When Bad Things Happen To Good Properties

Risk managers and insurers face various threats from premises liability. Some are looking to data-driven security to protect their buildings.

By Robert M. Figlio

Commercial properties have come a long way in the past 20 years. So-called “intelligent” buildings and industrial sites that make use of advances in technologies and design approaches have helped risk managers and insurers alike. The results are healthier environments, better safety and security for employees and visitors, and effective protection of such high-value assets as computer equipment, R&D labs, and distribution centers. This progress on the “hard” side of securing assets has helped achieve gradual reductions in premises injuries, losses and litigation.

And yet progress has been slower in other “soft” security-related areas — such as putting in place processes that will reduce liability issues related to inadequate security and help companies and their insurers defend premises liability lawsuits.

Design-in Security

Technology has been the friend of property owners and their insurers. Whether in new construction or renovation and retrofit projects, sophisticated environmental systems – life safety, HVAC, and security – are being installed, integrated and controlled centrally. The results are almost invariably a secure and cost-efficient environment. Particularly for building and site security, electronic access and video and sensor surveillance systems that have been installed by design and not as an after-thought provide a consistent level of security upon which security directors can build a site-wide and ultimately a company-wide security program.

A second “design-in” approach to facility and security management is the partnership between security consulting and architectural firms. Such collaboration focuses on identifying and addressing design issues that impact building and site security and safety. This includes lobby and hallway design and lighting, vehicular and pedestrian traffic patterns in common areas, external and internal lighting systems, and access control.

A third encouraging trend is the “value partnership” between the consulting arms of insurers and the commercial property owners and businesses they represent. The “risk engineering” consulting services provided by insurers are helping commercial and industrial firms understand the potential impacts of security and safety issues. Because risk involves such basic and explicit financial issues as premium costs, deductibles and risk reserves, companies listen and take recommendations for remedial programs seriously. This further reduces incident occurrence and liability exposure.

External Forces

Of course, intelligent buildings and state-of-the art business and industrial parks are not fortresses. Unless located in extremely remote environs, they are accessible from neighborhoods through which traffic regularly passes, and from which crime against people and property is inevitable.

The old question of whether good businesses should consider moving near or into high-risk communities used to be answered with a summary “No.” However, throughout Canada and the United States today, the answer is a qualified “Yes” in that densely-populated urban and suburban neighborhoods, areas where crime can be significant, are also the source of qualified workers and proximate to land, air, and water transportation routes.

So the challenge for businesses, risk managers, insurers, and security directors is to “manage” crime threats and the risks they represent – both in terms of property loss and injury to people and the inevitable litigation that follows a serious incident. The encouraging trend is that risk management and security professionals are advocating “design-in” proactive approaches to managing external crime threats. These include:

  • Using crime prediction technologies,
  • applying high-tech approaches to security “information” management,
  • adopting new perspectives on premises liability and litigation defense.

Tackling Crime Threats

“Intelligent” security programs, much like intelligent buildings, must be designed to manage specific external and internal environments. A cookie-cutter approach to security will inevitably fail because it cannot adequately address types and levels of threats specific to the site’s neighborhood and its current and predicted crime vulnerability.

Statistics Canada and local police crime data are easily obtained sources of historical crime data. Over the years, such data have been commonly used in site selection. However, both sources are flawed because at any given point they are out of-date and are based on widely varying practices in how law enforcement classifies and reports criminal incidents. Even more problematic is that raw crime data reflect only past crime. They do not reflect socio-economic factors that influence the occurrence of crime and, more importantly, the future occurrence of crime.

There are other tools available to risk managers in such fields as distribution centers, retail outlets or corporate facilities. CAP Index started exploring solutions to this problem over a decade ago. We have developed, extensively tested, and validated a site-specific crime vulnerability prediction technology to address the problems and needs detailed above. CAP’s CRIMECAST technology includes, but goes beyond, official public crime data by incorporating not only national and local crime statistics, but 21 demographic and neighborhood variables as well. CAP Index’s CRIMECAST crime prediction services model a wide variety of factors, including average income, transience, average age, educational level of the population, housing conditions, family structure and several crime measures to determine a neighborhood’s level of “social disorganization” and, therefore, the likelihood of various types of crime that may occur there. This expansive database covers all of Canada and the United States down to individual blocks, block groups and census tracts.

Data-Driven Security

Use of crime prediction technology has helped trigger a new approach to site security. The term “data-driven security” was first introduced in the late 1990s to suggest the importance of linking specific levels and types of security to specific levels and types of threats, and then using information technology tools to keep track of the security program’s effectiveness in mitigating the threats.

The courts have been helpful in advancing the cause of data-driven security. They have gradually been defining the “standards” of what does and does not represent “adequate security” in light of foreseeable threats. Critical burdens of proof for businesses are the abilities to:

  • demonstrate that you know the threat levels and security incident history of a property and the neighborhood around it; and
  • document the existence of a security program that is commensurate with the threat environment and the property’s vulnerability to those threats.

Security information management tools are becoming popular because they enable security directors to assess, track, and make informed decisions about security at each property and – equally as important – across properties. The availability of reliable security information speaks volumes to a company’s commitment to security and safety.

Data-driven security programs differ from other security programs in that they incorporate rigorous analytic and information management tools as well as formal planning and measurement disciplines. Data-driven security programs include:

  • External crime prediction studies for each property. Annual updates provide, over time, a trend line mapping crime and demographic changes in each neighborhood.
  • Electronic Security site survey. Conducting site surveys using security risk software enables the security practitioner to capture in great detail a site’s security and safety vulnerabilities, and then to evaluate the most cost-effective proactive security measures for each vulnerability.
  • Security design. New construction as well as site retrofits provide a bottoms-up “design-in” opportunity in which optimal security features can be seamlessly integrated into the property’s lay-out, architecture, and environmental controls.
  • Security Strategic Plan. An annual security strategic plan articulates performance objectives and financial targets in such critical areas as the reductions of losses, claims, and premises-based litigation.
  • Internal security information management. Security information management software makes it possible to track security incidents, system and staff effectiveness, and all costs associated with incidents.

Premises Liability

Arguably, the single most powerful factor working in a plaintiff’s behalf in a premises liability case is the inability of a security director or property manager to document convincingly that appropriate security measures were in place at the time of the incident. This documentation includes not only the operational aspects of electronic security systems, but also the reporting of responses to relevant incidents. Management’s ignorance of threats and risks in the defense of a premises lawsuit can be just as damaging to the defense as management’s knowledge of a potentially harmful situation which is not followed by security intervention.

Data-driven security programs address and neutralize this issue and, in effect, become a company’s strongest defense in liability issues.

The concept of “design-in” security is important because it represents a professional, and rigorously analytical approach to security risk management. Security, just like the formal discipline of risk management, is not likely to achieve the ultimate goal of totally eliminating risk or preventing all property loss or harm to people. However, it can be part of a calculated business process aimed at understanding and managing all foreseeable risk.

Designing-in security safeguards along with security information management processes and tools enables businesses and organizations to understand the types and severity of threats they face, the risks they represent and the costs of managing those risks. In this sense, security means business.

Robert Figlio, Ph.D., is co-founder and chairman of CAP Index, Inc., located in Exton, PA, outside of Philadelphia. He frequently provides expert witness and research services in support of premises liability litigation. Learn more at www.capindex.com.