Agriculture/Farming/Food Manufacturing
Budget Trends:
Increased: 67%
Decreased: 33%
No Change: 0%
Security Budget/Employee $800.24
Security Budget/Revenue .23%
Critical Issues:
• Budgets
• Food Defense and Regulatory Changes
•
• Training
Food defense is the protection of food products from intentional adulteration by biological, physical or radiological agents. It manages risks including physical, operational and personnel security.
“Food defense did not begin with DHS, it started with Tylenol,” explained one security executive, during a recent interview. Yet among security leaders in this sector, navigating regulations that may not improve the safety and security of our nation’s food supply is a challenge. Combining increased regulatory requirements with downsizings/restructurings and budgets reductions can have a negative impact on preparedness and risk management.
While all of the companies in this sector compete for market share, they also collaborate with law enforcement when it comes to risks. Several joint projects have been created to identify the probability of certain threats, such as terror, just as these companies do with weather or natural disaster to manage their risk to food supply disruptions. The collaborative approach has enabled companies to assess threats and identify whether a threat is credible.
Food defense is a very broad tent including such new threats as Asian carp, which are threatening the
The regulatory issues impacting the food defense industry bleed between food safety and food defense. For example, improving supply chain management is a broad initiative and includes both e Coli (food safety) and the intentional adulteration of wheat gluten and milk formula with melamine in 2007 and 2008 (food defense). As a result, organizations are required to better integrated current security programs into the business units or create new, separate security operations within the business units.
Current legislation being considered in Congress will require food and beverage companies to modernize their food defense programs. At the center of food defense is the USDA Food Safety and Inspection Service (FSIS), which is expanding its reach and requiring greater food defense programs and the ability to inspect those programs. Experts in the sector have warned that terrorists may target the food supply and that organizations should anticipate and prepare for potential attacks at the board level.
Business Services
Budget Trends:
Increased 29%
Decreased 0%
No Change 71%
Security Budget/Employee $1,031.24
Security Budget/Revenue 1.33%
Critical Issues:
• Compliance
• Budget
• Technology Upgrades/Project
Management
• Cyber Security
• Business Continuity Planning
• International Security
• Insider Threats
• Training
• Counterintelligence
Business Services, by its nature, requires its employees to work in a consultative capacity at a client organization most of the time. Last year the concept of shared risk was identified within this sector. When your employee is working at a client location, you anticipate that the employee will have a reasonable level of security. Similarly, that organization expects that your employee will behave in an appropriate manner.
The
At a more complex level are employees in high-risk environments that are housed in a secure compound or area with restricted movements. These people require rest and recreation leaves on a regular basis, so logistics for safe and appropriate travel (they are representing the brand) require polices and planning.
Understanding the risks to the organization both externally and internally includes training employees on protecting company assets, especially the intellectual property of their clients as well as their own. Training employees to understand and adhere to polices and security best practices is a key element for successfully managing risks. Externally, counterintelligence efforts to identify risks, such as organized crime, in a specific area are proving successful. Business service companies compete for business, but they have also pooled their resources to identify threats and share information.
The move for business resilience and emergency management within the security function has been a business driver for this sector. Companies are able to remain in place and function for their clients, avoiding lost time and revenue due to outages or evacuations.
As the business has increased, so has security spending in this sector. Yet, security is finding ways to economize, especially in credentialing employees for multiple access or identification requirements. By centralizing this function, companies are able to get people where they need to be in a more efficient manner.
Construction, Real Estate & Property Management
Budget Trends:
Increased 50%
Decreased 0%
No Change 50%
Security Budget/Employee $1,400
Security Budget/Revenue 1.23%
Critical Issues:
• Training
• Funding/Budgets
• Physical Security Enhancements
According to The Society of Industrial and Office Realtors (SIOR) Commercial Real Estate Index, commercial real estate is predicted to be flat after 11 consecutive quarterly declines. High unemployment rates continue to push down vacancies, rents and new construction demand. However, the forecast shows a flattening in this market. And in an attitudinal survey of more than 700 local market experts, nearly nine in 10 indicated “new commercial development is virtually nonexistent in their market areas, and rent concessions are reported almost everywhere.” The National Association of Realtors does not forecast an upturn in office or warehouse space before 2011.
According to Kroll, a leading risk consulting company, undetected criminal activities on multimillion dollar construction projects can increase construction costs as much as 20 percent. Projects also fail or result in serious long-term liability. The ROI model for companies in this sector to manage risk and prevent theft is measurable and significant.
Diversified Companies
Budget Trends:
Increased 40%
Decreased 0%
No Change 60%
Security Budget/Employee $997
Security Budget/Revenue .29%
Critical Issues:
• Funding/Budget
• Crisis Management
• Domestic Terrorism
• Business Resilience
• Workplace Violence
• Security Employee Retention
• Institutional Buy-in
• Supply Chain Risk
• Managing Security Technology
General Electric is as big, diverse and complex as a company comes in this day and age. The global security organization focuses on the security infrastructure issues such as regulatory, travel and executive protection. It also sets strategy and integrates enterprise risk management with other departments, including IT and Environmental Health and Safety. Due to the many unique businesses and people within GE, from nuclear to appliance manufacturing to banking, the security leaders at those units are able to create programs that meet their unique requirements for risk management. “Every day we demonstrate our relevance by anticipating and solving problems,” said Frank Taylor, VP and CSO at GE in a recent Security magazine interview.
Education: K-12
Budget Trends:
Increased 38%
Decreased 25%
No Change 38%
Security Budget/Employee $532.47
Security Budget/
Operations Budget .68%
Security Budget/Student $56.77
Critical Issues:
• Funding/Budget
• Technology
• Staffing and Hiring
• Crowd Control
(school-related events and sports)
Budgets are the biggest issue impacting the K-12 sector. Compliance with fire and life safety requires fixed spending, thereby reducing the ability to manage risk in a very dynamic threat environment with strained resources. “Doing more with less” is the new normal.
Education: Colleges and Universities
Budget Trends:
Increased 47%
Decreased 6%
No Change 41%
Security Budget/Employee $2,145
Security Budget/
Operations Budget .99%
Security Budget/Student $458
Critical Issues:
• Funding/Budget
• Security Technology
• Training
• Hiring/Retaining Personnel
• Drugs/Alcohol Abuse
• International Expansion
• Facilities Management
• Student Mental Health Issues
• Student Compliance
Three years after the Virginia Tech massacre, the United States Secret Service, Department of Education and FBI released their report, Campus Attacks: Targeted Violence Affecting Institutions of Higher Education. One key outcome of the report was the 2008 amendment of the Jeanne Clery Disclosure Act that requires colleges to have a campus emergency response plan.
The Campus Attacks report concludes that the College and University sector simply has to do more to identify individuals, assess the intent and ability of those individuals to execute a threat and ultimately, manage that threat to disrupt an attack.
Finance/Insurance/Banking
Budget Trends:
Increased 36%
Decreased 14%
No Change 43%
Security Budget/Employee $930
Security Budget/Revenue .67%
Critical Issues:
• Funding/Budget
• Globalization
• Training
• Security Technology
• Cyber Crime
• Regulatory Compliance
• Retaining Personnel
• Terrorism
• Mobile/Contract Work Force
In addition to the friendly security guard at the door, banks have video cameras, monitoring centers and sophisticated best practices to thwart would-be thieves. Yet, the FBI’s most recent report on bank robberies shows that during the third quarter of 2009, there were 1,212 reported violations of the Federal Bank Robbery and Incidental Crimes Statute. There were 1,184 robberies of financial institutions and 28 burglaries reported between July 1, 2009 and September 30, 2009.
Assets, including cash, were taken in 90 percent of the incidents, totaling more than $9.4 million. Yet more than $2.2 million was returned. Acts of violence were committed in five percent of the incidents, resulting in 26 injuries, five deaths (the perpetrators), and 32 people being taken hostage.
The bigger risk for this sector is cyber crime, insider threat and insurance fraud. The boom in online banking has resulted in a boom in phishing and online scams to gain access to bank accounts. According to the FDIC, in the third quarter of 2009, hackers stole $120 million from consumer accounts. Small businesses are also facing cyber crime, but their commercial deposits are not covered by the protections that protect consumer accounts. The FBI focuses cyber crime as its third largest priority after terror and intellectual property theft, and estimates losses in the hundreds of millions of dollars due to hacking into ATM machines and electronically forging transfers.
Internal threats are equally vexing. The biggest reported case of data theft by a financial insider was Bank of America, which recently agreed to pay for credit monitoring, identity theft insurance and reimbursement for losses to as many as 17 million consumers who dealt with its Countrywide Financial mortgage unit.
In another example, the personal information of 3.3 million student loan customers recently was exposed. Educational Credit Management Corp. said the data included names, addresses, Social Security numbers and birth dates of borrowers.
The increases in regulatory compliance, damage to brand and cost of making customers whole after a breach are driving this sector to better secure online accounts, educate customers to keep access information secure and protect confidential information.
Progress is being made. The results of a Deloitte survey, The Faceless Threat, revealed that this sector is moving from being late adopters to trying new technologies and solutions to becoming innovators or early adopters for risk management and security. Those identified as innovators or early adopters jumped from 18 percent to 26 percent (2009 versus 2010). Their five biggest priorities are:
Identity and access management 46%
Data protection 39%
Security infrastructure improvement 36%
Regulatory and legislative compliance 34%
Training and Awareness 33%
Government (Federal, State & Local)
Budget Trends:
Increased 10%
Decreased 40%
No Change 50%
Security Budget/Citizen $494
Security Budget/Revenue 7.5%
Critical Issues:
• Budget/Funding
• Training
• Security Technology
• Regulatory Compliance
• Business Continuity
• Asset Protection/Theft
The Department of Homeland Security (DHS) is heavily invested in prevention in this sector, as its core mission explains:
1. Prevention of terrorism.
2. Protection/prevention of border security.
3. Management of immigration and prevention of illegal immigration.
4. Prevention of cyber crime and cyber terror.
5. Resilience and response to events and disasters.
6. Strengthen the homeland security enterprise.
Keys to this program are two major investments that are exciting and showing results. First are the University-based DHS Centers of Excellence (CoE). There are 16 CoE’s, three of which are internationally-based. The other 13 are located within leading Universities such as USC, MSU, Texas A&M, John Hopkins, UNC, Purdue, Rutgers, the
A critical government security issue is whether they employ military or civilian assets? If a terrorist is in
Mike Chertoff, former DHS director, expects DHS to focus its efforts in the coming years on:
1. Security that can be employed by military or civilian authorities quickly to make awareness and intelligence available to identify threats and the proactive use of information to take action. For example, recently, the
2. Bio terror sensors and sound sensor technology will continue to be deployed to gain information faster and analyze it for improved situational awareness. The goal is to improve security without slowing processes, so acceptance relies on technology being friendly to all stakeholders.
3. Cyber-terrorism. A secure architecture is required to protect the Internet while enabling service and access.
4. Border security will continue to be a major issue for DHS, Congress and the public.
On the money front, many state and local security and emergency operations programs are funded by DHS, especially through FEMA. The ten FEMA regions drive preparedness goals for 50 states and six regions through its $4 billion budget.
Most of the FEMA grants go to fire departments and to state agencies, including state level DHS or Offices of Emergency Management. You would think it would be easy to hand out that sort of green to the many unprepared communities across our land. But it is not. Often the grantees underestimate costs, get a grant and then engage the system integrator or contractor, only to learn they can build half a fire station. Environmental red tape can delay a project past the grant’s deadline. If the grantee does not seek an extension, the grant is lost.
The FEMA grant program directorate is a one-stop shop with great customer service and transparency for all stakeholders to ensure that preparedness is achieved and funds are well invested. From 2003-2007, 56 percent of their $10.6 billion in grants went to five core capabilities:
• Communications
• Critical Infrastructure
• Hazardous Materials/Weapons of Mass Destruction
• Emergency Planning
• Chemical, Biological, Radiological, Nuclear and Explosives (CBRNE) Detection
Healthcare/Pharmaceutical
Budget Trends:
Increased 80%
Decreased 0%
No Change 20%
Security Budget/Citizen $375
Security Budget/Revenue 7.5%
Critical Issues:
• International Travel/Employee Security
• Business Continuity/Crisis Management
• Regulatory Compliance
• Budget/Funding
• Physical and Intellectual Property
• Workplace Violence
• Supporting Business Goals
The Healthcare sector is defined by companies that research, manufacture and distribute healthcare related products including pharmaceuticals, medicines and services. It is unique from hospitals and medical centers that provide healthcare related services
to patients.
The healthcare sector protects its product from:
• Counterfeiting
• Theft in the supply chain
• Prescription drug diversion
• Fraud: Doctor/Recipient/Pharmacy
• Intellectual Property
• Property Damage
• Internal Threats
The Center for Medicines in the Public Interest estimates that counterfeit medicine sales will reach $75 billion worldwide this year (a recent Wall Street Journal blog by Carl Bialik questions this estimate. See Dubious Origins for Drugs, and Stats About Them. 9/9/10).
Still, a recent report in
Recently, Dr. Marla Ahlgrimm of Madison, Wisc. was arrested by the FBI. She and her alleged partner Balbir Bhogal are accused of shipping millions of pills from
According to the Pharmaceutical Security Institute (PSI) the numbers are staggering. Counterfeiting increased 9.2 percent over the past year. PSI has identified 808 counterfeit pharmaceuticals in 2009, a 36-percent jump from 2008. And it found counterfeit drugs in 118 different countries. Of great concern are the 531 incidents where the counterfeit products reached the legitimate supply chain, including licensed wholesale distributors and/or pharmacies in 48 countries. PSI noted that 472 of the 978 seizures made included “commercial” size shipments.
The actual number matters less than the risk of death or injury due to counterfeiting. Peter Pitts, president of the pharmaceutical industry-backed Center for Medicine in the Public Interest said in Carl Bialik’s WSJ article: “To belittle the problem of the developing world because of numbers you can’t substantiate is very unfair. If we wait to count the bodies, we only have ourselves to blame.”
The industry has used innovation that includes adding inert substances to the product, known as excipients, for the covert identification of genuine pharmaceuticals. The FDA has also identified that a paper trail through the supply chain, including chain of custody, is the fastest and least disruptive way to track shipments. RFID tags on each container combined with optical secure labeling technologies are also proving effective.
In addition to product security, this sector faces many of the similar risk management challenges of other sectors, including employee travel and security, insider threats and physical security issues. For example, earlier this year, thieves stole $75 million in drugs from an Eli Lilly & Co. warehouse in
Hospitals/Medical Centers
Budget Trends:
Increased 41%
Decreased 23%
No Change 36%
Security Budget/Employee $1,123
Security Budget/Revenue 3.08%
Critical Issues:
• Budget Funding
• Staffing/Manpower
• Training
• New Facility/Construction
• Asset Protection
• Security Technology
• Regulatory Compliance
• Workplace Violence
• Access and Crowd Control
• Employee Travel
The Hospital/Medical Centers sector is defined by those companies that provide healthcare related services to patients. It is unique from the Healthcare sector, which is defined by companies that research, manufacture and distribute healthcare-related products, including pharmaceuticals, medicines and services.
Workplace violence is rampant in this sector. Recent studies have documented the dangerous work environment that nurses face. More than half of the 3,465 health workers surveyed last year by the Emergency Nurses Association reported they’d been hit, spat on or physically assaulted while on the job. About 25 percent said they had experienced 20 or more acts of physical abuse during the previous three years.
And more than half of the nurses surveyed for Violence Against Nurses Working in U.S. Emergency Departments cited one or more of the following as precipitating factors when they experienced abuse:
• Patients or visitors under the influence of alcohol or illicit drugs
• Psychiatric patients being treated in the emergency department
• Crowding
• Prolonged wait times
• A shortage of emergency department nurses
At
As a result, CSOs in this sector noted training, budgeting/staffing and workplace violence among their most critical issues. At the same time, this sector is facing increased regulatory compliance to reduce risk for both patients and employees. For example, one regulation impacting hospitals that accepts Medicare and Medicaid patients and money (Centers for Medicare and Medicaid Services) requires a standard of security, including risk management programs related to secure access control, emergency room violence and visitor management.
In addition to regulatory pressure and fine avoidance, hospitals are relying on technology to better track visitors, restrict access and monitor employee, patient and visitor behavior. At leading hospitals in this sector, the security officers act as greeters to first identify risky behavior, securely escort people and respond to events.
Beyond the day to day issues of workplace violence, asset tracking and regulatory compliance, hospitals face heightened guidelines for business resilience and emergency planning. Hospitals need to plan for the possibility of both an evacuation and a rush of patients and that requires the designing, training and practicing realistic drills in a 24/7 work environment, all on a limited budget.
Overall, budgets increased in this sector due to increased risks, events and construction/expansion. But perhaps it’s not at the level needed to support such a significant rise in security related events.
Hospitality/Casinos
Budget Trends:
Increased 30%
Decreased 20%
No Change 40%
Security Budget/Employee $499.57
Security Budget/Revenue .59%
Critical Issues:
• Budget/Funding
• Security Technology
• Training
• Regulatory Compliance
• Crisis Management
• Counter Intelligence
• Internal Theft
• Terrorism
• Liability
The Hospitality/Casinos sector has been altered to measure hotels with casinos and hotels without casinos to give better metrics to the participating benchmarking organizations. Among the participating hotels, the number of keys in the organization ranged from 500 for a single location hotel/casino to more than 400,000 for a global chain.
The risk management challenge for this sector has increased as a result of the Mumbai terrorist attacks and recent suicide bombings, most recently this past August at the Muna Hotel in
This is a significant business issue for this sector because corporate travel programs are being relocated to the security department in many enterprises. And they are tracking hotel and airline safety records and security programs. Those that do not meet their security criteria will not get that company’s business. Plus, there is the threat of social media and Internet sites posting negative guest experiences and reviews by individual and small business travelers. Yet only 50 percent of those participating in the survey have an emergency management or evacuation plan in place.
This sector is also vulnerable to cyber crime, especially credit card hacking and fraud. Recently, HEI Hospitality, an owner of Marriott’s, Sheraton’s and Westin’s hotels notified more than 3,400 guests that their credit card data had been compromised due to a point of sale (PoS) intrusion. The Payment Card Industry (PCI) sets Data Security Standards for protecting this data and it released new security requirements earlier this year.
Casinos are facing a recession in gaming revenue but an increase in those that believe they can successfully steal from casinos. And while they are focused on protecting their guests, they are very intent on protecting their casino floor and their money. Like the broader hotel space, casinos are battling budget cuts, competition for qualified surveillance and security employees and an increase in thefts and fraud attempts at their facilities by both guests and employees.
While the most frequent issues CSOs in this sector face include internal theft issues, guest safety and slip and fall frauds, the risk management issues are growing. Across this sector, the realization that they cannot “hire and spend” their way to managing risk has resulted in new security technology investments to better manage access, monitor activity and maintain a constant and consistent level of security within budget constraints.
Industrial & Manufacturing
Budget Trends:
Increased 27%
Decreased 18%
No Change 55%
Security Budget/Employee $465.44
Security Budget/Revenue .98%
Critical Issues:
• Brand Protection
• Funding/Budget
• Regulatory Compliance
• Security Technology
• Training
• Cyber Security
• Business Continuity/Crisis Management
• Emerging Markets
• Geopolitical Risk/Global Unrest/Economic Instability
• Intellectual Property
• Workplace Violence
At the top of the critical issues list is protecting the brand as related to counterfeit products. According to Brian Monks, vice president of anti-counterfeiting operations for Underwriters Laboratories, “counterfeiters operate much like drug smugglers.” The North American and European markets are receiving fake electrical goods with brand name logos that are indistinguishable from the real ones. Buyers reacting to low prices create an increased risk of fire damage, injury or death, as reported in Electrical Apparatus by Richard Nailen. Jim Hutton, global CSO at Proctor and Gamble adds, “I am amazed by their speed and sophistication.”
Having intellectual property stolen by foreign nationals or insiders to create counterfeits is a key “brand protection” issue and one that CEOs are just beginning to pay attention to. Typically a CEO’s timeline is short, and protecting IP at the R&D stage receives a low priority. The FBI’s program to educate and help companies secure their IP has been effective. About one-third of all economic espionage investigations are linked to Chinese government agencies, research institutes, or businesses, according to the FBI.
Counterfeiting is a $600 billion business, and according to the World Counterfeiting Organization, it hits most manufactured products. In 2006, the U.S. Congress estimated that 15 percent to 20 percent of all goods manufactured in
Bar Coding Lost or Date Codes 67%
Printing 46%
Tampering 27%
Bar Coding NDC or UPC 24%
Mass Serialization using Bar Codes 15%
RFID tagging of items 13%
Taggants or markers 8%
Special Substrates or materials 7%
Mass Serialization using RFID 5%
Holography 4%
This sector is still feeling the global recession’s impact on sheltered facilities that still need to be secured and the increased risk at those facilities for valuable commodities, including copper tubing or idle equipment to be stolen as well as liability risk for trespassers who may be injured or killed.
Ongoing manufacturing operations require global policies for all employees, facilities and business partners to ensure both security and safety goals that appropriately identify and manage risks. Tightening supply chain policies to only accept deliveries from approved and recognized partners integrated with “chain of custody” security measures through authorized distribution partners is key to protecting brands. Training is central to implementing and enforcing the policies and programs that bring regulatory compliance, product integrity, asset management and people identification and tracking together. Manufacturing requires a fluid supply chain and resourcing of both valuable and sometimes hazardous/regulated goods.
One best practice to review in this sector is that used by chemical companies, such as Dow Chemical, which is using experts to study their sites vulnerabilities based on methods developed at Sandia National Labs and that adhere to the American Chemistry Council’s Responsible Care Security Code. Dow exceeds this code and integrates its Emergency Services and Security auditing and process safety programs to create an integrated approach to risk management. Dow has also committed to continuous improvement and sustainability programs at its facilities. Despite this enterprise-wide program, a recent Greenpeace inspection at a 5,000 acre Dow Chemical production plant with 65 facilities in
Information Technology, Communications & Media
Budget Trends:
Increased 29%
Decreased 42%
No Change 29%
Security Budget/Employee $8766
Security Budget/Revenue 75%
Critical Issues:
• Security Technology/Convergence
• Intellectual Property
• Regulatory Compliance/Program Documentation
• Global risk management due to
expansion and business requirements
• Employee Travel
• Budget/Funding
• Crisis Management and Emergency Planning
• Workplace Violence
Protecting intellectual property is among the most critical business issues impacting this sector. Software companies, for example, spend significantly and work with government agencies globally to identify and stop illegal software counterfeiting and unlicensed duplication. Media companies work to prevent illegal distribution of movies and music. And the hardware companies, like Apple, fight a constant battle against iPhone, iPod and iPad confidential information leads.
Two Apple episodes noted by Gizmodo include the infamous Apple iPhone 4G prototype being left in a bar by an engineer and an Apple engineer showing the company’s new iPad to Steve Wozniak, Apple co-founder and to an employee. Due to Apple’s security policies and procedures, the engineer who left the iPhone in a bar did not violate Apple policies – he did not leak information, act with malice or violate his NDA. However, the engineer who had permission to remove the iPad from the secure area after midnight on its launch day, but apparently not to show it off, did so for two minutes outside and was fired. Navigating policy, training people to understand and follow policies and managing security in this environment to protect intellectual property is among the role’s greatest challenges.
Traditional global risk management challenges related to infrastructure issues including upgrading security technology and aligning with business goals to support global expansion, including employee travel and increased risk management are critical areas of focus. The impact and consolidation of business resilience into the security role is also noted among survey participants.
Internal threats are significant in this sector by the nature of the employees’ skill sets and the mobility of the company’s products and intellectual property. Having clear policies, training and monitoring software to identify a virtual custody chain on access to information requires coordination between IT and security programs.
While the challenges are significant in this sector, the budget pressure was not as significant as in other sectors. Programs for corporate and physical security to protect employees in the workplace and while traveling, implementing effective business resilience programs and adhering to compliance legislation require funding, management and effective policies and training.
Retail/Restaurants/Convenience Stores/Food Service
Budget Trends:
Increased 44%
Decreased 17%
No Change 39%
Security Budget/Employee $939
Security Budget/Revenue 35%
Critical Issues:
• Loss Prevention including:
Shrink Reduction/Inventory
Control/Return Fraud
Organized Retail Crime
Internal Theft
Burglary/Robberies
• Security Technology
• Funding/Budget
• Staffing/Training
• Regulatory Compliance
• Supply Chain/Distribution
• People Security/Safety
• Product Tampering
Despite the decline in retailing and dining out due to economic conditions, security spending in this sector was strong with 83 percent of participants having increased or equal budgets versus 2009. Fueling this investment is the increase in shrink due in large part to organized crime and to the recession that has led more employees and guests to steal.
The August 2010 Annual Retail Theft Survey by Jack L Hayes International shows the loss prevention challenges and results of increased LP programs. The results are staggering. According to the report, 15 of the 25 retailers had an increase in shoplifting apprehensions, while 20 of 25 retailers reported a decrease in dishonest employee apprehensions. More than 1 million shoplifters and dishonest employees were apprehended in 2009, a 15 percent increase over 2008. More than $163 million dollars in goods were recovered.
While the shoplifter apprehensions increased, the dishonest employee apprehensions decreased. Yet, one in every 28.4 employees was apprehended for theft from their employer in 2009. And dishonest employees steal about 6.6 times more than shoplifters ($728.90 versus $110.14).
The Hayes report addresses overall shrink issues for retailers, but within these numbers is the troubling growth of organized retail crime. The National Federation of Retailers reports losses from ORC Rings between $15 billion to $30 billion annually and 89 percent of their members reported being victims of ORC. The problem has become significant enough that legislation has been introduced to establish a new unit within the Department of Justice to investigate and prosecute ORC. Unlike the shoplifter who typically steals products for personal use, ORC members are professional thieves who consider stealing and reselling goods for a profit their vocation and main source of income.
While a substantial investment in loss prevention tagging and RFID technologies has been made to reduce shrink in the supply chain as well as by employees and shoplifting, the numbers are not proving that these investments are truly effective. Further, retailers cannot “outman” the problem with security personnel. Innovative technologies will continue to be critically tested by both retailers and retail thieves.
Transportation, Logistics, Supply Chain, Distribution & Warehousing
Budget Trends:
Increased 56%
Decreased 11%
No Change 33%
Security Budget/Employee $640.71
Security Budget/Revenue .37%
Critical Issues:
• Budget/Funding
• Cargo Theft
• Regulatory Compliance
• Security Technology
• Fraud
• Workplace Violence
• Border risk and violence
• Business Continuity
• Supply Chain
• Training
• Background/Personnel Checks
The size and scope of this sector makes security a daunting task. As a result, the only successful approach is business first, which means a risk management focus. By first identifying the greatest risks and then mitigating those, security professionals have a significant opportunity to protect the most valuable assets and reduce losses.
Among the most effective mitigation techniques is to instill a security-minded culture among employees and contractors to keep an open eye and report suspicious activity or irregular visitors. Supporting that goal requires regular training, security audits and technology to restrict access, know when an access policy has been violated and use surveillance for situational awareness.
Regulatory compliance is also driving security and risk management investments in this sector. Department of Homeland Security regulations such as TWIC, CFATS, C-TPAT, MSTA and Rail Security Standards all require implementation and reporting programs to achieve and document compliance. Identification badges, inventory tagging/controls, surveillance and creating restricted areas reduce risk and improve security.
A challenge for this sector is that the size of the problem is unknown. Unlike retail loss prevention that has significant benchmarking and participation, the size of cargo theft is unknown. A recent interview in Risk Management Monitor by Emily Holbrook with Michael St. Hill, director of insurance services for ISO crime analytics, noted that in the first quarter of 2010, LoJack reported 212 cargo theft related supply chain
disruptions.
“It’s very hard to determine accurate trends without national statistics. There are reports out there that estimate cargo theft as a $30 billion problem, but there are other reports that state that it’s a $5 billion problem. Regardless of where we are in the spectrum, it’s still a huge problem that is continuing to grow,” said Michael St. Hill in the interview.
One new solution that will help companies in this sector better measure the problem and therefore the true cost to business and risk mitigation investment needed is CargoNet.
“CargoNet is the first nationalized system that addresses the problem of cargo theft through data sharing. With that system in place, we would now be able to aggregate accurate data,” explained St. Hill.
Utilities and Energy (Power, Electric, Gas, Nuclear, Water)
Budget Trends:
Increased 40%
Decreased 20%
No Change 40%
Security Budget/Revenue 8.56%
Critical Issues:
• Regulatory Compliance
• Workplace Violence
• Asset Protection/Theft
• Security Technology Projects
• Training
•
• Crisis Management
• Cyber Security
• Travel Security
Utilities are at the heart of the
The shift to a smart grid in this sector has created a new industry that focuses on cyber security guidelines. The National Institute of Standards and Technology (NIST) issued its first Guidelines for Smart Grid Cyber Security, which includes a framework to assess risks and prevent attacks in a layered or “defense in depth” approach to address the diversity and evolution of cyber threats.
On the physical side of security, perimeter protection to ensure accurate credentials to detect or prevent intrusion, especially at remote locations, is getting significant attention and investment. This has been critical for water service providers. One resource is the web site waterisac.org, which was created by drinking water and wastewater utility managers to:
• Provide tools for identifying and managing risks.
• Help managers target limited resources where they are most needed.
• Arm utility directors and security personnel with critical knowledge and best practices.
• Communicate threat warnings and incident reports to water systems, 24/7/365.
• Save time and effort by serving as a clearinghouse for government and private resources.
This sector also benefits from regulatory compliance in the form of DHS grants. DHS funding to meet compliance goals and improve security for critical infrastructure will continue to be a major driver for projects in this sector.
As utilities align security with business goals that require modernizing the control systems to a network vulnerable to malware and cyber attack, security must focus on enterprise risk management and ensure the products being purchased to manage the utilities processes are secure from unintended access.