions Gate conducted a contracted security guarding activity audit at a large publicly accessible multi-use facility. Studying the data we found that security personnel were asked to provide ‘information and directions’ an average of 1760 times per month. It was by far the most predominant call on their time, and also a diversion to the detriment of their primary security function. This translated to 1,320 hours annually at a conservative 30 seconds per interaction, or .75 of an FTE. In establishing why this was the case we found that the signage used at the facility, was both temporary, often changed, and just overwhelming and disconnected. Our conclusion, and irrefutably based on the metrics, was that the provision was confusing visitors, who then were compelled to ask. We quickly established that what was required, was, concise quick read, wayfinding, and information signage, so visitors could better predict where their next piece of information would be located. Large airports have wayfinding signage nailed, and visitors have all the information they need to get to where they need to go. Appropriate signage could alleviate some of this time and cost, while freeing up security resources to do more related security functions.

When I request historical crime and nuisance data from client organizations in support of security risk assessments, it is rarely what I would categorize as analyzable actionable data. It is rarely sufficiently detailed enough to allow the type of pattern analysis that is essential to focus security responses. Moreover, it is rarely complete enough to underpin a business case to justify expenditure on structural design changes, human security provision, and technology-based countermeasures.

Simply put, not collecting incident data using a consistent and considered template, is counterproductive to achieving organizational goals and objectives. It is also to the detriment of proactive and preventive metric determination.

It is actually quite simple to collect incident data of analyzable quality and maintain an incident log and a Rudyard Kipling quote sums it up. “I keep six honest serving men, they taught me all I knew, their names are What and Why, When and How, Where and Who.”

For credible analysis I need to know what happened, why it happened, when it happened, how it happened, where it happened, and who did it. I would also categorize a failed attempt or near miss as a recordable incident because it provides invaluable extra information which analyzed shapes future security direction. It will often also tell you what currently works to prevent incidents, and for both offences, and attempts, shine a light on vulnerabilities. Near Miss and actual incidents are vital to see what the program is doing and how you are responding.

I would strongly recommend that an organizations security manager, or person designated that responsibility complete all incident reports and based on interviewing the reporting party an any other witnesses. If it all seems overly complicated or time consuming it does not need to be. Do not permit a little dedicated time to deflect you from the process. The benefits far outweigh the effort.

The size of your organization is irrelevant, and this incident data detail is applicable for all. For larger organizations operating multiple sites, analyzed data in a report, allows for prioritization and budgeting, based on an accurate portrayal of risks, threats, and adversaries. It allows a needs-based allocation of resources, including physical, financial, and training and education. For this to be effective requires each location to use the same template and methodology. “Data apples to compare with data apples.”

I spent five of my years in policing working with a dedicated crime pattern analyst, whose exceptional skill sets, supported and guided my determination of remedial measures and recommendations over forty-five projects. The savings to clients in the public and private sector, during that program tenure, amounted to tens of millions of dollars. Consider also that many crimes or nuisance events are not reported and that in consequence police recorded crime and nuisance is less than 40% of actual crime and nuisance. With the right process in place you have an opportunity to collect 100% of security incident data that pertains to your organization. That prizes open a much more productive data seam for your information mining. It also overcomes a significant information obstacle in that law enforcement rarely shares reported crime information. Even on-line police statistics are sanitized so as to protect the identity of victims of crime.

If you have a competent crime data analyst who is reviewing incident reports and accurately determining trends and patterns, you are in a sweet spot. If you do not, and most organizations, do not, then you could outsource that analysis to a credible third-party contractor, who has subject matter expertise. We can also help your C-Suite prioritize security expenditure by providing an accurate picture. We can help the security lead identify historical trends and patterns to enable some predictability, and project what might occur in the future. We can identify other benefits that accrue where considered metrics are applied.

Adopting our Organizational Security Risk Management Program (OSRM) will enable access to our experts and support your security business case to your C-Suite decision makers. Get in touch to discuss how this service could support you. 1-604-383-0020 or toll free 1-888-212-2026 and ask for Mike Franklin or Mike McCafferty.

Speak to a risk management professional now!

Get in touch