Physical Security: The Value of Digitalization

Current physical security industry trends 

When a physical security incident or disruptive event to operations occurs, there are immediate steps that organizations must take to have the best chance of recovering quickly. These include analyzing, evaluating, and responding to the incident. 

In many cases, organizations or physical security teams do not have an effective response plan in place to tackle the incident (or prevent it in the first place) and often take a reactive-only approach. This can lead to the amplification of a preventable incident or life-safety risk, resulting in lost productivity and higher costs for internal or third-party response and remediation. 

To give an example of a major incident, if someone was given unauthorized access to a perimeter or restricted area, the company or entity could experience loss of private data or intellectual property (IP) theft. 

Organizations need to leverage existing technologies and collaborate with various stakeholders to proactively prevent and detect these threats and risks — before they become incidents that may disrupt business operations.

The implementation of operational digitalization is an emerging leading trend in physical security and risk mitigation, and it significantly reduces disruptions to organizations. Digitalization is the process of transferring paper-based reporting to a digital system and integrating various facility technologies, security systems, and risk sensing technologies into a centralized reporting system. These reporting systems adopt data analytics and customized event-driven reporting and actioning systems that present data in an easy-to-digest dashboard. Digitalization can enhance overall physical security and ensure better and more timely analytical detection, response, and recovery from an incident.

Reactive physical security 

Many organizations continue to have a reactive physical security approach — addressing an issue only after an incident occurs. This reactive approach usually happens when organizational stakeholder groups operate in silos or when there is infrequent sharing of day-to-day operational information and risks. This short-sighted approach limits collaboration and integration. 

Additionally, the use of independent system operations can increase costs and liability to an organization. Simple unifying solutions, such as digital incident reporting software, can be leveraged across multiple stakeholder groups for reporting, analyzing, and aggregating incidents. 

In cases where organizations are using independent, siloed, and often paper-based systems, here are some examples of the limitations:

• A lack of proper risk prevention. When risk sensing and risk prevention programs are not recorded, monitored, or even established, organizations can be left vulnerable to unknown risks, threats, breaches, catastrophic failures, asset loss, and reputational damage. Data such as current trends, external threats, cyber threats, civil unrest, and protests need to be collected and analyzed to prevent a major catastrophic event. 
  
• The increased likelihood of stakeholders not receiving important information. Specifically, if guards and security groups continue to use independent paper-based reporting systems, pertinent stakeholder groups are unable to leverage the information contained within them or simply are left unaware of an incident. For example, a slip-and-fall incident may never be escalated to the appropriate stakeholder if kept only in written logs. Through the digitalization of these paper-based records, organizations can create customized digital reporting systems or electronic logbooks to populate and track data in real-time. Digitalization will allow physical security teams to aggregate and analyze the data collected efficiently. Furthermore, these digital incident-reporting systems can be leveraged across multiple stakeholder groups — including health and safety, facilities management, and business continuity — with event-driven solutions and notification emails to the appropriate stakeholders. 
  
• Improper reporting. Physical security, building automation, and visitor management systems should be integrated into a centralized database and reporting system. Otherwise, an organization is not able to provide up-to-the-minute information such as occupancy levels, visitor locations, desk or floor utilization, lighting and temperature settings, video analytics, intrusion zone status, and people tracking for lockdown or evacuation procedures. This can increase operating costs and carbon footprint, and increase risk due to its inefficient tracking, reporting, and operations.
  

Proactive physical security through digitalization 

A proactive physical security program requires the use of digitalization programs and the promotion and collaboration of stakeholder groups. A resilient organization relies on collaboration, information sharing, and the capability to develop event-driven actions such as automated emails and customized alerts that come from the digitalization and integration of various independent systems or operations. 

In the same manner that a cybersecurity operations center monitors and detects cyber threats to a corporate network, the concept of a joint cyber and physical security operation center can introduce the possibility of also monitoring physical threats to the organization. Monitoring can be done through event-driven artificial intelligence (AI), digital closed-circuit television (CCTV), access control hardware, and intrusion detection systems. The inclusion of other risk-sensing and risk-prevention solutions can also be leveraged.

To provide additional insight and understanding of where the promotion and collaboration of stakeholder groups can be achieved, independent system operations can be found in the following groups: physical security, guard services, human resources, cybersecurity, crisis management, health and safety, facilities management, risk management, and other critical functions of the organization.  

Using digitalization can help organizations report and reduce risk by:

• Allowing security and guard services to report incidents and potential risks in real-time, reducing human errors
  
• Providing risk management groups and other stakeholders with real-time reporting
• Providing bidirectional security information, instructions, and recommendations to incident-affected personnel
• Reducing carbon footprint and costs for facilities management
• Providing real-time tracking of visitors and staff 
• Implementing event-to-action alerts and incident response procedures
• Reducing facility evacuation or lockdown response times
• Automatically initiating incident alerts to appropriate stakeholders
• Tracking and populating trending data and recording performance and risk indicators

There are several ways for an organization to take advantage of digitalization, ranging from small incremental steps over an extended period to an accelerated full-scale overhaul of physical security technology transition. The digitalization process can be customized based on the operating budgets and current maturity level of the organization’s physical security program.

One major factor that may prevent an organization from moving forward with enacting digitalization is the cost it takes to transition from the current state to the target state. The cost of implementing digitalization programs can vary, but it is something that needs careful consideration and prioritization from various stakeholder groups. 

Physical security programs need to cautiously balance the costs of protecting assets with the cost or loss of assets. Furthermore, the return on investment from digitalization programs will help identify cost-saving opportunities through the reduction of reliance on third-party security guard operations resources, the reduction of costs associated with insurance claims because of injury, and the ability to protect the organization from operations risks that may disrupt the business and overall revenue creation.

How digitalization can make an impact

Through digitalization and integration of systems, organizations can become more accurate at identifying and remediating risks, responding to incidents quickly, reporting on trends, and reducing costs. Digitalization can provide a single source of information and notify various stakeholder groups of trends, incident actions, etc.  

The investment into digitalization is not exclusively focused on the need to improve risk posture and identify cost-reduction strategies but, rather, the corporate responsibility to promote a culture of security awareness and protection of people and assets. Organizations should consider the importance of this proactive approach, assess how they are positioned in the face of a major incident, and evaluate outcomes in the event of a major disruption to operations. 

If you would like to learn more or have a conversation with our team to discuss physical security digitalization and integration, reach out to one of our subject matter advisers.

Contacts

Nathan Spitse | Global / Canada | nspitse@deloitte.ca | Tel: +1 519 281 6936

Michael Mueller | Germany | micmueller@deloitte.de | Tel: +49 151 5800 0362

Jean-Francois Allard | Canada | jeallard@deloitte.ca | Tel: +15143937147

Stefanie Ruys | Nordics & Denmark | steruys@deloitte.dk | Tel: +45 30 93 52 87

Agnieszka Eile | United Kingdom | aeile@deloitte.co.uk | Tel: +44 7867 156 191

Eddie Sin Keung CHIU | Asia | eddchiu@deloitte.com.cn | Tel: +86 10 8520 7110

Koen Magnus | Belgium | kmagnus@deloitte.com | Tel: +32 485 46 65 90

Kim Speijer | Belgium | kspeijer@deloitte.com | Tel: +32 478 64 27 27

Danny Tinga | Netherlands | dtinga@deloitte.nl | Tel: +31 610 452 304

Enrique Bilbao Lazaro | Spain | ebilbaolazaro@deloitte.es | Tel: +34 666 500 907

Teemu Hokkanen | Finland  | teemu.hokkanen@deloitte.fi | Tel: +35 820 755 5147

Paula Rosengren | Sweden | prosengren@deloitte.se | Tel:+46 70 080 24 24