OSINT Blog / Post

July 17, 2024

The Hidden Costs of Ignoring Crime: Why Your Business Needs a Security, Intelligence, or Investigation Team

Crime can have an expensive impact on businesses—and you face risk on all fronts, with internal and external actors causing U.S. businesses to hemorrhage funds.

Fraud alone costs American businesses an estimated $652 billion each year. The U.S. Chamber of Commerce estimates that 75 percent of all employees steal cash, property, or merchandise at least once and that half of those individuals steal repeatedly. The U.S. Department of Commerce suggests this results in a $50 billion annual loss to U.S. businesses.

With crime affecting businesses at such high levels and seemingly on the rise, security investments are more critical than ever. But building and maintaining a security, intelligence, or investigation team relies on receiving an adequate budget, and retaining that budget can be challenging, especially in the face of worry about the global economy. As security leaders, however, managers must find ways to secure a share of a company’s dollars to ensure they adequately protect the organization as it confronts threats.

Successful security programs take serious investments of both time and money. To gain this investment, security managers must demonstrate how security funding can support tactical and strategic business goals as well as provide executives and board members with data-driven insights that unite the organization’s business and security interests.

In this guide, we’ll examine why organizations need a security program, walk you through how to make a compelling business case for your program, and outline what to consider when preparing a budget.

 

Benefits of a Security Team and Security Program for an Organization

Security and operational integrity are essential parts of any organization’s success. If you’re a security leader, it’s your job to help your organization understand this and ensure that senior leaders appropriately prioritize security amongst other competing priorities. Here are eight reasons that organizations should invest in security and investigation, and formalize a security budget:

Saving Money

Despite common thinking, security is not a cost center. In fact, the primary reason for a security budget is ultimately to save the business money. A robust security process protects a business from risk and reduces the time and money spent dealing with incidents that were preventable. As they say, an ounce of prevention is worth a pound of cure. It is much cheaper to prevent an incident than it is to remediate lost assets and impaired supply chains.

Without appropriate security standards and resources, any insider or external attempts at theft, fraud, or violence are far more likely to be successful. By forecasting likely security costs and allocating an appropriate budget, companies can account for and minimize the risk of wasting money on recovering from these incidents throughout the entire year.

Ensuring Employee Safety

When they’re at work, employees should feel comfortable, safe, and free from harm. A well-resourced and adequately trained security team can ensure that all other company employees are protected from external threats. They can assess threats to the building, assets, and employees by monitoring CCTV and scanning social media and forums for written threats, civil unrest, and natural disasters that could impact the security of the building or its employees. By quickly detecting these threats, security teams can take appropriate action to prepare and protect the business and its employees.

Securing Assets

A security team can allocate resources to protect important assets from harm, a vital process for every business. Security teams can assess physical and cybersecurity measures for proprietary data, merchandise, vehicles, or tools and equipment and identify existing flaws that could result in loss.

Enabling Fast Prosecutions, When Necessary

Security can never be foolproof and even the best security team cannot protect a business from every possible incident. When crime hits, you may need to support a prosecution in order to hold those responsible accountable and deter future offenders. Having an internal security team can ensure tools like CCTV are monitored to quickly detect incidents, as well as an instant response to catch the offender. Trained investigators can also take swift action to capture evidence and prepare court-ready materials through OSINT and on-site interviews to help secure a prosecution. 

Gaining Security and Investigation Insights

Preparing a security program budget requires security leaders to closely examine the company’s current security program, which can help detect existing security gaps and develop plans to close them. A well-resourced security and intelligence team can also analyze internal data to detect trends and patterns in incidents and crimes and predict future incidents through seasonality and offender insights.

Achieving Business Alignment

Security and intelligence teams are often siloed from other areas of a business, seen as irrelevant to business operations and only there to remedy incidents. When seeking a security budget and resources, security leaders need to consider the business case for a security program relative to the organization's priorities. Consequently, the security program is far more likely to deliver against the organization’s strategic goals and the senior leadership team is far more likely to understand how security interlinks with other departments within the business. Gaining executive buy-in through increased visibility ensures that there are advocates within the business that understand why security is vital to the organization and why it requires adequate resources.

Protecting the Business’s Reputation

A positive business reputation is essential for demonstrating trustworthiness and honesty to current and potential consumers. Frequent security incidents and crimes can severely impact an organization’s reputation. In the modern world, violent incidents and shoplifting can be easily recorded and shared widely on social media, impacting the viewers' thoughts about the business where the incidents occurred. To protect both your customers and the reputation of your business, it’s necessary to prevent as many incidents as possible. CCTV cameras and OSINT can be leveraged concurrently to detect incidents and deploy on-the-ground security employees to disrupt prohibited activity.

Financial Predictability and Reserving Resources for Further Security Upgrades

Accurate budgeting for security helps set expectations, provides the organization with financial predictability, and enables the business to avoid surprise costs. As the business allocated its limited funds to a range of competing priorities, allocating a budget to a security program enables executives to consider security and understand its value in regard to continued business operations.

With a security budget in place, businesses have funds set aside to make upgrades when a business requirement is deemed necessary, such as following a violent incident. Having to find money within the business can be time-consuming, but having the money already reserved allows security teams to quickly implement new measures to replace failed security measures or fill gaps. 

 

What is a Security and Investigation Program?

A security and investigation program and a supporting business case are critical for ensuring the successful delivery of security-driven projects and activities. A security and investigation program is a plan to coordinate, direct, and oversee the implementation of a series of measures and activities that a business will take in pursuit of the organization’s strategic objectives.

A security and investigation program is supported by a compelling business case for change and a security budget. A business case for a security and investigation program generally relies on five key considerations:

The Strategic Consideration

The strategic dimension of a business case is to make the argument for change and demonstrate how a security and intelligence team provides a strategic fit for the business. Demonstrating a holistic fit with teams and operational activity in the business requires security leaders to provide a strategy that outlines measures that will protect the business and employees. The objectives of the security team and the required budget must be made SMART: specific, measurable, achievable, relevant, and time-constrained.

The Operational Output Consideration

The operational output dimension of a business case demonstrates that the security program will provide a viable team that meets demand without impacting operations or requiring further budget. This requires the security leader to determine what is realistically achievable by the security team. Creating a capable and trained security team with the right tools to deliver on the promises of the security program requires a clear understanding of the proposed services, outputs, and milestones that the security team will achieve within budget and the potential risks in the design, build, and operational phases of the team. The challenge for the security leader is to accurately anticipate the inevitable risks and changes to the business.

The Financial Consideration

The financial dimension of the business case demonstrates the affordability and funding of the security program, as well as the investment support of key stakeholders within the business. This requires the security leader to understand the costs of managing a security team, such as salaries, equipment, technology, and training. Funding decisions tend to lie on the balance sheet, so these costs must be contrasted with the potential cost savings that the security team will deliver by preventing losses, protecting employees, and prosecuting offenders. The challenge is to put a financial value to incidents that will no longer occur and harm to individuals that will not be caused.

The Social-Economic Consideration

The social-economic dimension of a business case is to identify the security measures that deliver the greatest social value to the business. Security leaders must demonstrate how the security program outlined will meet spending objectives and deliver success while providing social value for the business. At a minimum, the business case must demonstrate how the security program will realistically achieve the essential requirements being set for it during standard business-as-usual activity. To deliver social value, a security team usually focuses on providing a safe workplace for employees and customers by disrupting and preventing security incidents.

The Management Consideration

The management dimension of a business case demonstrates that robust processes are in place for the delivery and evaluation of the security program, including the delivery of results and feedback to the organization’s executives. A successful security team will have multiple success stories and these must be relayed to the decision-makers with evidence and key statistics to ensure that the budget of the program continues to be supported.

 

How to Prepare a Security and Investigation Budget

Lower-than-expected security programs create a challenge for security teams to deliver a level of security that meets the expectations of the business and stakeholders. The responsibility to deliver appropriate levels of security falls to the security leaders but the budget allocation is decided by executives who are influenced by their impressions and reports on the activity of the security program. Any belief that the benefit of spending on security is self-evident is misguided.  It is vital that a security and intelligence program and budget request adequately conveys the critical nature of security activity and the costs of an inadequate budget. Failure to gain an appropriate budget to fund an adequate security program can result in long-term impacts by reducing the potential for future budget increases.

We’ve created a list of factors that should be considered by security leaders when preparing a budget request for a security and investigation program:

Evaluate the Organization’s Assets

A security program revolves around protecting an organization’s people, buildings, assets, merchandise, and supply chain. Putting a value on the business enables security leaders to convey the potential impact of harm to one of these considerations. 

Review the Procurement Process

Every organization has its own budget and purchasing approval process, so determine how it works at your organization. When looking to hire new employees or onboard new technology, consider factors like a review of contracts by the legal team or due diligence conducted by HR. Understanding this system enables security managers to work within the organization’s formal parameters as efficiently as possible.

Review Your Existing Budget

If you’re a security leader, unless you’re creating a brand new team, you likely already have an existing budget. If there is no documentation within the security team, seek out the finance team for a budget code or budget amount. Once you have determined what the current security budget looks like, you can begin to evaluate whether the current spending is adequate. 

Understand How Programs and Budgets are Approved

Any changes to a budget or an internal program must go through a formal approval process.  Determine what type of business case is required, if there is a standard format, and which stakeholders must provide approval.

Evaluate Risk to Understand the Threat Landscape

To justify a new security program or increased budget, security leaders must understand existing threats to the business. To identify these risks, security leaders must work with their analyst teams to convey the known areas of risk across the business. If a team does not currently exist, then the security leader must conduct a threat assessment to discover and assess the threats themselves. To get the required budget, the security leader must provide as much information as possible in an easily digestible format to convince decision-makers.

Determine the Security Requirements

Once the organization’s assets are known and the threats and risks are identified, security leaders can begin to determine what is required for the security program to function. Identify current gaps in physical security, such as lack of technology, personnel, training, or processes. 

Research Technology and Employment Cost

Having identified the security gaps, research the market rate for necessary employees, such as intelligence analysts, investigators, cybersecurity analysts, or digital forensics specialists. You can also reach out to technology providers that build software that meets your current needs; they can outline annual costs and may provide a trial of their technology. Technology consultants and recruitment specialists can help you create a bespoke plan that works for your business. Don’t just commit to the cheapest provider or employees—identify who and which technology is the perfect fit for your organization. Investing a little more in the right people and tools can pay serious dividends when the time comes.

When budgeting for the required technology and people, build contingency into the approach. If negotiation doesn’t go as expected or a deal falls through, increased expenses should not derail onboarding. Similarly, build concessions into the proposal. If a certain employee or tool is too expensive for the business, alternative plans should be in place.

Determine the Return on Investment

To gain approval from decision-makers, a budget should outline a return on investment. While security teams don’t bring in revenue, security leads can outline the potential cost savings from continued business operations and the costs of crime to the business.

Find Metrics to Justify Funding

Security performance is often graded on scales like successful or unsuccessful, or high, medium, and low, but senior leadership teams prefer concrete numbers. Security leaders should seek metrics that demonstrate the real-world outcomes of their team’s actions, such as the value of recovered stolen property or the reduction in stolen items since a dismissal. 

Sell Security

A successful security program business case must sell the need for security measures to the senior leaders. Focus on building trust rather than backing them into a corner by raising fear with statistics about high crime rates. When decision-makers seek to cut costs, security often takes a hit, so business leaders must have a strong understanding of the broad value that a security program provides to justify its budget. 

Connect Security to the Organization's Strategic Goals

Security leaders should consider the strategic goals of the business to ensure that budget requirements in the business plan are appropriate and likely to get approved. Security objectives must be synchronized with the broader goals of the business and a business plan should convey how the proposed security program can improve outcomes in line with those goals, such as reducing costs or protecting assets.

Prioritize Spending

A security program should direct resources to the areas with the greatest needs or where the greatest impact can be had. Security leaders should prioritize spending in high-risk or high-reward areas to ensure that metrics can be used to justify budgets in the following years. Spending may involve automating repetitive security processes, such as collecting, collating, and analyzing public information from the internet to form OSINT.

Benchmark the Security Program

To justify a budget for a security program, security leaders may seek to benchmark the costs with similar security programs in other organizations of the same size or in the same industry, or against other teams in the business. Allocating budgets proportional to other departments' spending or similar-sized organizations can ensure that the security team can meet the likely demand they will face.

Identify Shared Budget Opportunities

In some cases, it is difficult to determine which budgetary items belong to security or another department. OSINT systems that can be used for hiring due diligence may be used by both security and HR teams, so spending on these platforms may need to be shared between both teams. Ambiguity in ownership is not necessarily a challenge but an opportunity to reduce costs by sharing the load. Identifying co-owners of technology and employees can help security leaders to gain budget approval and acquire resources. Sharing assets can also pay off in future budget reviews; if several leaders in the organization all mutually agree the software is vital then it is more likely to get approved.

 

Getting Budget Sign-Off for a Security and Investigation Program

Once a business case and a budget have been prepared for a security and investigation program, it’s time to get it all approved. Having aligned with the organization’s strategic goals and provided senior leaders with all the information they may need to make a decision, you’ve done all you can to get your security program the funding you require. 

Businesses need to equip their security teams with the right tools to ensure a continued positive reputation and financial stability for the business. Investing in a security program can directly impact an organization’s operational success and safety.

Want to learn more about how Skopenow can help you enhance OSINT within your investigations and streamline your security processes? Request a demo and free trial today at www.skopenow.com/try.