Selling security is not easy due to competing expenditures, coupled with the fact that Australia is essentially a safe place in terms of the overall threat environment. However, there are some sobering issues on the security horizon in terms of terrorism, cybercrime and corruption, along with declining socio-economic conditions, which play into a decreasing sense of community in Australia. Technological advancement also guarantees a dynamic security landscape and encourages ongoing demand for security.
According to Charles A. Sennewald, two important characteristics necessary for long-term success in the field of security are integrity, closely followed by the quality of work. He also considers there is a need for a calm self-confidence in the midst of problems and that obstacles bound together by a determination to succeed were key components of success in the field of security.
Unfortunately, the security spend is often made on a reactive rather than a proactive basis. In the author’s experience, most medium- to small-sized businesses either have no security management plan or, if they do, have an inadequate plan in place in order to identify the threats and guide their security spend. For the purposes of this article, a traditional definition of security will be used, which might be the provision of services for the protection of people, information and assets for individual wellness and community safety.
In order to sell security, providers need to remain well informed about security developments and have a clear understanding of what it is they are selling in order to implement cost-effective outcomes. Professional conduct and life-long learning is critical to this end. Providers in the industry can be held accountable for advice given, which in turn introduces the potential for litigation.
Many security clients are not fully cognisant of what their security requirements are in order to reduce specific security threats. Often, security solutions are recommended to clients without any real consideration of the actual threats or risks, but are designed to play into the perception of safety in the client’s mind.
Furthermore, security is often considered a cost centre rather than a profit centre, with the security budget being the first to be reduced when it comes to recommended expenditure. Security expenditure can be described as grudge expenditure. Organisations that do not have direct line reporting to its senior members can also be an issue, with security mitigation strategies applied in a piecemeal approach in the absence of any security management plan. The catch 22 is that security leads to less security due to a reduction in perceived threats.
Customers do not have a standard model in their heads for assessing security risks. Often, risk decisions are made on the basis of how risk averse they may be. Risk has always been closely related to the concept of security, but it is only in recent times that the management of risk has played such an important role in applied security (Smith & Brooks, 2013).
Prospect theory is one that may partly explain the thinking of people when it comes to assessing risk. Prospect theory is a behavioural economic theory that describes the way people choose between probabilistic alternatives that involve risk, where the probabilities of outcomes are known. The theory states that people make decisions based on the potential value of losses and gains rather than the final outcome, and that people evaluate these losses and gains using certain heuristics. Heuristics are simple, efficient rules that people often use to form judgments and make decisions. They are mental shortcuts that usually involve focusing on one aspect of a complex problem and ignoring others. The Prospect model is descriptive; it tries to model real-life choices, rather than optimal decisions, as normative models do. There are of course other theories that play into risk decision making, such as Cultural theory and Maslow’s hierarchy of needs.
Salespeople have long known there are basically two motives to get people to buy – greed and fear. However, according to Bruce Schneier (security expert), Prospect theory explains one of the biggest problems the security industry has with selling security. He believes that very few people actually want to buy it. Either the buyer wants something and spends to get it or they do not want something and spend to prevent it. According to Schneier, it is much easier to sell ‘greed’ than ‘fear’. Schneier believes security is a ‘fear’ sell. It is a choice between a small sure loss, the cost of the security product and a large risky loss, the potential results of an attack. Additionally, buyers must be convinced the product works, and they must understand the threats and the risk that something bad will happen. But all things being equal, often buyers will take the risk rather than buy the security. According to Schneier, security is inherently about avoiding a negative, complicated by the cognitive bias embedded in the human brain.
Another factor influencing the selling of security is that the world is becoming more complicated all of the time, particularly in terms of information overload. Black and white, good and bad, right and wrong have been displaced by complicated constructs that leave most people in the dark. As the world becomes increasingly fast paced and complex, the amount that people really know and understand of it decreases all of the time.
People are increasingly surrounded by black boxes, which are complex constructs that they do not understand, even if they are explained. It is difficult to comprehend the inner processes of the black box but, nonetheless, the inputs and outputs are integrated into decision making. The amount of information people simply have to believe, without understanding it, is increasing all of the time. As a consequence, society is tending to assign more importance to those who can explain something than to their actual explanation. The customer often does not have time for a complex explanation. Convincing them to buy security may be easier using images and emotions rather than logical argument, for which a growing number of people appear to have little time.
Compliance as a Selling Point
Historically, regulation has proven to be one of the most effective strategies when it comes to the implementation of workplace safety and security practices. Safety, security, health and environment (SSHE) law is a body of law concerned with the regulation of health, safety, security and environmental risks arising from business undertakings. There is an overlap between safety, security and environment and there are synergies that can be gained from an integrated approach given their respective grounding in risk management as the underlying methodology (Tooma, 2011). Workplace health and safety (WHS) offences and serious environmental offences are criminal in nature; therefore, a breach of these obligations is a criminal offence.
WHS laws impose a proactive duty on officers or persons conducting a business or undertaking to exercise due diligence (defined WHS Act 2011) to ensure an understanding and compliance with SSHE legal obligations by that entity. The due diligence duty is a duty imposed on officers personally. A breach of that duty is a criminal offence, attracting a maximum penalty of $600,000 and up to five years imprisonment for serious offences.
The introduction of the Work Health and Safety Act 2011 and its regulations (effective January 2012) is a case in example. The harmonisation of Australian WHS laws has imposed broad general duties and responsibilities on key stakeholders, ensuring the health, safety and welfare of people in and around the workplace. Any such prosecution could have a catastrophic outcome for an organisation or individual. The WHS Regulations (Div.4–43) identify the need for businesses to prepare, implement and maintain an emergency plan, with fines for individuals of $6000 and for a body corporate of $30,000 for non-compliance.
A further complication for companies seeking to hide behind the corporate veil is the existence of personal liability provisions that render directors liable for offences committed by their company, in all states and territories. The legislation now imposes a broad duty of care on key stakeholders in the workplace with respect to ensuring the health and safety of people at work.
While WHS and environmental law are well developed, occupation security law is still in its embryonic stage, according to Michael Tooma (2011). Significantly, the law and practice dealing with security and terrorism continue to develop the security landscape at a fast pace. The treatment of security as part of an integrated SSHE risk management approach in integrated management systems is by no means universally accepted (Tooma, 2011). However, there is little doubt that safety duties incorporate security responsibilities.
It is estimated that there have been over 60 terrorist attacks in shopping centres in 21 countries since 1998. Against that background, a shopping centre design, which does not adequately manage the risk of terrorist attack, cannot be said to be safe and free from risk to health and safety within the meaning of the relevant WHS legislation. Indeed, the expansion of the duty of care under the Model WHS Act 2011 accentuates the interrelationship between safety and security (Tooma, 2011). Security obligations have been imposed worldwide on specific industries. For example, maritime, aviation, rail and critical infrastructure in major hazard facilities have obligations under federal, state and territory laws with respect to security management, as do persons dealing with security sensitive dangerous goods and certain security sensitive chemicals. These developments undoubtly assist greatly in terms of the security sell as the law and compliance is become security sales drivers. (Tooma, 2011).
While directors and senior managers will often have directors and officers liability insurance, these insurances do not cover liability in relation to work health and safety offences. This is because these offences are criminal in nature. Any insurance contract that purports to offer such an insurance cover is void against public policy. It is not uncommon for a prosecution to take place after a person has left the company, in which case they may be left to fund their defence from their own resources, sometimes without access to key documents that may assist them in their defence (Tooma, 2012).
Security Selling Tips
- Everyone has a fundamental need for security
- There is only one chance to make a first impression
- Always spell names correctly
- Be courteous, believable and generous
- Never tamper with the truth
- Desire for gain and fear of loss are two reasons customers buy or do not buy
- A significant number of customers have wants rather than needs
- Customers decide emotionally and then justify logically
- Create a buying desire in customers by demonstrating that they can be safer and more secure as a result of owning the product or service
- Customers care about what a product or service will do for them
- Do not under price products or services
- A customer’s attention can be gained by linking a product or service to making or saving money
- Around 10 to 15 percent of customers may be dissatisfied, but do not say so; those issues can be fixed if they are known
- Address dissatisfaction and indifference
- Customers buy products and services because they feel they will be better off
- Engage in public speaking (builds knowledge, confidence, gains recognition)
According to Charles A. Sennewald, keeping up in the security industry can be accomplished through education; reading journals; association participation; communicating with practitioners, colleagues and peers; and reading books published for the security industry.
Finally, the quality of the security professional depends on following strong moral standards in all relationships and providing a degree of leadership on ethical behaviour. There is a strong connection between ethical behaviour and effective leadership. It is a vital prerequisite in business to adopt the honesty is best policy and building truth-telling cultures, which will have a positive impact on the bottom line.
For a full list of references, email email@example.com
Graeme Cunynghame has been employed in the private sector and served in the NSW Police Force – Fraud Squad, Corporate Affairs Commission, Drug Enforcement Agency, National Crime Authority, and NSW Crime Commission. Graeme read Security Science at Edith Cowan University and has diplomas in Security Risk Management, Work Health and Safety and Government Investigation. He is a member of ASIS and ACFE. Graeme welcomes referrals relating to fraud matters, workplace investigations, security risk management concerns and security negligence issues. He can be contacted via email firstname.lastname@example.org or on 0408 787 978. Visit www.pripol.com.au for more information.