Calculating Security's Cost
"People feel they have to protect everybody from everything, but no one has that type of budget, so you have to prioritize," says Glen Rasmussen, senior associate focused on security for OWP/P Architects, Chicago.
Sean Ahrens, a senior security manager from Chantilly, Va.-based consultant Gage Babcock, says security costs for new buildings are often viewed as a percentage of construction but that percent can range dramatically. "The security costs for a new office building may be 1%, but it may be 5% for an embassy," he says.
Richard Grassie, of TechMark Security Integration, Pembroke, Mass., breaks the cost of analysis out of the total percentage for security. "For example, if the cost of the security system is $750,000, 9 to 12% of that is the typical cost of designing and bidding the system," says Grassie. "Our average is to dedicate 6% of the design cost to risk analysis." Using this example, the risk analysis would fall between $4,000 and $6,000.
BY THE HOUR
Ahrens also offers a look at risk analysis through an hourly rate perspective. For a high-profile, 40-story, high-rise apartment building he was recently asked to analyze, Ahrens says between 40 and 56 person hours were invested at a rate of $165 an hour.
"With a high-rise you are only looking at one to three floors of access, so there may only be two days of site inspection and interviews," says Ahrens. "With other building types, there can be many more points of access and much more site inspection involved."
Another three to five days were used for writing up the report and one day was spent generating a security budget for the high-rise apartment building analysis. The analysis included description and definition of threats, listing of assets, consequence of loss and options for loss mitigation.
Arlington, Va.-based Kastle Security focuses on outsourcing electronic access control systems and systems monitoring for office buildings. Marilyn Brooks, vice president and general manager of Kastle's Midwest region, says the firm's specific market focus and experience with more than 1,700 office buildings allows her to estimate budgets on a square-foot basis for electronic access systems. Security guards' costs are not included.
Brooks provides estimates for installation of electronic access control systems that could include card readers, electronic visitor and delivery processing and possibly electronic elevator controls, but not closed circuit television systems. "Class A and B office buildings in central business districts cost 7� to 10� per square foot for installation," says Brooks. "Suburban office buildings between 200,000 and 250,000 square feet range from 15� to 20� per square foot."
In Grassie's experience, annual ongoing security costs, including guards, can be as much as 10% greater than the cost of implementation. For Kastle's electronic access systems, annual costs average less than implementation expenses. Brooks estimates ongoing access control system costs at 3� per sq ft per year for B, C or D office buildings and 7� per sq ft per year for suburban office buildings between 200,000 and 250,000 sq ft.
| RULES OF THUMB FOR SECURITY COSTS |
| Closed Circuit TV |
| Exterior fixed: $3,000 |
| Exterior pan tilt zoom: $5,500 |
| Interior fixed: $1,500 |
| Interior pan tilt zoom: $4,500 - $5,500 |
| Switching/recording: $1,500 per input |
| Lighting: $2,000 per 100-sq-meter zone |
| Passive Vehicle Barriers |
| Buried tires: $14 per 8 ft |
| Concrete barriers: $200 per 800 ft |
| Berm/Ditch: $300 - $500 per 100 ft |
| Cable in fence: $5 per ft |
| Planter: $800 |
| Crash Gate: $35,000 per 24 ft |
| Retractable Bollards |
| Hydraulic: $8,000 and up |
| Manual: $2,000 |
| Fencing |
| Chain link: 7 ft tall, $12 per ft |
| Without riggers: $17 per ft |
| Ornamental: $25 - $50 per ft |
| Obscuration: $5 - $40 per ft |
| Gate house |
| $6,000 - $10,000 |
| Bullet-resistant doors |
| $4,000 - $6,000 |
With the proper budget information, the use of security guards can be compared to an electronic access system on a cost basis. "Security posts can be manned from 9 p.m. to 5 a.m., or 24/7," says OWP/P's Rasmussen. "There is six times difference in cost when you account for shifts and vacation time."
The critical factor in calculating the cost of security is creating a proper risk analysis that allows weighted evaluation of real and perceived threats so the most significant issues are understood and addressed. Grassie says key questions in risk analysis are: What is to be protected and against what? What is the consequence of loss? What is the appropriate level and type of protection? Are there protection constraints?
Rasmussen has developed a security risk analysis formula and evaluation process that allows answers to questions to be processed and reviewed in an objective manner that facilitates nonpartial financial decision-making.
The formula is R = C x T(1-Pe) with R indicating risk, C representing consequence of loss, T equaling threat likelihood, and Pe meaning protection effectiveness. All values substituted for these factors are determined through a pre-established process that assigns a number between zero and one.
An itemized asset list is created and geographically located on building plans. Then, a threat list is generated before a vulnerability assessment is developed. Finally a protection assessment–or security options–are proposed.
"An asset can be a person, place or thing, including information and intellectual property," Rasmussen says. "The value of assets are compared through their consequence of loss value, which range from 0.0 to 1.0." For example, the C value, or consequence of loss, assigned to a laptop computer might be 0.2, while the shutdown of the main server might be ranked at 0.9 or 1.0.
A matrix of all assets, their locations, their C value and other information such as a "yes/no" listing of their mission-critical value is created to fully understand what needs to be protected.
Rasmussen defines threats (T) as credible and intentional attempts to invoke consequence of loss. "Threats are evaluated by their frequency or likelihood of occurrence," he says. A threat matrix including threat group, potential weapons or tools and other threat characteristics is created to understand "the essence of the design criteria necessary to counter that threat," says Rasmussen.
In the risk analysis model, protection effectiveness (Pe), is determined by estimating how many times the security program would prevail in 10 attempts by an adversary. If it is determined that a graffiti vandal would be thwarted 8 times out of 10 with motion detection lights in place, the Pe would be 0.8.
Reducing the threat likelihood is a more important factor in determining costs than devising fail-safe protection effectiveness. "It is the capacity and characteristics of the applicable threat group that drives security costs the most," Rasmussen says. "Sometimes you do not have to ‘harden' security to reduce the threat."
For example, bullet-proof glass may not be necessary if an executive's office is faced with a realistic threat of sniper fire. A less costly and safer solution would be to reconfigure the office space.
Rasmussen says that OWP/P has created a business consulting division that helps develop operational procedures that can contribute to the reduction of threats without increasing costs. Eliminating risks without increasing costs is critical. "There is no monetary return on security investments, only an avoidance of cost," Rasmussen points out.
Click below to view more articles from this special report >>
BUILDING FOR A SECURE FUTURE
OVERVIEW
STRUCTURAL PROTECTION
INFRASTRUCTURE
COMPANY PROFILE
PORT PROTECTION
INFORMATION TECHNOLOGY
SECURITY PRODUCTS