VideoWhen it comes to thwarting terrorism, only a handful of companies have had to worry about controversial big-ticket items like intrusion-detection equipment for chemical plants or antimissile defenses for airliners, which some lawmakers want to mandate. For the rest of Corporate America, aggressive investment in "guards, gates, and guns" was supposed to be enough to counter the postSeptember 2001 threat. Or so the White House thought.
While actual private-sector security spending hasn't been calculated, a November 2002 report from the Federal Reserve Bank of New York leads to a disappointing preview, say experts. The report said companies spent $32.8 billion in 2001, and noted that if annual spending doubled to reflect the new threat environment, an additional $7.8 billion would have gone for capital equipment, with $25 billion for personnel. But the Brookings Institution's Michael O'Hanlon, for one, believes overall spending fell far short of doubling in 2002, and says that "at many companies the level of improvement needs to be more akin to how airport security changed after 9/11."
Government officials, too, have been concerned over low spending at some companies. Although critical industries like utilities and transportation have invested heavily, overall "the other side of the situation is complacency" among companies that don't feel directly threatened, says Al Martinez-Fonts Jr., special assistant to Department of Homeland Security (DHS) Secretary Tom Ridge for the department's private-sector office.
That doesn't mean Corporate America has been recklessly cutting corners. In fact, at many companies the list of security measures enacted since 9/11 is long, and includes conducting intensified preparedness reviews, installing technology safeguards, and focusing on business-continuity issues like supply-chain vulnerabilities. In addition, firms such as Cadence Design Systems Inc. and Duke Energy Corp. are placing physical and IT security under a single corporate officer, who often reports directly to the CFO.
Low-Key And Low-Cost
Spending for such steps tends to be relatively modest, and may not turn up in the budget at all. Yet the companies taking these more-strategic initiatives believe they make sense in today's environment, something Martinez-Fonts certainly agrees with. Moreover, such low-key initiatives are easier to mesh with corporate culture. At Cadence, for example, employees have learned to appreciate preparedness for earthquakes — the San Jose, California-based design-software maker is nestled between two active faults — and they welcome the latest manifestations of heightened security. "You can't quantify what peace of mind is worth," says senior vice president and CFO William Porter.
Predictions aside, there are good reasons why overall security spending has been lower than expected. For one, corporations are wary of fluctuating rules. "The dilemma companies face is that if they put up a six-foot fence and the government ends up mandating an eight-foot fence, you've wasted your money on the six-foot fence," says Martinez-Fonts. To lessen the likelihood of such misdirected spending, companies hope DHS will help them win special exemptions on security issues — for example, by easing freedom-of-information restrictions that might hinder information-sharing.
Other executives have balked because measuring the return on investment for terrorism is nearly impossible (see "Uncalculated Risk," facing page). "It's futile to figure out what the ROIs are," says Porter. Like other CFOs, he's spent little time projecting returns for security enhancements, which have included more electronic surveillance, golf-cart patrols, and the design of a more-cohesive business-recovery plan.
Then there is the fact that spending is dictated by such factors as a facility's attractiveness to terrorists. That's why it isn't surprising that Dow Chemical Co. is taking millions of dollars in preventive measures. Yet a firm like Milwaukee-based Briggs & Stratton Corp. hasn't done "anything out of the ordinary" to increase security since 9/11, says CFO James Brenn. "Our plants are in heartland America," he notes, and it wouldn't make sense to spend heavily — that is, unless terrorists shifted their targets from urban landmarks and adopted a "more-random mode of operation."
Still, there's agreement that security planning has gained a higher priority — after early uncertainty about what steps to take, and how quickly to take them. "There has been an awakening," says Deborah Wince-Smith, president of the Council on Competitiveness, a private group of corporate managers, academics, and labor leaders that was a post-9/11 critic of company preparedness. Its survey last fall showed that 90 percent of executives didn't consider their firms as targets. "But from what we've heard from our industrial sectors, there is growing awareness," says Wince-Smith. All of which leads Martinez-Fonts to believe outlays for security will go up: "Companies will do the right things" to adjust to the more-dangerous environment, he says, "because they want to remain in business."
It Ain't Easy Being Orange
The right thing to do right now, it seems, is share information. And facilitating an unprecedented level of industry cooperation are several Information Sharing Analysis Centers, or ISACs, that were created in 10 industries to prepare for Y2K, but now work closely with the DHS and serve as a cornerstone of antiterrorism defenses (see "Strength in Numbers," below). Through their networks, companies that don't figure to be targets are benefiting from preparedness at companies in more-sensitive businesses.
Reader Comments» Post a comment