Your organization’s physical security program has two business objectives: to reduce security risks, and to reduce financial loss. It’s your job to initiate activities and make investments that will achieve those objectives. At the end of the year, you’ll need to prove a return on your investments. But how do you know if you have a positive ROI?
It’s very difficult to prove ROI on something like prevention. How do you know your efforts stopped something that never happened? Maybe it never would have occurred, even if you did nothing. How do you show that your security efforts actually reduced theft, injury or financial loss?
Proving ROI on Something That Never Happened
You can calculate an expected ROI on security, but it’s a formula that still depends on a best guess for the future—what might happen. It doesn’t actually prove anything, and there’s no guarantee that you’re actually saving money by implementing a particular solution.
The only way to show ROI for something that didn’t happen is by gathering statistical data over time. For example, We had 25 incidents last year, we implemented this solution, and saw a reduction of 12 percent, year-over-year. That’s the only way to know if your security and risk investments are paying off.
This is how most organizations measure the ROI on their physical security efforts. But most organizations are still shooting in the dark, because their ROI analysis is using the wrong data.
It’s not enough to measure data over time. You also need the right data, and plenty of it. If you’re only looking at numbers from your own organization, you don’t have enough information to determine the ROI on your physical security. Proving correlation takes more than one data source.
For example, let’s say you see a 15 percent reduction in one year. That looks great on the surface, but you need to prove that it was due to the solutions you put in place. If everyone in your sector had a similar reduction, that alters the significance of your results. Worse yet, what if other organizations saw a 25 percent reduction?
Circadian Risk Is Changing the Game
You can only show ROI on physical security when you have enough data to correlate trends with specific actions you take. And that can only happen by collecting and synthesizing data industry-wide.
That’s where Circadian Risk is leading the physical security and risk industry. Our software is built to collect data across organizations in every sector. From there, we can provide benchmarking information, which will let you know exactly how your results compare to the rest of the industry. That, in turn, gives you a better picture of your actual ROI.
This is the direction Circadian Risk is heading in, and it’s what makes our solution unique among risk assessment applications. We’re the only risk assessment company preparing to use analytics for comparison across sectors and organizations.
Handpicked related content: Instantly Combine Multiple Vulnerability Assessments into One Report
I Don’t Want to Share My Data
But wouldn’t collecting that kind of data reveal companies’ issues to the public? That’s a good question, because it’s critical to maintain organizations’ private issues. Otherwise, we’re actually undoing our security efforts!
Collecting anonymous security information won’t reveal any organization’s private information. Think of it like health trends. While protecting individual patients’ health data, the medical industry has a very keen eye on benchmarking health trends and statistical correlations. It’s one of the deepest fields when it comes to data collecting and trend spotting—yet, your own personal health information is private and secure.
Learn more about protecting your security data from the public.
Likewise, the cybersecurity sector has been collecting, analyzing and sharing industry-wide data for years. As a result, information security is light years ahead of physical security in this area. It’s time the physical security industry step up its game.
Is Physical Security Failing?
Security professionals need to start collecting and analyzing data so that companies nationwide can make truly intelligent decisions that benefit their bottom lines, as well as their physical safety. Circadian Risk software is the tip of that spear.
Until then, your ROI is just a guess. You can’t compare your numbers to the rest of your sector, so you don’t have the context you need to judge your success. If the physical security industry doesn’t take a corrective approach to this, we will fail at our jobs, because we won’t be able to intelligently prevent crime.Find out more about how Circadian Risk is leading the charge to collect industry-wide data. Talk to one of our security experts today.