Skip to main content
Perspective:
Perspective
5 minute read

Defining physical security culture and awareness

A strong physical security culture and awareness can significantly strengthen an organization’s resilience by reducing the likelihood of physical security incidents, preparing people to respond effectively in the event of such an incident, and minimizing their impact.

For an organization to be more resilient towards physical security threats, its people need to understand the role they play in the prevention, detection, deterrence, and reporting of physical security threats. It is, therefore, crucial to create a strong physical security culture in the organization in order to increase:

  • Awareness of physical security threats.
  • Compliance with physical security measures.
  • Awareness of the impact of effective physical security on business successes.
  • Engagement levels and hence people taking responsibility for physical security issues.

But what is a physical security culture? Culture is the unique set of values, institutions, attitudes, and assumptions shared by a specific group of people, shaping their behaviors. A physical security culture thus shapes the actions and behaviors of the people within the organization and determines how people are expected to think about and approach physical security. The right physical security culture will help develop security conscious people and promote the desired physical security behaviors. People remain the most vulnerable component of an organization’s physical security strategy. And organizations, therefore need to invest in physical security culture and awareness.

Although the ever-increasing use of technology has led to questions about the importance of the human aspect in a physical security culture, the technology is only as strong as the person using it. The overarching challenge is to ensure that employees are not circumventing technologies or procedures to make their lives more convenient. A common example is tailgating, which is the practice of allowing unauthorized people into a restricted area without presenting valid credentials by, for instance, holding the door open. Teaching people not to allow tailgating is as much part of general business acumen as not clicking on the link in the external e-mail. In both cases, the organization risks giving access to people with malicious intent to restricted areas or perimeters, thus potentially exposing themselves to huge data leaks, theft, fraud, or confidential information leaks.

A sustainable physical security culture


For a physical security culture to work and be sustainable in the long run, organizations need to care for and invest in their physical security culture as part of their organization’s standard practices and DNA. It should be integrated into a broader security culture that fosters a holistic approach to dealing with physical, personnel, as well as cyber security in order to protect an organization’s assets, including data, people, reputation and facilities.

A sustainable physical security culture can only happen when it is approached from both bottom-up and top-down. Therefore, physical security culture and awareness should be on the agenda at board meetings to ensure it becomes integrated into the broader organizational culture and risk framework. Additionally, to show commitment from the management, a physical security policy should be implemented, supporting the journey towards establishing a strong physical security culture in the organization.

Moreover, when your employees are aware of the most relevant physical security threats — and their potential impact on the organization — they will likely feel responsible for upholding the physical security guidelines set forth by the organization. The message should be that everyone is responsible for upholding physical security and not solely the security office and security guards. This, in turn will provide a more sustainable physical security culture with buy-in from all stakeholders. Everyone in an organization should take an active role in maintaining a secure environment, even in the current hybrid workplace.

Steps towards a strengthened physical security culture

 

  1. Conduct regular physical security training and awareness programs that are all-inclusive, reflecting all levels, roles, and functions within the organization. Make them interactive and fun to strengthen the sense of involvement, and periodically change the theme while taking into account current trends. In Winston Churchill’s words, “Never let a good crisis go to waste” use real-life incidents as examples to create more realistic cases.
  2. Develop an internal communication strategy to raise awareness of physical security risks and protocols. This can include posters, newsletters, and other forms of internal communication.
  3. Implement a physical security culture from the top down, with management setting an example for employees to follow.
  4. Conduct regular security audits to identify potential vulnerabilities in physical security measures and address them promptly. This can include checking access control systems, CCTV cameras, and alarm systems.
  5. Encourage employees to report suspicious activity promptly and provide a mechanism for reporting such activity. This can include a hotline, email address, or online reporting system.
  6. Conduct drills and simulation exercises to test employees' responses to potential physical security incidents, such as a trespasser, a fire, or an active shooter. This can help identify areas for improvement and ensure that employees are prepared to respond effectively in the event of a physical security incident.
  7. Continuously evaluate and update physical security protocols to reflect changes in the organization's physical security risks. This can include reviewing access control systems, updating CCTV surveillance, and updating physical security policies and procedures.

Every organization should build a strong physical security culture integrated into a broader culture that fosters a holistic approach to dealing with physical security in general, hence avoiding siloed approaches. This can help reduce the likelihood of physical security incidents and minimize the impact of incidents that do occur, ultimately strengthening the organization’s overall resilience.

If you would like to learn more or would like to have a conversation with our team to discuss Physical Security culture and awareness, reach out to one of our subject matter advisors.

Contacts

Nathan Spitse | Global | nspitse@deloitte.ca | Tel: +1 519 281 6936

Michael Mueller | Germany | micmueller@deloitte.de | Tel: +49 151 5800 0362

Jason Harle | Denmark  | jaharle@deloitte.dk | Tel: +45 30 93 41 35

Oliver Gehb | Germany| ogehb@deloitte.de | Tel: +4915158071773

Jean Paul Dalle | Canada | jdalle@deloitte.ca | Tel:  +14166016471

Stefanie Ruys | Nordics & Denmark | steruys@deloitte.dk | Tel: +45 30 93 52 87

Vishal M Jain | Asia | jainvishal@deloitte.com | Tel: +91 22 6245 1050

Koen Magnus | Belgium | kmagnus@deloitte.com | Tel: +32 485 46 65 90

Kim Speijer | Belgium | kspeijer@deloitte.com | Tel: +32 478 64 27 27

Danny Tinga | Netherlands | dtinga@deloitte.nl | Tel: +31 610 452 304

Reinder Ubbens | Netherlands | rubbens@deloitte.nl | Tel: +31 882 882 777

Enrique Bilbao Lazaro | Spain | ebilbaolazaro@deloitte.es | Tel: +34 666 500 907

Teemu Hokkanen | Finland  | teemu.hokkanen@deloitte.fi | Tel: +35 820 755 5147

Paula Rosengren | Sweden | prosengren@deloitte.se | Tel:+46 70 080 24 24