When it comes to thwarting terrorism, only a handful of companies have had to worry about controversial big-ticket items like intrusion-detection equipment for chemical plants or antimissile defenses for airliners, which some lawmakers want to mandate. For the rest of Corporate America, aggressive investment in “guards, gates, and guns” was supposed to be enough to counter the postSeptember 2001 threat. Or so the White House thought.
While actual private-sector security spending hasn’t been calculated, a November 2002 report from the Federal Reserve Bank of New York leads to a disappointing preview, say experts. The report said companies spent $32.8 billion in 2001, and noted that if annual spending doubled to reflect the new threat environment, an additional $7.8 billion would have gone for capital equipment, with $25 billion for personnel. But the Brookings Institution’s Michael O’Hanlon, for one, believes overall spending fell far short of doubling in 2002, and says that “at many companies the level of improvement needs to be more akin to how airport security changed after 9/11.”
Government officials, too, have been concerned over low spending at some companies. Although critical industries like utilities and transportation have invested heavily, overall “the other side of the situation is complacency” among companies that don’t feel directly threatened, says Al Martinez-Fonts Jr., special assistant to Department of Homeland Security (DHS) Secretary Tom Ridge for the department’s private-sector office.
That doesn’t mean Corporate America has been recklessly cutting corners. In fact, at many companies the list of security measures enacted since 9/11 is long, and includes conducting intensified preparedness reviews, installing technology safeguards, and focusing on business-continuity issues like supply-chain vulnerabilities. In addition, firms such as Cadence Design Systems Inc. and Duke Energy Corp. are placing physical and IT security under a single corporate officer, who often reports directly to the CFO.
Low-Key And Low-Cost
Spending for such steps tends to be relatively modest, and may not turn up in the budget at all. Yet the companies taking these more-strategic initiatives believe they make sense in today’s environment, something Martinez-Fonts certainly agrees with. Moreover, such low-key initiatives are easier to mesh with corporate culture. At Cadence, for example, employees have learned to appreciate preparedness for earthquakes — the San Jose, California-based design-software maker is nestled between two active faults — and they welcome the latest manifestations of heightened security. “You can’t quantify what peace of mind is worth,” says senior vice president and CFO William Porter.
Predictions aside, there are good reasons why overall security spending has been lower than expected. For one, corporations are wary of fluctuating rules. “The dilemma companies face is that if they put up a six-foot fence and the government ends up mandating an eight-foot fence, you’ve wasted your money on the six-foot fence,” says Martinez-Fonts. To lessen the likelihood of such misdirected spending, companies hope DHS will help them win special exemptions on security issues — for example, by easing freedom-of-information restrictions that might hinder information-sharing.
Other executives have balked because measuring the return on investment for terrorism is nearly impossible (see “Uncalculated Risk,” facing page). “It’s futile to figure out what the ROIs are,” says Porter. Like other CFOs, he’s spent little time projecting returns for security enhancements, which have included more electronic surveillance, golf-cart patrols, and the design of a more-cohesive business-recovery plan.