Physical Security: The Value of Digitalisation

Current physical security industry trends 

When a physical security incident or disruptive event to operations occurs, there are immediate steps that organisations must take to have the best chance of recovering quickly. These include analysing, evaluating and responding to the incident. 

In many cases, organisations or physical security teams do not have an effective response plan in place to tackle the incident (or prevent it in the first place) and often take a reactive-only approach. This can lead to the amplification of a preventable incident or life-safety risk, resulting in lost productivity and higher costs for internal or third-party response and remediation. 

To give an example of a major incident, if someone was given unauthorised access to a perimeter or restricted area, the company or entity could experience loss of private data or intellectual property (IP) theft. 

Organisations need to leverage existing technologies and collaborate with various stakeholders to proactively prevent and detect these threats and risks — before they become incidents that may disrupt business operations.

The implementation of operational digitalisation is an emerging leading trend in physical security and risk mitigation, and it significantly reduces disruptions to organisations. Digitalisation is the process of transferring paper-based reporting to a digital system and integrating various facility technologies, security systems and risk sensing technologies into a centralised reporting system. These reporting systems adopt data analytics and customised event-driven reporting and actioning systems that present data in an easy-to-digest dashboard. Digitalisation can enhance overall physical security and ensure better and more timely analytical detection, response and recovery from an incident.

Reactive physical security 

Many organisations continue to have a reactive physical security approach — addressing an issue only after an incident occurs. This reactive approach usually happens when organisational stakeholder groups operate in silos or when there is infrequent sharing of day-to-day operational information and risks. This short-sighted approach limits collaboration and integration. 

Additionally, the use of independent system operations can increase costs and liability to an organisation. Simple unifying solutions, such as digital incident reporting software, can be leveraged across multiple stakeholder groups for reporting, analysing and aggregating incidents. 

In cases where organisations are using independent, siloed and often paper-based systems, here are some examples of the limitations:

• A lack of proper risk prevention. When risk sensing and risk prevention programs are not recorded, monitored, or even established, organisations can be left vulnerable to unknown risks, threats, breaches, catastrophic failures, asset loss and reputational damage. Data such as current trends, external threats, cyber threats, civil unrest and protests need to be collected and analysed to prevent a major catastrophic event. 
  
• The increased likelihood of stakeholders not receiving important information. Specifically, if guards and security groups continue to use independent paper-based reporting systems, pertinent stakeholder groups are unable to leverage the information contained within them or simply are left unaware of an incident. For example, a slip-and-fall incident may never be escalated to the appropriate stakeholder if kept only in written logs. Through the digitalisation of these paper-based records, organisations can create customised digital reporting systems or electronic logbooks to populate and track data in real-time. Digitalisation will allow physical security teams to aggregate and analyse the data collected efficiently. Furthermore, these digital incident-reporting systems can be leveraged across multiple stakeholder groups — including health and safety, facilities management and business continuity — with event-driven solutions and notification emails to the appropriate stakeholders. 
  
• Improper reporting. Physical security, building automation and visitor management systems should be integrated into a centralised database and reporting system. Otherwise, an organisation is not able to provide up-to-the-minute information such as occupancy levels, visitor locations, desk or floor utilisation, lighting and temperature settings, video analytics, intrusion zone status and people tracking for lockdown or evacuation procedures. This can increase operating costs and carbon footprint, and increase risk due to its inefficient tracking, reporting and operations.
  

Proactive physical security through digitalisation 

A proactive physical security program requires the use of digitalisation programmes and the promotion and collaboration of stakeholder groups. A resilient organisation relies on collaboration, information sharing and the capability to develop event-driven actions such as automated emails and customised alerts that come from the digitalisation and integration of various independent systems or operations. 

In the same manner that a cybersecurity operations centre monitors and detects cyber threats to a corporate network, the concept of a joint cyber and physical security operation centre can introduce the possibility of also monitoring physical threats to the organisation. Monitoring can be done through event-driven artificial intelligence (AI), digital closed-circuit television (CCTV), access control hardware and intrusion detection systems. The inclusion of other risk-sensing and risk-prevention solutions can also be leveraged.

To provide additional insight and understanding of where the promotion and collaboration of stakeholder groups can be achieved, independent system operations can be found in the following groups: physical security, guard services, human resources, cybersecurity, crisis management, health and safety, facilities management, risk management and other critical functions of the organisation.  

Using digitalisation can help organisations report and reduce risk by:

• Allowing security and guard services to report incidents and potential risks in real-time, reducing human errors
  
• Providing risk management groups and other stakeholders with real-time reporting
• Providing bidirectional security information, instructions and recommendations to incident-affected personnel
• Reducing carbon footprint and costs for facilities management
• Providing real-time tracking of visitors and staff 
• Implementing event-to-action alerts and incident response procedures
• Reducing facility evacuation or lockdown response times
• Automatically initiating incident alerts to appropriate stakeholders
• Tracking and populating trending data and recording performance and risk indicators

There are several ways for an organisation to take advantage of digitalisation, ranging from small incremental steps over an extended period to an accelerated full-scale overhaul of physical security technology transition. The digitalisation process can be customised based on the operating budgets and current maturity level of the organisation’s physical security program.

One major factor that may prevent an organisation from moving forward with enacting digitalisation is the cost it takes to transition from the current state to the target state. The cost of implementing digitalisation programmes can vary, but it is something that needs careful consideration and prioritisation from various stakeholder groups. 

Physical security programs need to cautiously balance the costs of protecting assets with the cost or loss of assets. Furthermore, the return on investment from digitalisation programmes will help identify cost-saving opportunities through the reduction of reliance on third-party security guard operations resources, the reduction of costs associated with insurance claims because of injury and the ability to protect the organisation from operations risks that may disrupt the business and overall revenue creation.

How digitalisation can make an impact

Through digitalisation and integration of systems, organisations can become more accurate at identifying and remediating risks, responding to incidents quickly, reporting on trends and reducing costs. Digitalisation can provide a single source of information and notify various stakeholder groups of trends, incident actions, etc.  

The investment into digitalisation is not exclusively focussed on the need to improve risk posture and identify cost-reduction strategies but, rather, the corporate responsibility to promote a culture of security awareness and protection of people and assets. Organisations should consider the importance of this proactive approach, assess how they are positioned in the face of a major incident and evaluate outcomes in the event of a major disruption to operations. 

If you would like to learn more or have a conversation with our team to discuss physical security digitalisation and integration, reach out to one of our subject matter advisors.

Contacts

Nathan Spitse | Global / Canada | nspitse@deloitte.ca | Tel: +1 519 281 6936

Michael Mueller | Germany | micmueller@deloitte.de | Tel: +49 151 5800 0362

Stefanie Ruys | Canada | struys@deloitte.ca | Tel: +1 647 355 8420

Agnieszka Eile | United Kingdom | aeile@deloitte.co.uk | Tel:+44 7867 156 191

Eddie Sin Keung CHIU | Asia | eddchiu@deloitte.com.cn | Tel:+86 10 8520 7110

Koen Magnus | Belgium | kmagnus@deloitte.com | Tel:+32 485 46 65 90

Kim Speijer | Belgium | kspeijer@deloitte.com | Tel:+32 478 64 27 27

Danny Tinga | Netherlands | dtinga@deloitte.nl | Tel:+31 610 452 304

Enrique Bilbao Lazaro | Spain | ebilbaolazaro@deloitte.es | Tel:+34 666 500 907