The pre-Gala Luncheon segment of the Skills for Security 2007 National Conference ended with two excellent presentations, the first of which came courtesy of Mike Britnell (head of security at the Bank of England) who focused on security failure and its huge importance as a critical business issue.
What does the corporate business landscape of today look like? Britnell suggested that most organisations want to ensure profitable growth. No great surprise there, but interestingly there’s now a ‘corporate scorecard’ involving shareholders, employees and customers. “We need to be satisfying all parties when it comes to security provision,” explained Britnell.
In terms of the security landscape, there’s physical security, IT security, overarching security. The format is well known, but can be disparate in terms of how its managed.
“In my view,” stressed the former director of European security programmes at Johnson Controls, “security is best managed as a single unit. The strategy must recognise that all security disciplines are equally important. We cannot operate in corporate ‘stovepipes’ any longer.”
Britnell elaborated on a ‘security cycle’ for managers, at the heart of which lies communication and training involving customers, The Board and staff. “Managers must check compliance, monitor threats, analyse and manage risks, define their strategy and policy, set standards, manage operations and response and then establish projects for improvement.”
Next, Britnell arrived at the nub of what he wanted to say by quoting a classic example of security failure and its aftermath. “Imagine the scene. It’s a Boxing Day morning at a key Data Centre in the UK. A Centre protected by security officers. At the time, the world was asleep. Sadly, so were the management.”
Three men in balaclavas forced their way into the building and stole motherboards and CPUs (for which there is a burgeoning black market). “The security and IT people didn’t notice,” Britnell continued, “and as a result several global platforms were brought down. GB pound 500,000 worth of equipment had to be replaced, not to mention the several thousand pounds needed to rectify physical damage to the premises. Then there were the indirect financial costs, including loss of data business. Several partner organisations were thinking of suing.”
How do you calculate the cost of security failure? That’s the crucial question. “All security professionals must secure high-level Board buy-in for what they want to do,” added Britnell. “They need to select a team to deliver on their ideals, and make that team inclusive. Everyone must be included. Auditors, risk managers, senior IT professionals. Define your modus operandi. Look at direct costs first, then the indirect costs. Analyse your results.”
The total cost of failure
Once the total cost of any security failure has been determined, the security improvement strategy must be induced and firmly aligned with the organisation’s corporate goals. “Managers have to present their ideas well and gain approval for them. Again, the benefits of strategy alignment are key.”
Britnell concluded with a telling statement. “Security costs, but good security saves more. Security can enhance a company’s profits, but in order for buy-in to be achieved managers must talk the language of the Boardroom. Security is now very much a core strategic issue and, for their part, security managers are strategically aligned with corporate success.”
One wonders how that statement works in relation to facilities managers, procurers and IT folk tasked with managing security?
Next to the podium was Malcolm Baker, superintendent in the Metropolitan Police Service Counter-Terrorism Command (SO15), who proceeded to wax lyrical on the skills the security sector will need to harness in readiness for the 2012 Olympic Games.
Baker is currently working on two strands within specialist operations for the Games – co-ordination of the national search strategy and engagement with the private sector to enhance counter-terrorism efforts.
“Security failure is not an option for the 2012 Games,” said Baker. “We need to think about matters now. Four-and-a-half years will fly by pretty quickly, believe me.”
It has been assumed for some time that the police and private security sector will work together on safeguarding the event. Sydney 2000 was a classic example of how such a partnership can work well. “If there’s, say, a bomb threat, however,” stated Baker, “we need to be 100% sure of any security equipment brought in from the private sector and how security operatives will respond, as we are of our own operation. It’s fair to say that with responsibility comes accountability.”
Building a common picture
Today’s breed of terrorist includes radicals intent on mass fatality and casualties. They are indiscriminate and, unlike the IRA of old, no notice will be given by way of a coded warning.
“The terrorists want to stretch us,” opined Baker. “There are 100 venues being used for the 2012 Games. That being the case, what resilience capabilities will security companies need to impart to their members of staff?”
According to Baker, security provision has to be a joint effort – a partnership run in unison by the Olympic Delivery Authority, LOCOG, the police service and the private security sector. “Trust is going to be vital,” commented Baker. “Partners need to be able to rely on their partners.” He cited Party Political Conferences as good examples of successful joint working between the police and the private sector.
“Team Security needs to achieve collaboration,” continued the 26-year policeman, “for a safe and secure Games. It’s not going to be a case of police officers standing by gates. There will not be enough police available for that in any case. It’s not about police doing security work or vice versa. Rather, we need to make sure whatever security kit is used is compatible.”
Skills for Security’s director of research and development, Mike Burke – former deputy chief officer of the Port of Dover Police – told the assembled audience of practitioners what the organisation is doing for them at present, but first reiterated the fact that employers always need competent, appropriately skilled people. Employees require good jobs, career paths and opportunities for progression.
“At the moment we’re working on National Occupational Standards for key holding and response, biometric systems, information destruction and close protection,” added Burke. “We are also continually working alongside organisations including Skills for Business, the Learning and Skills Council, the Security Industry Authority, Edexcel, the National Open College Network, ASET, City & Guilds and JobCentre Plus. One of our own specialist projects is to help promote the employment of more women in the industry.”
Preparing for the future
The final speaker of the day was Jeff Worthy, regional employment engagement manager with JobCentre Plus in the Capital. Worthy’s employer boasts over 1,000 networked offices across the UK, and works with over 400,000 employers to place over 20,000 people into jobs each week. Apparently, there are 2,000 vacancies for security staff alone in London on a weekly basis.
As you would expect, Worthy’s polemic was very much London-based. He said that 50% of all workers in some areas will be from the ethnic minorities, with 8% of them accounting for all new entrants to the labour market. “These are important facts to bear in mind,” added Worthy. “Wherever possible, the security workforce should always reflect the customer and community bases it serves.”
A ‘pledge for the future’ came next, Worthy describing the importance of Local Employment Partnerships – an idea first developed by Prime Minister Gordon Brown. If an employer has, say, 100 vacancies, JobCentre Plus wants that company to set aside 20 places for “priority customers” such as the long-term unemployed. “This is a realistic ambition, and a neat way of demonstrating how JobCentre Plus can help industry. We cannot succeed without the support of industry leaders, though.”
Key themes of the day
David Greer offered a neat summation of the day to close official proceedings. “There are numerous skills challenges,” he said. “The general public’s expectation of what security companies can deliver is heightening. Regulation has added positively to that.”
Skills for Security’s chief executive added: “We need to reduce staff turnover in the sector, produce better-skilled managers and recognise – and adjust to – demographic change.”