Skip to main content

Defining physical security culture and awareness

A strong physical security culture and awareness can significantly strengthen an organisation’s resilience by reducing the likelihood of physical security incidents, preparing people to respond effectively in the event of such an incident and minimising their impact.


For an organisation to be more resilient towards physical security threats, its people need to understand the role they play in the prevention, detection, deterrence and reporting of physical security threats. It is, therefore, crucial to create a strong physical security culture in the organisation in order to increase:



  • Awareness of physical security threats.
  • Compliance with physical security measures.
  • Awareness of the impact of effective physical security on business successes.
  • Engagement levels and hence people taking responsibility for physical security issues.

But what is a physical security culture? Culture is the unique set of values, institutions, attitudes and assumptions shared by a specific group of people, shaping their behaviours. A physical security culture thus shapes the actions and behaviours of the people within the organisation and determines how people are expected to think about and approach physical security. The right physical security culture will help to develop security conscious people and promote the desired physical security behaviours. People remain the most vulnerable component of an organisation’s physical security strategy. And organisations, therefore need to invest in physical security culture and awareness.


Although the ever-increasing use of technology has led to questions about the importance of the human aspect in a physical security culture, the technology is only as strong as the person using it. The overarching challenge is to ensure that employees are not circumventing technologies or procedures to make their lives more convenient. A common example is tailgating, which is the practice of allowing unauthorised people into a restricted area without presenting valid credentials by, for instance, holding the door open. Teaching people not to allow tailgating is as much part of general business acumen as not clicking the link in the external email. In both cases, the organisation risks giving access to people with malicious intent to restricted areas or perimeters, thus potentially exposing themselves to huge data leaks, theft, fraud or confidential information leaks.


A sustainable physical security culture


For a physical security culture to work and be sustainable in the long run, organisations need to care for and invest in their physical security culture as part of their organisation’s standard practices and DNA. It should be integrated into a broader security culture that fosters a holistic approach to dealing with physical, personnel, as well as cyber security in order to protect an organisation’s assets, including data, people, reputation and facilities.


A sustainable physical security culture can only happen when it is approached from both bottom-up and top-down. Therefore, physical security culture and awareness should be on the agenda at board meetings to ensure that it becomes integrated into the broader organisational culture and risk framework. Additionally, to show commitment from the management, a physical security policy should be implemented, supporting the journey towards establishing a strong physical security culture in the organisation.


Moreover, when your employees are aware of the most relevant physical security threats — and their potential impact on the organisation — they will likely feel responsible for upholding the physical security guidelines set forth by the organisation. The message should be that everyone is responsible for upholding physical security and not solely the security office and security guards. This, in turn will provide a more sustainable physical security culture with buy-in from all stakeholders. Everyone in an organisation should take an active role in maintaining a secure environment, even in the current hybrid workplace.


Steps towards a strengthened physical security culture

 


  1. Conduct regular physical security training and awareness programs that are all-inclusive, reflecting all levels, roles and functions within the organisation. Make them interactive and fun to strengthen the sense of involvement and periodically change the theme while taking into account current trends. In Winston Churchill’s words, “Never let a good crisis go to waste” use real-life incidents as examples to create more realistic cases.

  2. Develop an internal communication strategy to raise awareness of physical security risks and protocols. This can include posters, newsletters and other forms of internal communication.
  3. Implement a physical security culture from the top down, with management setting an example for employees to follow.
  4. Conduct regular security audits to identify potential vulnerabilities in physical security measures and address them promptly. This can include checking access control systems, CCTV cameras and alarm systems.
  5. Encourage employees to report suspicious activity promptly and provide a mechanism for reporting such activity. This can include a hotline, email address or online reporting system.
  6. Conduct drills and simulation exercises to test employees' responses to potential physical security incidents, such as a trespasser, a fire or an active shooter. This can help to identify areas for improvement and ensure that employees are prepared to respond effectively in the event of a physical security incident.
  7. Continuously evaluate and update physical security protocols to reflect changes in the organisation's physical security risks. This can include reviewing access control systems, updating CCTV surveillance and updating physical security policies and procedures.

Every organisation should build a strong physical security culture integrated into a broader culture that fosters a holistic approach to dealing with physical security in general, hence avoiding siloed approaches. This can help to reduce the likelihood of physical security incidents and minimise the impact of incidents that do occur, ultimately strengthening the organisation’s overall resilience.


If you would like to learn more or would like to have a conversation with our team to discuss Physical Security culture and awareness, keep in touch to one of our subject matter advisors.


Contacts


Nathan Spitse | Global | nspitse@deloitte.ca | Tel: +1 519 281 6936

Michael Mueller | Germany | micmueller@deloitte.de | Tel: +49 151 5800 0362

Jason Harle | Denmark  | jaharle@deloitte.dk | Tel: +45 30 93 41 35

Oliver Gehb | Germany| ogehb@deloitte.de | Tel: +4915158071773


Jean Paul Dalle | Canada | jdalle@deloitte.ca | Tel:  +14166016471

Stefanie Ruys | Nordics & Denmark | steruys@deloitte.dk | Tel: +45 30 93 52 87

Vishal M Jain | Asia | jainvishal@deloitte.com | Tel: +91 22 6245 1050

Koen Magnus | Belgium | kmagnus@deloitte.com | Tel: +32 485 46 65 90

Kim Speijer | Belgium | kspeijer@deloitte.com | Tel: +32 478 64 27 27

Danny Tinga | Netherlands | dtinga@deloitte.nl | Tel: +31 610 452 304

Reinder Ubbens | Netherlands | rubbens@deloitte.nl | Tel: +31 882 882 777

Enrique Bilbao Lazaro | Spain | ebilbaolazaro@deloitte.es | Tel: +34 666 500 907

Teemu Hokkanen | Finland  | teemu.hokkanen@deloitte.fi | Tel: +35 820 755 5147

Paula Rosengren | Sweden | prosengren@deloitte.se | Tel:+46 70 080 24 24