A strong physical security culture and awareness can significantly strengthen an organisation’s resilience by reducing the likelihood of physical security incidents, preparing people to respond effectively in the event of such an incident and minimising their impact.
For an organisation to be more resilient towards physical security threats, its people need to understand the role they play in the prevention, detection, deterrence and reporting of physical security threats. It is, therefore, crucial to create a strong physical security culture in the organisation in order to increase:
But what is a physical security culture? Culture is the unique set of values, institutions, attitudes and assumptions shared by a specific group of people, shaping their behaviours. A physical security culture thus shapes the actions and behaviours of the people within the organisation and determines how people are expected to think about and approach physical security. The right physical security culture will help to develop security conscious people and promote the desired physical security behaviours. People remain the most vulnerable component of an organisation’s physical security strategy. And organisations, therefore need to invest in physical security culture and awareness.
Although the ever-increasing use of technology has led to questions about the importance of the human aspect in a physical security culture, the technology is only as strong as the person using it. The overarching challenge is to ensure that employees are not circumventing technologies or procedures to make their lives more convenient. A common example is tailgating, which is the practice of allowing unauthorised people into a restricted area without presenting valid credentials by, for instance, holding the door open. Teaching people not to allow tailgating is as much part of general business acumen as not clicking the link in the external email. In both cases, the organisation risks giving access to people with malicious intent to restricted areas or perimeters, thus potentially exposing themselves to huge data leaks, theft, fraud or confidential information leaks.
For a physical security culture to work and be sustainable in the long run, organisations need to care for and invest in their physical security culture as part of their organisation’s standard practices and DNA. It should be integrated into a broader security culture that fosters a holistic approach to dealing with physical, personnel, as well as cyber security in order to protect an organisation’s assets, including data, people, reputation and facilities.
A sustainable physical security culture can only happen when it is approached from both bottom-up and top-down. Therefore, physical security culture and awareness should be on the agenda at board meetings to ensure that it becomes integrated into the broader organisational culture and risk framework. Additionally, to show commitment from the management, a physical security policy should be implemented, supporting the journey towards establishing a strong physical security culture in the organisation.
Moreover, when your employees are aware of the most relevant physical security threats — and their potential impact on the organisation — they will likely feel responsible for upholding the physical security guidelines set forth by the organisation. The message should be that everyone is responsible for upholding physical security and not solely the security office and security guards. This, in turn will provide a more sustainable physical security culture with buy-in from all stakeholders. Everyone in an organisation should take an active role in maintaining a secure environment, even in the current hybrid workplace.
Every organisation should build a strong physical security culture integrated into a broader culture that fosters a holistic approach to dealing with physical security in general, hence avoiding siloed approaches. This can help to reduce the likelihood of physical security incidents and minimise the impact of incidents that do occur, ultimately strengthening the organisation’s overall resilience.
If you would like to learn more or would like to have a conversation with our team to discuss Physical Security culture and awareness, keep in touch to one of our subject matter advisors.
Contacts
Nathan Spitse | Global | nspitse@deloitte.ca | Tel: +1 519 281 6936
Michael Mueller | Germany | micmueller@deloitte.de | Tel: +49 151 5800 0362
Jason Harle | Denmark | jaharle@deloitte.dk | Tel: +45 30 93 41 35
Oliver Gehb | Germany| ogehb@deloitte.de | Tel: +4915158071773
Jean Paul Dalle | Canada | jdalle@deloitte.ca | Tel: +14166016471
Stefanie Ruys | Nordics & Denmark | steruys@deloitte.dk | Tel: +45 30 93 52 87
Vishal M Jain | Asia | jainvishal@deloitte.com | Tel: +91 22 6245 1050
Koen Magnus | Belgium | kmagnus@deloitte.com | Tel: +32 485 46 65 90
Kim Speijer | Belgium | kspeijer@deloitte.com | Tel: +32 478 64 27 27
Danny Tinga | Netherlands | dtinga@deloitte.nl | Tel: +31 610 452 304
Reinder Ubbens | Netherlands | rubbens@deloitte.nl | Tel: +31 882 882 777
Enrique Bilbao Lazaro | Spain | ebilbaolazaro@deloitte.es | Tel: +34 666 500 907
Teemu Hokkanen | Finland | teemu.hokkanen@deloitte.fi | Tel: +35 820 755 5147
Paula Rosengren | Sweden | prosengren@deloitte.se | Tel:+46 70 080 24 24