With the many benefits they provide, security monitoring systems are an essential investment for any business. By installing CCTV cameras, alarm systems, and other security equipment, you better ensure the safety of staff and customers, protect inventory from theft, and prevent property damage – all of which strengthens business continuity. Additionally, you can use your security monitoring setup to improve business operations, e.g., using camera footage to better understand customer movements around a store to optimize product placement.
However, an understated benefit of security monitoring systems for businesses is their role in reducing your company’s insurance costs and liability. By identifying and assessing possible security threats, and implementing measures to present them, you demonstrate due care and reduce your risk exposure – which can potentially save you significant amounts of money in the long term, as well as preserve your hard-earned reputation.
With this in mind, let’s explore how security solutions can help your company reduce its insurance costs and its level of liability.
The Business Case for Security Monitoring
While there are several perspectives from which to view the benefits of monitoring systems, let’s focus on the business case for implementing, or improving, the security solutions within your company.
Security Risks Faced by Businesses in the Modern Era
Some of the most common risks that companies face in the current business landscape include:
Theft: this includes theft of product inventory, equipment, and sensitive information
Vandalism: including property damage, e.g., graffiti or broken windows, and arson
Insider risk: this refers to both malicious intent, such as employee theft and exfiltrating private or proprietary data, and human error, such as failing to follow security protocols or not adequately securing data and/or IT infrastructure.
Regulatory non-compliance: it’s growing increasingly important for companies to comply with data privacy regulations, such as GDPR and PCI DSS. Subsequently, if companies don’t implement the appropriate measures, including security monitoring, they’ll be non-compliant with regulations relevant to their industry. As non-compliance can carry financial consequences, this increases a company’s exposure and must be factored into its risk model.
Cyber threats: although employing more digital tools makes companies far more efficient and competitive, they also increase the risk of suffering a cyber-attack. This could include data breaches, malware (viruses, Trojan horses, etc.), and denial of service (DoS) attacks.
Each of these risks needs to be identified, assessed, and prevented to the best of your ability to ensure they don’t disrupt business operations, harm your reputation, and, ultimately, cause financial losses.
Financial Impact of Security Breaches
Clearly conveying the financial consequences is a great way to ascertain the potential impact of suffering a security breach. Additionally, if you’re in a position within your company where you need buy-in from stakeholders to improve your security measures, expressing risk and the consequences of it being realised in monetary terms is an excellent way to increase their understanding and gain their cooperation.
The financial impact of security can be divided into tangible and intangible losses; let’s look at each in closer detail.
Tangible Losses
These refer to direct financial costs, such as
- Replacing stolen products or equipment
- Repairing damaged property
- Reimbursing affected customers and clients
- Legal fees
- Regulatory fines
- Customer or client compensation (if they’re negatively impacted by your non-compliance)
Intangible Losses
Intangible financial losses are harder to quantify – and may build up over time. They include:
- Reputational damage: customers, and perhaps partners and suppliers, losing trust in your ability to avoid security breaches may diminish or end their business relationship with your company.
- Staff turnover: if your employees feel their safety is threatened, they’ll soon find another place to work. This not only causes your company to lose valuable assets which would have contributed to its growth, but you incur more costs in recruiting, onboarding, and training new staff.
Security Monitoring as a Proactive Measure
One of the most compelling business cases for security monitoring is that it changes how you address security risks. Implementing a security monitoring system allows you to evolve from a reactive approach, where you’re forced to merely react to security incidents, to a proactive approach, where you anticipate risks and implement prevention measures in advance.
The first step in preventing risk factors is identifying them, which is achieved through a security risk assessment. This assessment will help you evaluate the vulnerabilities of your business premises, existing security measures and their effectiveness, and what further solutions to implement to reduce risk.
Security Monitoring and Insurance Costs
Let’s move on to exploring how security monitoring relates to your insurance coverage and how implementing the appropriate security measures can reduce your company’s insurance costs.
The Role of Security Measures in Insurance Policies
Before issuing your company a policy, the insurance provider will analyse your potential vulnerabilities to create a risk profile for your business. Implementing security measures reduces your risk exposure and, consequently, influences the cost of your insurance coverage.
How Insurers Assess Risk
Insurance companies assess risk by evaluating all the factors that contribute to the probability of you having to make a claim and, subsequently, they having to pay out on that claim. This process is known as actuarial analysis and involves an insurance company employee, called an actuary, gathering as much data as they can to determine your risk profile.
This includes:
- Company details: including the scope of its operations, your industry, the products and services you offer, number of employees, etc.
- Location: the higher the crime rate where your business is located, the higher the risk of a security incident
- Insurance history: whether you’ve made past claims, for what reason, and how frequently.
- Risk exposure: the security risks your company faces based on its operations, location, history, etc.
- Security measures: what measures do you have to mitigate these risks?
After completing this actuarial analysis, the insurance company will pass your policy application (or policy review, as insurance companies frequently reassess your risk profile) to an underwriter. An insurance underwriter evaluates all the information gathered by the actuary and decides on, firstly, if their company is willing to insure you at all, the extent of your coverage, and how much your premiums will be.
How Security Monitoring Influences Your Company’s Risk Profile
With security monitoring in place, your company is less exposed to the risks it faces. Security systems deter criminal activity and provide the means to prevent it from occurring, which reduces the likelihood of security breaches. As a result, insurers are more likely to offer lower insurance premiums and more comprehensive coverage.
Potential Savings on Insurance Costs
Installing security monitoring systems could lower the cost of premiums for three types of insurance policies:
Property insurance: effective security monitoring reduces the risk of break-ins, vandalism, and arson, lowering commercial property insurance costs.
General liability insurance: the more secure your premises, the lower the likelihood of criminal incidents that could result in liability claims.
Cyber insurance: cyber insurance has become increasingly important for businesses and, subsequently, installing cybersecurity solutions could lower premium costs.
Typically, installing a security system saves you 5 – 20% on your insurance costs, though this depends on the insurer, your company’s risk profile, etc. If your insurer isn’t willing to offer you a discount after you’ve installed security monitoring systems, it’s worth shopping around for a company that will.
How Security Monitoring Mitigates Liability
Liability refers to your company’s legal responsibility for any harm or damage caused to individuals, businesses, or property due to your actions or negligence.
This typically happens in one of three ways:
- If an individual or business suffers harm on your premises or as a result of your services
- If an individual or business suffers property damage as a result of your services
- If an individual or business suffers harm as a result of your products
Subsequently, security monitoring helps protect you from the first two types of liability listed above in the following ways:
- By deterring and preventing criminal activity, you better protect customers, staff, and suppliers from physical and mental injury you could later be liable for.
- By preventing theft of your inventory, you ensure better business continuity. This avoids situations where you can’t deliver your contracted products and services – affecting your customer’s business activities, which you could later be liable for.
- Security breaches could lead to losing the sensitive data you hold on customers, suppliers, partners, etc., which you could later be liable for.
Additionally, though this doesn’t count as a security incident, monitoring systems – namely, security cameras, are indispensable for proving whether someone suffered an injury on your property from an environmental hazard. For instance, an individual may claim to have slipped or tripped on your premises and demand compensation. The footage from well-positioned security cameras will help determine if they’re telling the truth – which could save you significant sums of money if their claims are false.
Legal Consequences of Security Breaches
The potential legal consequences of suffering a security breach depend on the nature of the incident and the extent of your implemented security measures. This is because every organisation has a duty of care to ensure people’s safety while on their premises, deliver the product or service they’ve been paid for, and secure the data of its customers and supply chain partners.
On one hand, if an individual were to suffer harm from criminal activity, for example, being assaulted during a robbery or injured during an act of vandalism, they could bring a general liability case against your company. If they were to win the case, you could be liable to pay them compensation for their injuries.
Additionally, if you lose your customers’ sensitive information in a security breach because you failed to implement sufficient security monitoring, you could be liable for the negative consequences of failing to protect their data. If, for instance, an affected customer goes on to have a security breach due to your data breach, they could seek compensation from you.
You may also face legal consequences from regulatory bodies if your lack of security monitoring made you non-compliant with their standards. This typically involves a fine – in addition to the compensation paid to customers. For example, non-compliance with General Data Protection Regulation (GDPR), which applies to any Australian business that handles data from EU citizens, can result in a fine of up to 4% of annual worldwide turnover.
Worse still, depending on the nature of the security breach – and your lack of due care – you may face other consequences. Non-compliance with the Payment Card Industry Data Security Standard (PCI DSS), required for any business that accepts card payments, may lead to limitations on your processing capabilities. In the worst case, your card payment processing abilities may be terminated altogether – in addition to significant monthly fines.
The Role of ‘Due Care’ in Liability Cases
‘Due care’, or due diligence, refers to the measures a company should take to safeguard the people on its premises and secure its assets and data. In a liability case, the extent to which your company exercised due care will be evaluated and help decide whether you’re liable for the security breach.
How Effective Security Monitoring Demonstrates Due Care
Implementing a security monitoring system demonstrates that your business was proactive in protecting the people and data it’s responsible for.
Firstly, the security assessment conducted as a prerequisite for installing security solutions documents your efforts to identify your company’s risk factors and determine the best ways to mitigate them. Subsequently, your implementation of security monitoring proves that you used the findings from the security assessment to select the most effective security solutions for your risk profile.
Additionally, some security monitoring systems allow you to record or log events that could be used to further demonstrate due care. The best example is security cameras, which allow you to record and store footage from live feeds. Similarly, access control systems record a log of everyone who enters the premises, where they ventured, and at what times. This creates an audit trail that can be used in investigations and demonstrates a concerted effort to mitigate various security risks.
Implementing Effective Security Monitoring
Aspects of a Robust Security Monitoring System
To best prevent the full range of risks present in the digital era, you need to account for both physical security risks and cybersecurity risks.
Physical Security Measures
Physical security monitoring components include:
Surveillance cameras: i.e., CCTV, these can be self-monitored or professionally monitored 24/7 by a professional security provider. Cameras these days can include sirens, lights & pre-recorded messages to deter.
Alarm systems: typically comprised of a series of sirens and motion sensors connected through a central control panel, alarm systems draw attention to intrusions with a loud, persistent alert.
Access control systems: these require individuals entering your premises to identify themselves with a credential, such as an access card, or entering a pin or the use of bluetooth. Access control systems also mitigate risk by requiring guests to identify themselves to obtain a temporary credential for entry.
Fences: the physical structure around your premises that mark its boundary. While firm, well-maintained fencing communicates a strong security posture – thereby acting as a deterrent, weak fencing in disrepair displays vulnerabilities.
Lighting: criminals rely on dark places to reduce their visibility as they attempt to break into your premises. The right lighting, such as motion-activated floodlights, illuminates dark places and makes them more conspicuous. Just as importantly, ensuring the areas on the approach to your business, and areas like stairwells and car parks, are well illuminated makes your staff feel much safer if they leave at night.
Cybersecurity Measures
Cybersecurity is a vast subject, and the best measures for addressing cyber threats depend on your company’s situation and risk profile. Here are some of the most common measures for preventing cybersecurity risks:
Firewalls: hardware or software that sits between your network and the internet, inspects data for cyber threats, and blocks them
Intrusion detection systems: also called IDS tools, these look for signs of unauthorised entry into your network and alert your IT personnel
Anti-malware: software that detects malware, such as viruses, and eliminates it.
Encryption: measures that make sensitive data unreadable if it’s stolen or intercepted. You possess the encryption key that returns the data to its original form.
Regular software updates: also known as patch management, applying updates to applications when they become available ensures you’re protected against its discovered vulnerabilities (i.e., software developers release patches, or fixes, when they find security flaws in their products
Access control: as well as physical access control, logical access control, which is applied to your IT network, determines who can access sensitive data and systems.
Choosing the Right Security Service Provider
Essential Features to Look For in a Security Company
Ability to Match Solutions to Needs: a competent security company won’t attempt to sell you a security system without a thorough understanding of your security flaws and, subsequently, your security requirements. Your security company should begin with a security assessment to accurately understand your needs.
Reliability: it’s crucial your security provider is reliable, which means they receive and respond to security alerts as quickly as possible. This is especially important if you subscribe to a 24/7 monitoring service, as they must be relied upon to watch over your property around the clock. It’s also important they provide you with reliable equipment and strive to ensure it remains reliable through regular testing and maintenance.
Cost and Contract Length: what are the costs of the security service, and what does it entail? Also, are you locked into a contract when you sign up for their services – and how long for?
Evaluating the Track Record of Security Providers
Just as insurance companies will assess your track record of security breaches and insurance claims, you must evaluate the track record of security companies. You can determine a security company’s track record of customer satisfaction by searching for independent reviews of their service online (as opposed to testimonials they publish on their own website). Customers will often go into detail about their dealings with a security company, especially if the experience was negative, so you’ll find out quickly if they’re unreliable and/or treat their clients poorly.
Additionally, 24/7 security monitoring centres are assessed by the Australian Security Industry Association Limited (ASAIL), which enforces standards through regular audits. ASAIL evaluates security monitoring companies on the quality of their infrastructure (including their installed physical security measures), communication protocols, and the reliability of their systems – including redundancy measures. This makes an ASAIL rating a good indicator of a security company’s track record, with A1 being the highest grade awarded by ASAIL.
Security Monitoring as Part of a Comprehensive Risk Management Strategy
Here are a few ways to integrate security monitoring into your company’s overall risk management strategy.
Regular Testing and Assessment of Security Measures
You should test your security measures regularly to ensure they function as intended and will actually work in the event of a criminal incident. Whether you test your security systems weekly, monthly, quarterly, etc., depends on their scope and complexity, as well as your risk profile.
Additionally, you should periodically perform fresh risk assessments to reevaluate your entire risk posture. These should be performed annually or when you make significant changes to your business processes.
Employee Security Awareness Training
Without adequate security awareness training, employees may not understand how their actions can increase security risk. In light of this, it’s vital to educate your staff on security risks in their environment, teach them your security protocols and how to follow them, and train them to identify risks and how to report them. Investing in employee security awareness underpins your investment in your monitoring systems, as your staff are less likely to unintentionally undermine your implemented security solutions.
Coordinating Security Efforts with Insurance Providers
Where possible, include your insurance provider in the security assessment process by asking which security measures will help you reduce liability and lower coverage costs. You can also pass on any requirements from your insurance company to a security company, who’ll consider them as part of their assessment and help implement solutions that best match your needs.
Summary
To recap and summarise:
- Some of the most common risks that companies face in the current business landscape include:
- Theft
- Vandalism
- Insider risk
- Regulatory non-compliance
- Cyber threats
- Understanding the financial consequences is a great way to ascertain the true potential impact of a security breach – as well as obtain buy-in from stakeholders.
- The financial impact of security can be divided into tangible and intangible losses:
- Tangible losses, i.e., direct financial costs, include:
- Replacing stolen products or equipment
- Repairing damaged property
- Customer and client reimbursement and compensation
- Legal fees
- Regulatory fines
- Intangible losses are harder to quantify and include reputational damage and staff turnover.
- Tangible losses, i.e., direct financial costs, include:
- To assess risk, insurance companies evaluate all the factors that contribute to the probability of you having to make a claim and, subsequently, their having to pay out on that claim, i.e., actuarial analysis, which includes:
- Company details: your industry, products and services you offer, no. of employees.
- Location
- Insurance history
- Risk exposure
- Security measures
- An underwriter then evaluates this information to determine the cost of your insurance policy
- Implementing security monitoring systems could potentially lower three types of insurances costs by 5 – 20%:
- Property insurance
- General liability insurance
- Cyber insurance
- Liability refers to your company’s legal responsibility for any harm or damage caused to individuals, businesses, or property as a result of your actions or negligence. Subsequently +, security monitoring helps reduce your business’ liability by:
- By deterring and preventing criminal activity, you better protect customers, staff, and suppliers from physical and mental injury
- By preventing inventory theft, you ensure better business continuity – and maintain your duty to deliver your contracted products and services as promised.
- By preventing the loss of the sensitive data you hold on customers, suppliers, partners, etc.
- Every organisation has a duty of care to ensure people’s safety while on their premises, deliver the product or service they’ve been paid for, and secure the data of its customers and supply chain partners.
- The legal consequences of security breaches can include:
- Compensation
- Regulatory fines and other punitive action., e.g. suspension of operational activities
- Due care refers to the measures your company should take to safeguard the people on its premises and secure its assets and data. Subsequently, implementing security monitoring systems demonstrates that your business performed due care in securing and protecting the people and data it’s responsible for.
- You need to account for both physical security risks and cybersecurity risks to best secure assets and data.
- Physical security monitoring components include:
- Surveillance cameras
- Alarm systems
- Access control systems
- Fences
- Lighting
- Cybersecurity measures include:
- Firewalls
- Anti-malware
- Encryption
- Regular software updates
- Access control
- Here are a few ways to integrate security monitoring into your company’s overall risk management strategy:
- Regular testing and assessment of security measures
- Employee security awareness training
- Coordinating security efforts with insurance providers
For a comprehensive, up-to-date evaluation of your company’s security risks – and to discuss how to best reduce your insurance costs and liability, schedule your security assessment with Pacific Security Group.
