Investing in Your Security: Why TCO and ROI should guide your security procurement
In this final in our six-part series of articles on investing in security systems, we summarise the key TCO and ROI factors that can take your security procurement decisions from ‘grudge purchase’ to ‘strategic investment’.
We hope that you have found our Investing in Your Security series of articles to be informative so far. In this article we bring our learnings together in order to equip you to answer the question: How strategic is your approach to investing in security?
How do you rate your approach?
Beyond the upfront investment, what factors do your organisation consider when purchasing a physical security system solution? What are the potential costs of a security system that you take into account, the potential savings, the potential efficiencies, the potential harm and losses avoided, and the potential value-add? How much value are you deriving from your existing system, and how much are you missing?
Is security a tick-a-box exercise for your organisation, in which the lowest price solution is the go-to, or does your organisation take a more holistic view and consider whole-of-life costs (and savings) and the potential benefits an IP security solution can deliver including – and beyond – security?
In short, how strategic is your security procurement decision making?
Security Procurement Maturity (SPM) Model
To assist you in answering the above question, we’ve developed our Security Procurement Maturity Model. The SPM Model categorises an organisation’s approach to investing in its security into four hierarchical levels of maturity, with each level reflecting a more strategic approach than the previous one:
Let’s look at each of these levels in more detail, starting at the bottom with ‘Speculative Investment’:
1. Speculative Investment
At this level, an organisation is making its security procurement decisions based solely or largely on the ‘up front’ (CAPEX) price of security system, with little regard for other downstream costs or value-add. This is traditional ‘grudge purchase’ territory where – inevitably – the lowest price wins. As detailed in the first article in our Investing in Your Security series, this approach fails to make good financial sense. In the case of government organisations, this approach is also non-compliant with government procurement rules around ‘value for money’/’public value’.
To level-up: organisations at this level should consider reviewing their procurement practices to explore how they can position themselves to look beyond the ‘price tag’ and evaluate whole-of-life costs. This could include ensuring that Requests for Quotations/Tenders specify that respondents’ pricing responses include information on whole-of-life cost factors.
2. Informed Investment
At this level, an organisation’s purchasing is informed by an understanding whole-of-life costs and of the ways in which downstream costs can be best managed. In particular, this means that the organisation is looking at Total Cost of Ownership (TCO) in terms of both its ‘hard’ and ‘soft’ cost factors.
As we learnt in the second and third articles in this series, the downstream ‘hard’ costs relate mainly to the OPEX associated with operating a security system, while the ironically named ‘soft costs’ relate to the potentially disastrous losses resulting from the failure of a poorly selected, poorly performing security system.
To level-up: While organisations at this level have achieved a holistic view of the potential costs of a security system, they don’t necessarily see their security spend through an investment lens. The challenge now is to move beyond the ‘security as a cost centre’ approach to developing the processes to be able to account for the potential net benefit (or ROI) of a security system investment.
3. Smart Investment
At this level, an organisation’s purchasing is informed by an understanding of (i) whole of life costs, and (ii) the ROI achieved by optimal security outcomes. As detailed in the fourth article in this series, organisations at this level are able to calculate (or at least model) their Return on Security Investment (ROSI), where the net benefit from their security spend equates to the annual cost of security breaches avoided relative to the prevention cost incurred.
Modelling ROSI may involve looking into the historical incidence of security breaches and their financial impact on the organisation, and ensuring that the organisation has robust security reporting processes that record both successful and unsuccessful breaches while also taking note of publicly reported breaches suffered by similar organisations.
To level-up: Achieving an optimal level of Security Procurement Maturity requires broadening the ROI calculation to include non-security outcomes. More than anything, this is likely to necessitate a change in organisational mindset (and potentially some organisational silo smashing) in order to identify and to harness the range of cross-functional customer service, business intelligence, and other powerful non-security benefits that contemporary security systems are capable of delivering.
4. Strategic Investment
Organisations at this level have reached the apex of Security Procurement Maturity. Their purchases are informed by an understanding of a security system’s (i) whole of life costs, (ii) security ROI, and (ii) ROI achieved by adding value to business objectives beyond security.
As covered in the fifth article in this series, organisations at this level have moved beyond the loss-minimisation focus of ROSI to understand how an IP-based security system might deliver broader value-add. There’s good reason why over 46% of larger organisations are saying that they use their security systems as a way to “improve overall business efficiency, productivity and asset optimisation.” They get it.
Factoring TCO and ROI into your security solution procurement decisions makes good business sense. We recognise that this has traditionally been easier said than done, and that’s perhaps a reason why many organisations struggle to look too far beyond initial purchase price calculations.
As a leader within the private security sector, Optic Security Group advocates responsible and transparent pricing practices so that client organisations are positioned to make the best, most informed, security solution investment decisions.
To learn more about how a TCO and ROI-focused approach can help your organisation to optimise its Security Procurement Maturity, feel free to get in touch with us.