Risk managers and insurers face various threats from premises liability. Some are
looking to data-driven security to protect their buildings.

By Robert M. Figlio

Commercial properties have come a long way in the past 20
years. So-called “intelligent” buildings and industrial sites that make use of
advances in technologies and design approaches have helped risk managers and insurers
alike. The results are healthier environments, better safety and security for employees
and visitors, and effective protection of such high-value assets as computer equipment,
R&D labs, and distribution centers. This progress on the “hard” side of
securing assets has helped achieve gradual reductions in premises injuries, losses and litigation.

And yet progress has been slower in other “soft”
security-related areas — such as putting in place processes that will reduce liability issues related
to inadequate security and help companies and their insurers defend premises liability lawsuits.

Design-in Security

Technology has been the friend of property owners and their
insurers. Whether in new construction or renovation and retrofit projects, sophisticated
environmental systems – life safety, HVAC, and security – are being installed,
integrated and controlled centrally. The results are almost invariably a secure and
cost-efficient environment. Particularly for building and site security, electronic access
and video and sensor surveillance systems that have been installed by design and not as an
after-thought provide a consistent level of security upon which security directors can
build a site-wide and ultimately a company-wide security program.

A second “design-in” approach to facility and
security management is the partnership between security consulting and architectural
firms. Such collaboration focuses on identifying and addressing design issues that impact
building and site security and safety. This includes lobby and hallway design and
lighting, vehicular and pedestrian traffic patterns in common areas, external and internal
lighting systems, and access control.

A third encouraging trend is the “value
partnership” between the consulting arms of insurers and the commercial property
owners and businesses they represent. The “risk engineering” consulting services
provided by insurers are helping commercial and industrial firms understand the potential
impacts of security and safety issues. Because risk involves such basic and explicit
financial issues as premium costs, deductibles and risk reserves, companies listen and
take recommendations for remedial programs seriously. This further reduces incident
occurrence and liability exposure.

External Forces

Of course, intelligent buildings and state-of-the art
business and industrial parks are not fortresses. Unless located in extremely remote
environs, they are accessible from neighborhoods through which traffic regularly passes,
and from which crime against people and property is inevitable.

The old question of whether good businesses should consider
moving near or into high-risk communities used to be answered with a summary
“No.” However, throughout Canada and the United States today, the answer is a
qualified “Yes” in that densely-populated urban and suburban neighborhoods,
areas where crime can be significant, are also the source of qualified workers and
proximate to land, air, and water transportation routes.

So the challenge for businesses, risk managers, insurers,
and security directors is to “manage” crime threats and the risks they represent
– both in terms of property loss and injury to people and the inevitable litigation
that follows a serious incident. The encouraging trend is that risk management and
security professionals are advocating “design-in” proactive approaches to
managing external crime threats. These include:

  • Using crime prediction technologies,

  • applying high-tech approaches to security “information” management,

  • adopting new perspectives on premises liability and litigation defense.

Tackling Crime Threats

“Intelligent” security programs, much like
intelligent buildings, must be designed to manage specific external and internal
environments. A cookie-cutter approach to security will inevitably fail because it cannot
adequately address types and levels of threats specific to the site’s neighborhood
and its current and predicted crime vulnerability.

Statistics Canada and local police crime data are easily
obtained sources of historical crime data. Over the years, such data have been commonly
used in site selection. However, both sources are flawed because at any given point they
are out of-date and are based on widely varying practices in how law enforcement
classifies and reports criminal incidents. Even more problematic is that raw crime data
reflect only past crime. They do not reflect socio-economic factors that influence the
occurrence of crime and, more importantly, the future occurrence of crime.

There are other tools available to risk managers in such
fields as distribution centers, retail outlets or corporate facilities. CAP Index started
exploring solutions to this problem over a decade ago. We have developed, extensively
tested, and validated a site-specific crime vulnerability prediction technology to address
the problems and needs detailed above. CAP’s CRIMECAST technology includes, but goes
beyond, official public crime data by incorporating not only national and local crime
statistics, but 21 demographic and neighborhood variables as well. CAP Index’s
CRIMECAST crime prediction services model a wide variety of factors, including average
income, transience, average age, educational level of the population, housing conditions,
family structure and several crime measures to determine a neighborhood’s level of
“social disorganization” and, therefore, the likelihood of various types of
crime that may occur there. This expansive database covers all of Canada and the United
States down to individual blocks, block groups and census tracts.

Data-Driven Security

Use of crime prediction technology has helped trigger a new
approach to site security. The term “data-driven security” was first introduced
in the late 1990s to suggest the importance of linking specific levels and types of
security to specific levels and types of threats, and then using information technology
tools to keep track of the security program’s effectiveness in mitigating the threats.

The courts have been helpful in advancing the cause of
data-driven security. They have gradually been defining the “standards” of what
does and does not represent “adequate security” in light of foreseeable threats.
Critical burdens of proof for businesses are the abilities to:

  • demonstrate that you know the threat levels and security incident history of a
    property and the neighborhood around it; and

  • document the existence of a security program that is commensurate with the threat
    environment and the property’s vulnerability to those threats.

Security information management tools are becoming popular
because they enable security directors to assess, track, and make informed decisions about
security at each property and – equally as important – across properties. The
availability of reliable security information speaks volumes to a company’s
commitment to security and safety.

Data-driven security programs differ from other security
programs in that they incorporate rigorous analytic and information management tools as
well as formal planning and measurement disciplines. Data-driven security programs include:

  • External crime prediction studies for each property. Annual updates provide, over
    time, a trend line mapping crime and demographic changes in each neighborhood.

  • Electronic Security site survey. Conducting site surveys using security risk
    software enables the security practitioner to capture in great detail a site’s security and safety
    vulnerabilities, and then to evaluate the most cost-effective proactive security measures for each

  • Security design. New construction as well as site retrofits provide a bottoms-up
    “design-in” opportunity in which optimal security features can be seamlessly integrated into
    the property’s lay-out, architecture, and environmental controls.

  • Security Strategic Plan. An annual security strategic plan articulates performance
    objectives and financial targets in such critical areas as the reductions of losses, claims, and
    premises-based litigation.

  • Internal security information management. Security information management software
    makes it possible to track security incidents, system and staff effectiveness, and all costs
    associated with incidents.

Premises Liability

Arguably, the single most powerful factor working in a
plaintiff’s behalf in a premises liability case is the inability of a security
director or property manager to document convincingly that appropriate security measures
were in place at the time of the incident. This documentation includes not only the
operational aspects of electronic security systems, but also the reporting of responses to
relevant incidents. Management’s ignorance of threats and risks in the defense of a
premises lawsuit can be just as damaging to the defense as management’s knowledge of
a potentially harmful situation which is not followed by security intervention.

Data-driven security programs address and neutralize this
issue and, in effect, become a company’s strongest defense in liability issues.

The concept of “design-in” security is important
because it represents a professional, and rigorously analytical approach to security risk
management. Security, just like the formal discipline of risk management, is not likely to
achieve the ultimate goal of totally eliminating risk or preventing all property loss or
harm to people. However, it can be part of a calculated business process aimed at
understanding and managing all foreseeable risk.

Designing-in security safeguards along with security
information management processes and tools enables businesses and organizations to
understand the types and severity of threats they face, the risks they represent and the
costs of managing those risks. In this sense, security means business.

Robert Figlio, Ph.D., is co-founder and chairman of CAP Index, Inc., located in Exton, PA,
outside of Philadelphia. He frequently provides expert witness and research services in support of premises
liability litigation. Information at www.capindex.com
and contact Dr. Figlio at [email protected].