Security directors face rapidly evolving threats that require broadening their expertise and strategies to prepare for, prevent, and respond to incidents. Yet many organizations still view security as a cost center and basic operational compliance requirement, rather than understanding that security is a strategic business enabler.
Annual revenue growth doesn’t mean much if you can lose it all in a single terrible day, and improving employee productivity is just a band-aid if those employees want out because they don’t feel safe at their workplace. But as long as security keeps being defined as the absence of bad things happening, it’s hard to demonstrate you’re doing a great job.
This makes it all too easy for a CFO to say, “Nothing happened last year; no need to spend more on security this year”—or even worse: “We’ve had zero incidents at this building; why are we spending money on security there?”
Now more than ever, security directors need to elevate their roles from operational management to strategic leadership. To get a proper seat at the table, security directors must be able to deliver a compelling, data-based case for the value of their initiatives to the organization and its employees.
Every department tells a story about how their work contributes to the success of the organization. Key performance indicators are the numbers that support this story. Good KPIs are hard data you can reliably collect and track over time.
The security director’s story is about preventing harm, protecting value, and improving peace of mind throughout the organization. KPIs that quantify that story might include:
KPIs enable security directors to clearly communicate the benefits that security brings to the business. They also give you reliable visibility into the progress and effectiveness of your security initiatives, so you can adjust and pivot as needed.
At Total Security Solutions, we specialize in custom ballistic security barriers. When we hear back from customers, they are typically most enthusiastic about the peace of mind their renovation creates: Having a ballistic barrier helps their staff feel safer and more comfortable at work.
This might seem hard to quantify: How can you put a number on feeling safe and secure? A good approach for tracking and quantifying peace of mind is similar to how marketers gauge customer satisfaction using the Net Promoter Score (NPS).
NPS often uses a single-question survey, for example: “On a scale of 0–10, how likely are you to recommend [company/product/service] to a friend or colleague?”
A safety-satisfaction score survey might accomplish something similar with a question like: “On a scale of 0–10, how likely are you to recommend our company to a friend as a safe place to work?”
People rating the company a 9 or 10 are “Safety Promoters.” They feel safe, trust leadership, and are more likely to contribute to a culture of safety by quickly reporting near-misses and issues. People assigning a 6 or less are “Safety Detractors.” They feel unsafe, believe production and profit are prioritized over people, and are less likely to report potential security problems.
If you take the percentage of respondents who are “Safety Promotors” and subtract from that the percentage who are “Safety Detractors,” you get a net safety-satisfaction score you can use to track peace of mind. A positive number is good, and anything more than 50 is great. A negative number or downward trend needs attention.
Good security measures increase safety while reducing the effort or expense required to respond. KPIs for quantifying this include MTTD / MTTR (Mean Time to Detect / Mean Time to Respond or Resolve) for incidents or average incident response effort in person-hours per incident. Downward-trending times in both cases indicate your staff is operating more efficiently.
Delay time is another good KPI: The longer you delay attackers’ entry, the more you decrease severity of an incident and increase the likelihood of neutralizing an attack before anyone is hurt.
It’s important to keep in mind that properly designed security solutions will also guide staff and visitor behavior, further reducing the likelihood and severity of security incidents. Policy/procedure compliance rates among staff and visitors—e.g., access control adherence, signing in and out properly, reductions in tailgating—all help tell this part of your security story.
The worst-case scenario in most cases is so bad, it’s impossible to quantify with just numbers. Consider the 2024 assassination of UnitedHealthcare CEO Brian Thompson—an incident at the forefront for many security directors we spoke to over the last year, as they worked to improve corporate security.
Setting aside the incalculable value of a human life, Thompson’s death cost UnitedHealthcare billions of dollars. That included both the direct cost of $1.7 million on increased security for personnel on top of at least $63 billion losses in market value. According to a shareholder lawsuit, UnitedHealthcare stock fell 33% due to the incident, erasing more than $150 billion in market value.
In that context, spending six figures now to secure a lobby or reception area is an excellent investment, given that it protects both human lives and the value and reputation of your organization.
KPIs commonly used to tell this story include:
Putting together these data to support your security planning story not only justifies current spending, but provides a compelling case for improvements you wish to implement over time.
At TSS, we embrace a systems approach to physical security. Our designers work with your teams and vendors to bring together interlocking elements that create layers of security.
On a per-person basis, this is certainly cost effective: A single investment that delays entry or prevents an attacker from finding their intended target keeps everyone in the building safer. To that end, we’re in the midst of rolling out a new line of ballistic security components optimized against the most recent threats, which both provides bullet resistance during an attack and substantially delays entry while minimizing the effects of vandalism, civil unrest, or attempted break-ins.
By taking a systems approach, TSS is uniquely able to ensure that the ballistic and physical barrier solutions we create increase security and comfort, while supporting your existing aesthetic decisions. These solutions can also help reinforce your preferred security policies and procedures without getting in the way of your regular business operations.
We’ve developed our business over the course of three decades and 30,000 projects, and our goal is to share our expertise with you. We are pleased to make free resources available to support you as you begin to determine your security needs and sketch out a plan for your goals.
This can be a daunting process, so if you have any questions, or are ready to begin moving forward with a project, please reach out to us. We are here to help.