One of the questions security professionals hate the most is, “What is the ROI of physical risk assessments?” It’s a tough question to answer, because security investments don’t generate a return. They’re labeled as a cost center, not a revenue center. On top of that, you’re paying to protect the company against something that may never happen. And if it does happen, there’s no guarantee that the security protocols you’ve put in place will be completely effective.
C-level executives are often the gatekeepers who make purchasing decisions about physical security. You need to be able to answer the ROI question in a convincing way. But how?
When most security consultants talk about the ROI of physical risk assessments, they usually talk about what could happen if the company doesn’t invest into security. But if you talk about the negative consequences of not investing, you’re pitching backwards. Instead, talk about the positive benefits when they do invest into physical security.
But just because security is seen as a cost center, that doesn’t mean you can’t answer the ROI question with confidence. There are ways to address ROI that are compelling and convincing. The key is to reframe the question by showing increased value, not revenue. Let’s look at a few ways to talk about the ROI of physical security.
Handpicked related content: Maximize Your Security Company’s Value with Circadian Risk
Physical risk mitigation might not generate revenue, but that doesn’t mean you can’t see a positive return. If you’re saving the company money by recommending better security equipment, that’s a positive ROI.
Show executives how security improvements can reduce the money that they’re already spending. For example, magnetic swipe cards need to be replaced every three years, or so. But moving from swipe credentials to RFID or biometric credentials eliminates the costs of replacement. There may be a larger upfront cost, but the overall savings benefits are much greater—and you’re increasing the quality of the building security at the same time.
Security assessments are just like any type of necessary cost for maintaining a company's success and growth. Think of a security assessment in these terms: “How important is the BRAND to an organization?” It’s vital. A true risk analysis will address the events that can affect the company’s brand reputation. It will show how to decrease the probability and severity of such incidents. What would happen to Amazon’s brand reputation if a security incident disrupts the AWS servers and millions of websites go down?
Companies need to see security assessments as the ability to retain revenue, not simply as a cost measure. Many companies wouldn’t survive a liability incident, so it is time to eliminate this stigma.
More Efficient Operations
What if physical security could help executives run the business more effectively? Today’s security technologies can integrate with other systems to streamline operations and increase business insights. For example, security readers can integrate with time-and-attendance software to track employees’ time in/time out. Surveillance cameras can integrate with analytics software to gain insight into customer behavior and business traffic.
Work with HR, IT and other departments to discover ways that physical security technologies can help improve the work they do. Then make the business case together to the C-level decision-makers.
Reduce Opportunity Costs
When you’re talking with executives, reframe the conversation from loss prevention to opportunity cost. An opportunity cost is what you miss out on when you choose to invest in one option over another one. You can’t choose both, and you have to choose one. Either you invest into physical security or you don’t. Company leaders are constantly weighing opportunity costs—it’s how they drive the business forward.
By presenting physical security options in the framework of opportunity costs, you’re speaking their language. The question of investing in security has nothing to do with increasing revenue—it has to do with preserving the company’s capital and most valuable assets. By improving the physical security of the facility, the opportunity costs are much lower than maintaining the status quo.
So when an executive manager asks for the ROI of your physical security recommendations, that’s your cue to reframe the conversation. Tell them, “The real issue isn’t the return on investment—it’s the opportunity costs involved in your decision.” Now you’re having a conversation about how you can help their business. And that makes you a solution provider, not merely a financial sieve.
Do the Right Thing
There are some things that you do, simply because they’re the right thing to do—not because they pad your bottom line. In the end, the real question is whether your executives will do what it takes to keep their people safe.
You can’t accurately predict which risk and vulnerability is going to show up on the facility’s doorstep. It’s possible that there will never be a tornado, or an intruder. But if the company’s leadership isn’t willing to adequately prepare for every reasonable risk, they’re sending a very powerful message to their employees: “You’re expendable.”
Security is a cost. But it’s also a major investment into the people who give themselves to the company every day. You can’t measure the effect that has on the employees, but you shouldn’t discount it, either. People work better for a company that cares about them.
Win the ROI Conversation
Reducing risk and vulnerability may never generate revenue, but that doesn’t make it a poor business investment. Dealing with the question of ROI can make you feel like you’re on the hot seat, but you can handle it confidently and convincingly. By reframing the question to show the business benefits of physical security investments, you can make a strong case to senior management.
Get more great security content delivered to your inbox—subscribe to the blog.