The capital that organizations invest on security functions is no different. These functions must have some purpose (reduce risk) and be able to be justified through cost benefit analysis. With this, the security industry has shifted from a labor intensive market to a money intensive market; meaning that Physical Protection Systems are built and run on funding. You would feel that the capital invested in security is managed effectively. After all, isn't the capital that is being invested used to protect against loss, prevent shrinkage and prevent pilferage?
Considering that 9/11 the security industry has witnessed a spike sought after. With this demand has come the advantages of personal emergency alarm professionals to effectively handle the capital spent throughout the system life cycle and through retrofit projects. Through the acquisitions process organizations ask for and procure different services which have lasting effects on the safety posture. These services include guidance on security management practices, technical security evaluations and guidance on forensic security (expert witnesses) issues.
Statistical data within the security industry describe that the various market segments have undergone extreme development. On the national level the United States has spent $451 billion (as of August 2014) on national defense and has invested over $767 billion on Homeland Security since 9/11. Consumer reports have also outlined that Americans jointly spend $20 Billion each year on home security. Technical trends have layed out that organizations spend $46 Billion (combined) annually on Cyber Security. The asset protection market outlines that the contract guard pressure industry has witnessed considerable growth to the melody of $18 Billion a year. In an hard work to prevent shrinkage retailers also invest $720. 3 Million annually on loss prevention methods.
You should also feel that with the number of money being spent within the security industry that more industry benchmarks (to include lessons learned) would can be found to help guide stakeholders toward sound security opportunities. This is often not the case. Most security project end products are the results of different security management mentalities. These security attitude pitfalls are because of this of the: Cookie Cutter Mentality - if a security measure works well anywhere it will reduce the chance at multiple facilities; Pieced Mentality - as money is available some risk(s) are mitigated; Maximum Safety Mentality - there is never too much security; and the Sheep Crowd Mentality - everyone is doing it and we better follow suit. Each one of these problems has the same impact on the organizations bottom range. Both potentially divert money far from addressing true risk(s) and extremely often require organizations to take a position more capital into the security program in an effort to correct newly created security weaknesses.
Two main issues add to these pitfalls: Typically the stakeholder would not know very well what security measures are expected and relies on a vendor for guidance; or the potential vendor does not have the stakeholders' welfare in mind and recommends that the stakeholder implements measures that are out of scope from the patient's needs. Now don't get this author wrong, there are some vendors in today's security markets who meet or surpass stakeholder requirements. From a security management stand point the question must be asked "Does the vendor be familiar with stakeholder's security needs and/or will the vendor really care? "