Data driven security is a concept utilized by organizations operating in a constantly changing environment to effectively manage the dynamic risks which challenge their organization. Security professionals operating in today’s increasingly competitive environments face the unique challenge of providing security that reduces crime and loss, is cost effective, and does not expose their organizations to undue liability. Success can only be achieved through a carefully orchestrated balancing act of three factors:
– Selecting and deploying effective security measures
– Working within budget limits
– Reducing liability exposure
Data driven security is an effective way of balancing those factors. In order to be successful at this balancing act, security professionals must not only be knowledgeable about security, but they must also be good business decision makers and risk managers. They must use security measures that are effective at reducing loss and preventing crimes to their property, their employees, and most importantly, their customers. These security measures must not exceed the security department’s budget and preferably, provide a measurable return on investment. The security program should also effectively manage risks to the organization and its assets, including liability exposure for negligent or inadequate security.
Data driven security can ensure that security professionals are successful in all three of the factors outlined. How can security professionals justify a sizable and increasing security budget to senior management? By now, most security professionals are keenly aware that a security program’s success depends on the commitment and support, or buy-in from senior executives. Using anecdotal evidence to justify spending on physical security measures and costly protection personnel no longer suffices. A data-driven security program helps management understand that security is more than a cost center, it justifies expenses to senior management by showing the proof of success that can garner that necessary buy-in and demonstrate a convincing return on investment.
Data driven security refers to using measurable factors to drive a security program. While not all elements of a security program lend themselves to measurement, many components can be measured effectively. A commonly accepted business paradigm states, what cannot be measured cannot be managed. Some would argue that the security is more of an art than a science. While they are correct, the business of security is not an art. The security department is a business unit, not unlike other business units within an organization that must justify its existence.