Risk
Why Is The Security Industry Change-Averse?
The security industry has always been slow to embrace new technology.
You can see it at security trade shows: for years, the only technology at shows like GSX was cameras. You can see it at product demonstrations: a potential client or investor is interested in a new product, and they call in an expert to evaluate the solution. The expert turns it down, because the new solution doesn’t reflect the way things have always been done.
Like a user who rejects the latest version of software or a new layout on their favorite social media app, the physical security industry is cantankerous when it comes to change. Other industries might be plunging headfirst into Artificial Intelligence and other leading-edge tech, but security is just getting comfortable with data analytics and passive scanning.
So why is security so change-averse? Some of it has to do with who we are as an industry.
Change is risk, and our job is mitigating risk
People who work in security and law enforcement tend to want to avoid risk, not run right at it. New technology, a departure from the “way we’ve always done things,” seems risky because it’s new. Pair this with a lack of understanding of digital solutions and new platforms can seem threatening.
Because security is a trust industry, and most security pros are skeptical until a solution is proven to be safe and effective, adoption can be painfully slow. This can look like an expert deciding that paper reports are safer than digital reports, for example. It can also look like a CSO who insists every new platform be SOC 2 compliant, even if it doesn’t need to be.
Physical security comes from a law enforcement background
Unlike cyber and information security professionals, whose industry is focused on risk and the business impact of risk, physical security has a different focus.
Physical security is descended from law enforcement, which is traditionally focused on policing. Risk is something that was added later. Many security professionals have law enforcement backgrounds, and few have backgrounds in business risk. That means that many people in our profession have a different mindset when it comes to adopting a tool that might seem risky in the short term, even though that tool solves long-standing problems.
Innovators follow the money
When a startup is developing a solution, they want to make money. They’re unlikely to develop technology for an industry known for being a tough sell. No entrepreneur wants to create a solution that will be interrogated by CSOs, required to have certifications it does not need, and rejected by experts suspicious of change.
Instead, startups are making solutions they can sell. Until fairly recently, that has meant developing solutions for industries more willing to take a risk.
It doesn’t help that security has been considered a cost by many organizations. Some security professionals who might spend money on a new solution are often on a tight budget while company leadership spends money on the departments seen as revenue generators.
What does this mean for your business?
Risk is a necessary part of growth. Many industries advance by taking risks, but by avoiding it, we’re holding ourselves back.
While this mindset is beginning to shift, physical security still needs to wake up to the potential of new technology.
How can you create a proactive risk culture? Read the CSO Risk Council’s whitepaper about creating cultural change in your security organization.
About the Author
