Key Takeaway
Despite the financial climate hotel companies still have an obligation to manage security risks to protect their guests, staff and assets. Delegation of security risk management responsibilities to non security specialists only provides a ‘fig leaf’ of security risk coverage.

Maintaining Hotel Security on a Budget

Hotel security and resilience risk management programs have been severely impacted by the downsizing or disbandment of corporate security teams. The likely impacts of this have been discussed in a previous blog, The Risks Associated With Hotel Security Cuts, but it is worth reiterating that despite the financial climate, hotel companies still have a duty of care, and moral obligation, to take reasonable measures to protect guests and staff. In one form or another this will require:

  • Formal Security Intelligence program to identify ambient and dynamic threats
  • Strategic Security Risk Assessment
  • Security Strategy, Policy and Procedures
  • Security Plan
  • Implementation Plan
  • Security Risk Management Performance Management
  • Security Risk Review Program
  • Improvement/Action Plans

These things are a challenge with fully manned security teams, but it will be almost impossible to effectively maintain these programs in current times. Existing programs will have a residual effect, but this will quickly degrade without qualified management by qualified teams. This will undermine risk governance. Some companies have taken a ‘sticking plaster’ approach by transferring security risk management responsibilities to other risk specialists such as safety or enterprise risk management; on the surface, there is a logic in this approach because theoretical security risk management differs little to other areas of risk management.

Of course, the devil is in the detail. I can paint a wall but ask me to paint a portrait? I would give it a go, but it will be extremely poor!

The ‘easy way’ for companies to rationalise this problem is to simply – change the company’s security risk appetite to match the residual capability. This fix will likely withstand perfunctory scrutiny but will probably be exposed in the event of a serious security incident and subsequent external investigation.  Security teams are unlikely to be reinstated anytime soon so what options do hotel companies have:

  • Do nothing and hope for the best
  • Provide security risk management training to the teams who have taken over security responsibilities
  • Enhance security management at hotels to enable them to be more self-sufficient
  • Employ hospitality security consultants to quality control the work of non-security specialist risk managers
  • Implement 3rd party annual reviews of security risk management programs to ensure their efficacy and identify improvements
  • Employ retained services to support company response to serious security incidents and situations

In the first instance, hotel companies will be in turmoil as they seek their very survival and security will be a lower priority but as the impacts of downsizing/disbanding security teams become apparent, security will again come into focus – a terrorist attack, serious fraud, death of a guest, cybercrime attack, senior management mismanagement, data loss, loss of corporate client confidence, kidnap for ransom and extortion.

In the meantime, even if hotel companies rely on their residual security programs, hotel companies will at the very least need an ‘emergency’ security response capability to support the non-security specialist risk management teams in the event of complex security incidents.

Hotel companies might consider a ‘security on demand’ service to avoid fixed costs and keep their security risk management programs on ‘life support’. This approach gives companies flexibility to control costs whilst bolstering capability and continuing to demonstrate due diligence and responsible business.

Questions for Consideration

  1. Do you have the capability to effectively respond to serious security threats and situations?
  2. Would your security and resilience programs stand up to external scrutiny following a major security incident?
  3. Have you considered compensatory measures to fill security and resilience capability gaps caused by security cuts?

Too many things keep us hotel owners and operators up at night these days. With our massive experience in global hotel security and resilience, NorthPoint International can help you take steps to take this worry away. Contact us to learn how.