Maslow’s Hierarchy of needs begins with humanity’s most basic needs and builds from there until we reach our most satisfied self. After our most basic physical needs (air, food, water, sleep), the need for safety is the second most critical stage to our wellbeing. Whether or not we believe in Maslow’s theory, we can all agree that on its surface this makes sense, whether we are talking about ourselves, our families, our businesses, or our community.
This concept also illustrates a dilemma that many clients face when developing a security program that protects its people, reputation and other assets. What is safety? What is security? Are they synonymous words and concepts? What difference does it make?
Let’s start with an accepted definition. According to the Webster’s Collegiate Dictionary, safety is the “the condition of being safe from undergoing or causing hurt…to protect against a failure, breakage or hurt…a device that prevents a piece of military apparatus from being fired accidentally.” The same reference defines security as “A quality or state of being secure…free from fear or anxiety…protection…to make safe…guard or shield…to relieve from exposure to danger.” They sound almost the same, but they are not. Safety measures are created to protect people and property from injury or loss by circumstance, accident, or negligence. Security measures are created to protect people and property from injury or loss by deliberate actions taken by people.
In our world, safety events happen by accident while security events happen on purpose. The difference is people and intent. People cause security events, and a security program must provide effective guardianship to protect the people, reputation, and infrastructure of your organization. This distinction is critical to understanding the role security must play in your organization and how an effective security program is a comprehensive blending of people, processes, and technology.
Have you ever wondered why there are so many safety regulations and organizations – such as OSHA, FDA, EPA, and others – and yet very few security-related regulations? It’s all about people and intent. People with fiduciary responsibility – governments, management, and leadership – have a moral responsibility to plan for and protect constituents from circumstance, accident, or negligence. As an economy based on a free market, our success is based on the decisions we make every day with the overall objectives of growth, profitability, sustainability, and possibly legacy. Security is a loss-driven and litigation-driven industry that relies on foreseeability, industry standards, and the real possibility of significant economic loss. If there is a moral responsibility in the security arena, it is to the owners, employees, and customers.
Most businesses include a diverse cross-section of people, including employees, contractors, customers, guests, community partners, and others. In addition to the human assets of the organization, there are hard and soft assets that are critical to its operation. Hard assets include buildings, equipment, and supplies; soft assets include reputation, personal information, and research. Effective security programs are a comprehensive blending of the people, processes, and technology in a manner that enhances operations and supports the culture. Programs need to be based on “real” threats, the probability of those threats becoming reality, and the threat to the organization if individual threats are realized.
Too often security program are viewed as overhead costs to the organization, but that is misleading. Security programs are actually money retainers for an organization. They allow the organization to retain the dollars that would have been lost due to turnover, poor morale, internal and external theft and misappropriation, sabotage, industrial espionage, and other deliberate actions that a sound security program seeks to prevent.
From Maslow’s hierarchy of needs, there is little question that safety as a state of being is critical to each of us individually and collectively. When the term “safety” is used a generic term for security, it changes the dynamic and challenges management’s ability to put in place the best countermeasures to change the behaviors of persons intent on causing injury or loss to company assets. The differentiation is important and often misunderstood by management and even practitioners. Safety professionals require a distinct set of skills and knowledge with the intention of preventing injury or loss due to circumstance, accident, or negligence. Although security is also the prevention of injury or loss, it is predicated on the fact that there is a desirable asset, a motivated person who wants that asset, and the perception by that motivated person that there is a lack of guardianship over the asset. This defense requires a very different set of skills and experience. Rarely can one person possess the breath of skills and experience to effectively manage both safety and security. If one program is going to suffer, it is usually security because legislation drives safety.
A typical organization loses 5% of revenue per year according to the Association of Certified Fraud Examiners, 2012 Report to the Nations on Occupational Fraud and Abuse. What is the effect on your organization?
Asset + Desire + Opportunity = Loss and/or Injury