In Depth

Metrics for Corporate and Physical Security Programs

CSOs count on physical security metrics to evaluate their organizations' performance and to communicate security's value to other business executives

By Tom Wailgum

February 01, 2005 — CSO — Metrics are measures that matter, providing evidence of performance both to experts and to interested observers.

That's why CSOs are hungry for them. It's not good enough to maintain a quiet, reliable security service until something goes wrong. Security executives want to understand how their operations are working and how they can improve. CEOs want to know how the security function is faring by looking at

the department's data. And metrics can provide the hard numbers and context on the performance of the security function, proving that nothing happening was the direct result of an effective security management program.

Key metrics vary by CSO, organization and industry. What's important to energy provider Georgia Power (federal regulation compliance, for example) may not be important to coffee purveyor Starbucks (armed robbery statistics, for example). "Metrics resist uniformity," says Dennis Treece, director of security for the Massachusetts Port Authority. "What works here may or may not work elsewhere."

Moreover, CSOs say that metrics don't always have to be straight-up numbers. Impromptu conversations with key executives can sometimes have just as much punch as a glitzy, chart-and-pie-graph show in the boardroom. "Clearly, statistics on their own don't make a very good read," says John Hedley, head of group security for food maker Nestlé. "You have to interpret them and put them into context."

Here is the story of four security executives in different industries who give a rare peek into the physical security metrics that are important to them, their CEOs and their organizations. Taken together, these data points and measurements help them keep a firm grip on the most important metric of all: How much confidence the rest of the organization has in the security department.Starbucks Tracks Everything That MovesTo Francis D'Addario, the connection between security metrics and how effective he is as CSO of Starbucks is simple: His mission to protect people, secure assets and contribute savings year over year is validated with key performance indicators.

Whether D'Addario, vice president of partner and asset protection at the $5.3 billion coffee and food retailer, is talking about physical assets (stores and equipment), liquid assets (cash and coffee) or human assets (employees and customers), using metrics is how he judges the success of his security group.

First and foremost on the priority list, D'Addario says, is the safety of people. The frequency of armed robberies at retail outlets, for example, is an important metric at Starbucks and within the retail industry. He says that since 1996, when there were 46 incidents per thousand Starbucks stores, there has been a steady decrease to a best-in-class 11 per thousand in 2004. D'Addario says Starbucks' numbers compare favorably to historic trends at similar outlets, such as quick-service restaurants (which have averaged 45 armed robberies per thousand) and convenience stores (125 per thousand). He uses metrics from uniform crime reports and industry associations.