Are you struggling to communicate the value of your security investments? Do you find it challenging to gain executive buy-in and secure the necessary resources for your security team?
It’s time to break through the barriers and position security as a strategic partner within your organization. Watch the replay of our webinar, “From Barrier to Strategic Partner: How to Communicate the Value of Security Investments,” hosted by Security Magazine.
Discover the essential elements for how to build an effective business case and achieve the recognition your team deserves.
Learn how to:
- Unlock Your Security Team’s Potential: Learn the fundamentals of creating a persuasive business case and overcome common challenges in securing investments.
- Craft Powerful Storytelling Through Data: Master the art of presenting your team’s accomplishments with impactful storytelling that resonates with senior leadership.
- Drive Strategic Objectives: Discover how to align your security initiatives with broader organizational goals to position security as a driver of success.
This session is for:
- Security leaders focused on incident management, security risk management, threat protection, or security operations.
- Professionals in the security field looking to build an effective business case for their security investments.
Don’t miss this opportunity to transform your security investments strategy and gain executive buy-in. Click the “Play” button on the video above now.
“From Barrier to Strategic Partner, how to Communicate the Value of Security Investments” webinar transcript
Good afternoon and welcome to this webinar, “From Barrier to Strategic Partner, how to Communicate the Value of Security Investments.” This event brought to you by Security Magazine is sponsored by Resolver. I’m your moderator, Taylor Dottie, assistant editor of Security magazine. Thanks for joining us. Today’s presenters are LeeAnn Kincal, product marketing manager at Resolver and Artem Sherman, product manager at Resolver. Don’t forget to submit your questions and later in the program our presenters will adjust as many as possible. Today’s event is being recorded and archived on security magazine.com. This presentation is protected by US and international copyright laws reproduction distribution display and use of the presentation without written permission of the speaker is strictly prohibited.
As an IACT accredited provider. BNP Media offers I a CT C used for its learning events that comply with the an C and ICT continuing education and training standard participants completing this course may be eligible to receive continuing professional education credit or CPEs toward ais recertification training may qualify for related continuing education for recertification activity through sep. Students may claim one continuing professional development point per hour of instruction towards their nice recertification requirement for any sessions that expand their knowledge of the subject matter pertaining to the certifications they hold. Our learning objectives are identify the fundamentals of the business case, describe the common security team challenges and gaining buy-in for investments, discuss tips for building a powerful business case with strong storytelling through data, develop a step-by-step guide on how to create an effective presentation with examples. And now I’m excited to turn it over to today’s presenters, lean and Artem.
Awesome. Thanks so much Taylor. And thank you everyone for joining today’s webinar. As Taylor mentioned, we’re going to be taking you through how to build a strong business case for security investments
And just starting off with our agenda. So first we’re going to start off with talking about a core challenge that security teams face more than any other departments across the business. And then we’re going to walk through a business case template, which is board from the inter-agency Security Committee, which we believe will help your teams be able to easily communicate the current problems that you’re facing and your recommended solution to overcome these. Then last but not least, we will then walk through a business case example, a hypothetical business case example that will demonstrate what a real world example might look like. That’s where we’ll spend majority of our time in today’s webinar.
Okay, so going into core challenges that security teams face. So one common challenge we hear in the industry is that the broader organization often fails to understand the value security teams bring or can bring to the business solely due to a lack of familiarity of the roles. So unlike other functions such as marketing, sales, technology, security teams really have the benefit of their budget holder having an inherent understanding of the value they create and the requirements for success. So this is why we’re building a strong business case that highlights the impact security teams can have as well as continuing to advocate for yourself, which is absolutely essential. And we’re hoping that walking you through this example today will help you visualize how you can take this away and create your own business case that will highlight the impact that these investments can have, not only for your security team but across your organization.
So now going into the inter-agency Security Committee business template. So first we just want to start off with some background on the ISC.
The ISC was actually built based on the bombing of the Alfred P MRA building on April 19th, 1995. This bombing resulted in the Department of Justice publishing a report on the vulnerability of federal buildings, which then resulted in the generation of the ISC committee. As a result of this, the ISC had put together multiple reports since then of how to protect these federal buildings, which often resulted in large budget requests. And because of that, they needed to develop a strong business case in order to demonstrate that value and to gain budgets to move forward with these proposals.
Okay, so going into the ISC business case process.
This is actually a six step process and we’re going to start off with the first three here. So the first step is preliminary analysis and defining the problem. So this initial step is generally quick yet unnecessary exercise and the attention of this is to do initial research in order to solicit buy-in from your stakeholders. And that really defines the problem enough to gain buy-in and pursue building out this recommendation fully. Again, that this is an essential aspect is if your organization or your stakeholders do not clearly understand what the problems are, it’ll be difficult to advocate or articulate the rationale behind your business case. And Artem actually has had personal experience with this first step if you’d like to jump in and explain that Artem.
Sure. So the first step I find is very often underutilized. There’s opportunities that present themselves in your organization every day, week, month, and quarter. So incidents and other events happen in your organization that are notable or indicate some sort of pattern fairly routinely. The reality is that every fiscal cycle you may get to execute, sometimes zero, sometimes one, sometimes maybe two projects that are of a significant size. So zero to two major projects every year that you get to play out. But the way you get to be able to execute those large projects and ensure that those are the projects that you believe you need to focus on and your security organization needs to focus on is through continuous communications and through pushing your agenda whenever the opportunity presents itself.
As things happen that bubble up to the level of attention of the executive team, you should be ready with some of those initial analysis and be prepared to essentially do an elevator pitch when the chance presents itself have your high level ideas ready to communicate instead of just reviewing the incident and commenting on the event with your exec, which is certainly a part of that.
Also come prepared with some potential solutions and analysis. So for example, this claim of mistreatment where we had to pay out $40,000, which is just one of dozens that happen every year, could have been avoided if we had body-worn cameras for a guard force that shows that you’re strategic thinker, that you’re thinking about solutions and not just reviewing the problem.
That might follow up from an executive with a question like, well, what would that look like? Well, we could pilot it for one team over two months. It would cost us about $20,000 and it would cost us about $2 million and take six months to roll out to our entire guard force. The reason exec approvals sometimes seem to happen quickly. It’s when you’ve done the homework, when you’ve done the groundwork, and when you continuously champion for the initiatives that you feel are important to solve, those important problems that occur in patterns that occur. And this is something you should be doing all the time. Every time an event happens or a pattern presents itself, you should be doing this preliminary analysis, some early thinking and some early ideas for solutions and root causes so that way you’re ready with these things.
Another example is this happened because we didn’t have an incident management system and we couldn’t find the necessary documents to defend the civil claim. This way, as you are throwing out these solutions, next time something happens or when budget becomes available, the exec teams are already primed to focus their spending and attention on the solutions that you already have a rough outline for. So very, very important first step doesn’t take a lot of effort and all of us normally have some of that in our brains, but write that out, be prepared with those.
Awesome, thanks Artem. And then from there, moving into step two, which is about identifying stakeholders and as Arta mentioned, socializing that problem as well. So it’s important to determine who your key stakeholders are within your team, but also across other functions throughout your business. So whether it’s hr, it, legal, whoever that may be, and again, socializing that problem as early as possible. And in doing that, you’re actively engaging your stakeholders and it not only allows ’em to feel both included but also invested in the process, which can really lead to them advocating for this proposed business case and help push the project forward.
Going into step three, which is developing a cost benefit analysis. And within this step, there’s actually a nine step process here, and this is we’re going to spend most of our time reviewing today. Okay, so this is the nine step process and this actually comes from the federal government of the federal office of management and Government, and this is their approach, which as you could see is quite thorough and a rigorous process. And as I mentioned this is we’re going to be spending most of our time on the example once we go through that as this is where the most amount of work is really going to go into when developing your business case.
Just a high-level overview of the different steps here. Step one is defining the need and the problem you’re trying to solve, which is what has been done in the initial step that we spoke to in the previous slide. Then there’s step two, which is defining the baseline. This is clearly outlining what the current conditions are and what is leading your current problems to exist.
It’s important that this is clearly articulated to the problem and its causes easily understood. Step three is then setting the timeframe analysis, which would be how long do we expect to see anticipated results once this has been implemented, as well as outlining the timeline to determine if and when we need to reevaluate our decision or make any necessary changes. Step four is identifying a range of alternatives, and this is a great exercise as it demonstrates that you have thought through the process comprehensively and highlights your thoroughness in exploring various alternatives and scenarios when you’re bringing this to your leadership team. Step five is then identifying the consequence to each of these alternatives. This will not only give you a deeper understanding of each of these, but can also highlight how your main recommendation is the most ideal solution.
Step six is this is where you would quantify and monetize all the benefits and the cost for your recommendation as well as your alternatives. Step seven is discounting future benefits as a potential option that some companies like to consider.
Step eight is evaluating non quantified and non monetized benefits and cost. So you’ve already spoken to the quantifiable and monetized costs in step six, but it’s also important to talk about the non-quantifiable ones as well as there can be a lot of very, very important benefits that can come out of this. So this is something that is important to highlight throughout this process. But also want tip appear is ensure that your non-quantifiable benefits are clearly delineated from your quantifiable benefits as we don’t want to mix these two up as it can lead to some confusion. It’s important to keep those two steps separated.
The last step of the cost benefit analysis is characterizing your uncertainty. So here is where you would outline the expected results, including how much worse the result could be if we did not achieve a breakeven point. And again, this says step really allows you to show that you’ve thought through the possible outcomes when going through this. Okay, returning back to the six step process through the ISC with the three remaining steps. So the step four is anticipating potential resistant factors. So another important step here is to spend time preparing for what potential objections or questions that you might expect from your leadership team. And this just ensures that you prepare to answer these questions and it might also help alleviate any immediate concerns that they may have when this comes up initially.
Step five is developing your implementation plan. This includes determining how this project would be implemented, who needs to be involved and when setting up those timelines and showing that you’ve thought through the entire process and understand the requirements that are needed to bring this project and proposal to life.
And then last but not least, is delivering the recommendation. So this is the final step of the process where you deliver all your research and recommendations to your leadership team. And a couple tips that we have for this last step is firstly, knowing who your audience is and what’s important to ’em and delivering a report or a presentation that would best resonate with them. And another one if possible is delivering the report in advance in order to give your leadership team enough time to understand what your recommendation is and then coming prepared for any further questions so they can thoroughly understand what your recommendations are. So with that said, we will move into our example.
Great. So we’ll talk about a fully fictitious business case example for a chain of hospitals called perfect care hospitals. So perfect care hospitals, also known as PCH operates 15 hospitals spread across Texas. The CEO of PCH has reached out due to high employee turnover across their hospitals. In 2022, PCH had a turnover rate of 24%. A review of exit interviews indicated that unsafe working conditions was a major contributing factor for the turnover. So we’re tasked with figuring this out. This is impacting our ability to deliver quality care and attract and retain talent.
The first thing we need to do is identify who our stakeholders are. In this case, the head of security for each territory is a key stakeholder. They are responsible for managing and executing the security programs in all of the hospitals. The head of facilities for each territory is another key stakeholder. As we know, security and facilities are highly integrated and codependent on each other for a lot of things. The director of human resources is the person who actually bubbled this up to the CEO and brought this concern up.
They’re a key stakeholder as this is retention and workplace violence problem. The head of patient care rounds out your stakeholders such that you now have security facilities, the employee base as well as the patient base and patient experience represented in your hospitals. And to be able to do the work, we’re going to have to pull together a lot of data, effectively sift through it and gain the correct insights. So a data analyst is going to be a key stakeholder in this process as well. So step one is to describe the need and the need is to determine the root causes of the unsafe working conditions resulting in employee turnover and develop recommendations to mitigate these issues.
So we know what we need to do, and we’re going to start by defining our baseline.
When we went to define our baseline, we discovered that this was an immensely difficult task with quite a lot of barriers. The first step is day one, we work to identify where the data sources that we need. We need to collect a lot of data to be able to do this analysis. And we’ve discovered that each hospital collects and stores incident data differently. So they have different methodologies, different ways of collecting, classifying, and storing incident data. We’ve realized that we need access to as well relevant and important information when it comes to patient conduct. And that’s something we haven’t had access to before. So that introduces another challenge. And we’ve also discovered that shift reporting and officer schedules, all of that data is again, inconsistently stored and differently managed across our sites. So that effort of being able to find and pull all of this data together took us 60 days and it wasn’t an easy feat.
Once we pulled all the data together, we did an exercise in reviewing that data for completeness and discovered that there’s substantial reporting gaps and that we have to do a lot of massaging work to the data to do a lot of mapping and transformation and normalization to be able to make that usable for our purposes. So that took us another 15 days once we pulled everything together in normalizing and transforming this data. So after 75 days, we had data that can now be compared and aggregated across the sites. And just like in real life, it was imperfect, but it was workable and it had usable accuracy. And what we’ve been able to do is pull all of it together, normalize it, make it comparable, and have it in one place, which in this case was Excel, such that we could start to run some reporting and gain some insights, understand some of the data in there. So the analysis itself took another 25 days, and at that point we were ready to start preparing a recommendation. As part of doing this work, this initial baseline work, we discovered that a key problem is in fact a data problem that we have as well. We don’t have access to the data readily. It’s inconsistently stored and captured across our locations, and that makes it so it’s difficult to understand what’s really going on with our business and our programs.
How did this get so bad and how did this go on for so long? It’s clear that we don’t have the necessary systems in place to be successful. So reviewing some of the reporting we’re able to put together after this exercise, we could see that incidents have been consistently trending upwards, that two major categories of incidents are workplace violence and injuries. And in 2022 we’ve had 349 incidents of workplace violence and 174 incidents of workplace injuries. So out of all incidents, these are major contributing categories that are significant. When we looked at who’s impacted by those violence and injury incidents, we see that employees are the most significantly impacted group followed by patients and then visitors. And we found that incidents are trending up for all of the impacted groups fairly consistently.
When we look at the consequences of some of those incidents, at least in the measurable ones in the data, we could see that on average we lose 87 working days due to workplace violence each month across our hospitals and an additional 58 working days due to workplace injuries each month. And just like incidents of both categories are trending upwards. When we look at our turnover rate, which is data that we were able to get from hr, we could see that on an annualized basis, our highest turnover rate in some recent months has been as high as 36%. A fairly grim picture. The increases in incident data, the contributing incident types being mostly workplace violence and injuries, and our staff and patients being the most impacted groups.
When we look at it a little bit different and we start looking at number of incidents per offender, what we can see is that repeat offenders are having a serious impact on our hospitals. When it comes to patients, patient offenders are responsible for an average of just over two incidents per offender. Visitors are just above one and a half, and staff are right around the one mark. The staff incidents are typically self resolving in an employment environment, so we’ll focus on the patients and visitors. It’s pretty clear that we do not have effective procedures to protect staff, patients and visitors from repeat offenders, given that they’re able to re-offend, that means we’re not taking the right actions the first time around. And when we looked a little deeper, we saw that some of our top offenders are responsible for an average of 15 repeat incidents. So clearly something is very, very wrong here.
When we now look at our guard coverage in our hospitals compared to the incidents volume, we could see some patterns and we could see that we’re scheduling in a fairly basic shift fashion that’s not informed by any data of course, because we weren’t properly collecting it and weren’t able to look at these things before.
But this basic shift coverage pattern doesn’t correspond appropriately with the increases in when incidents occur in the time of day. So we have scenarios where guards are over-resourced, we have too much coverage during the day and nothing is happening. And when the incident volumes are higher where we end up understaffed, so we don’t have enough guards to appropriately respond to the incidents as they occur. So we’ll go through a couple of examples. What we’ve done in the analysis is we’ve done the aggregate analysis to paint the picture that we have, but additionally, we’ve plucked out some specific incidents to be able to present with our recommendations. So one example of workplace violence is where the victim is Stephanie and the perpetrator’s, Danny, and this specific incident ended up causing a $350,000 loss.
The incident occurred on the fifth floor at approximately 4:00 PM and Danny was a 58-year-old patient recovering from a brain injury, attacked Stephanie severely. Stephanie’s suffered significant injuries including a broken collarbone, a concussion, and of course the emotional trauma associated with being assaulted.
Two nurses mentioned their concern that the patient was acting erratically and they were concerned that he might pose a risk to staff in the patient notes in the patient file earlier in the week. This however, was not reported to security, and security did not have access to this data in the patient file.
Assessing the root cause of this specific incident is that we had insufficient reporting procedures and tools that allowed concerning patients to be left in a situation where they could cause harm and the appropriate mitigations were not put in place as well as the lack of security presence and appropriate response by restraining the patient after some concerns were expressed or some behavior was reported, and this is because it wasn’t effectively reported and security was not made aware of that because the systems are disconnected. Another workplace violence example is where the victim is Tyler and the perpetrator here is Rob.
The incident occurred at the emergency triage at 2:00 AM in the morning. Rob entered the hospital at 1230 complaining of severe stomach pain and initial triage was conducted and Rob was told to wait in the waiting area. Rob returned to the triage desk a little bit later at 1:50 AM and had an altercation with Jessica, who was a nurse at the reception, tried reaching through the slot in the glass to grab her and was unable to reach her. Jessica calls for security at 1155 to request assistance and five minutes later security did not arrive on scene. Rob gets up, grabs a chair, begins smashing it into the glass at the triage desk.
Another employee, Tyler walks into the triage area at the time, ends up in a confrontation with Rob Bob and ends up being assaulted by Rob and suffers slash serrations to his face as well as some dental damage. This is a result of insufficient security staffing and through investigation what we’ve discovered is that at the time security was busy intervening with a group of suspects in the parking lot attempting to break into cars. So this is a result of understaffing and poor scheduling where security was not available to intervene and prevent this assault from happening. And in this case, this costs the hospital $60,000.
Some additional injury examples that we’ve pulled from the incident reporting that we’ve reviewed, the victim here is Brita who fell in the west stairwell while heading down to the parking lot. The lighting in the area was flickering on and off, and this is what Brita reported as the cause for her losing her balance and falling. She suffered a broken ankle and lost three months of work. And when we looked at shift logs, we’ve discovered that security staff have noted the lighting issue and said in their reports that they’ve called it into facilities. But looking at the facility system and their tickets, there was no evidence that a ticket was ever logged with facilities to address the faulty lighting. And this ended up causing an $82,000 loss to the hospital. So root cause of course here was the faulty lighting, but in addition, the poor communication between security and facility teams resulted in this injury.
Second injury example is Joyce here where the hospital lost $42,000, Joyce fell and suffered a broken hip after exiting through an emergency door onto the second floor staircase. The door should only unlock during emergencies and Joyce should not have been able to use this door. And a review of our access control logs showed that the door’s been improperly opened over a hundred times in the last three weeks prior to the incident. Guards have been dispatched to the area many times. And in one of the shift reports, a guard identified that employees were using this for smoke breaks. Looking at the door, it revealed that post-accident revealed that there’s been a paper jammed into the locking mechanism preventing the door from closing.
In this case, tampering with the door allowed a vulnerable patient to exit into an area where there’s a fall risk and a lack of consistent reporting and visibility into the series of events allowed the vulnerability to persist. So putting all of this data together, we’re able to define our baseline, and this is the summary of our findings. So we have a lack of centralized security management system and reporting standards, and they hinder issue identification, resolution, and the analysis itself as a result of lacking a centralized system, took us a hundred days. There’s an integration gap between patient records and incident management systems that led to problem patients posing risks with security being unaware, resulting in one example of $350,000 settlement.
There’s a small number of problem patients and visitors that generate a high incident volume and contribute to staff turnover. Lack of integration between visitor management, incident management, patient records and dispatch systems is the core of the issue. Over-allocation of guards to daytime shifts and insufficient resources during night shifts led to a $60,000 settlement. In one example, inadequate visibility into access control logs allowed uncorrected tampering, resulting in a patient injuring themselves and costing us $42,000 in one incident, air prone communication channels between security and facilities cause the fall resulting in one example an $82,000 cost to the organization. Now we move on to step three.
Moving into step three, this is where you would set the timeframe. Here we want to be able to determine what the impact of this proposed solution would be. So based on the solution that we were recommending, we anticipate that this would take some time to implement and have an impact on the organization, and we want to measure and track this over a period of time. Because of this, we are setting up our analysis at three years, which would include implementing the project and comparing our data before and after throughout this process.
So since we had determined what our baseline was that Artem was walking us through, we’re going to use that baseline to develop a list of recommendations to alleviate those current challenges that we’re facing. So the list of recommendations in the left side of the chart, and the first one is to implement a centralized security management system where all your data is collected and stored into one location.
Then there is integrating other important and essential information such as patient records, facility management, dispatch, alerting systems, and so on. So again, you have everything that’s centralized into year one system opposed to using several ones outside of that. The third recommendation is reallocating guard sources to align with incident volume based on that trending incident data, ensuring the right number of guards are present at those high peak times or locations. And then there’s increasing the total guard resources and implementing an escorting program for problem patients and visitors, which helps address the problems of coverage and protecting those individuals who are at higher risk. The last recommendation is supplying all staff with panic buttons so they can quickly alert on major incidents and get the security teams on site as quickly as possible.
So as we move into step four, we are going to outline what our alternative options are and what our final recommendation is. Option one is status quo. We always recommend to include what the current baseline is as an option and demonstrate what the impact would be if we did nothing. Then there’s option two, which is a partial action plan. So this is if we completed the first three recommendations. Implementing that centralized security system, integrating your information within that centralized system and reallocating guard resources, but not including the additional guard resources for the escorting program or those panic buttons. And then option three, which is our comprehensive plan, which would implement our entire list of those recommendations.
Once the alternatives have been identified, we’ll then need to go into the consequences of these different options. If we maintain status quo and do nothing, we’ll continue to see those lost working hours, direct settlement costs and workplace violence incidents maintain or even worsen. With option two. Again, incorporating the first three recommendations, but not the additional guard resources for the escalating program or the panic button. We would see an impact here. We would see improved awareness of incident occurring across the hospital and could see a decrease in workplace violence. And with that there could be that reduction in working hours, direct settlements and so on. But since we’re not implementing those last two recommendations, staff are still at high risk to encounter a workplace violence incident without having that escorting program in place or without those panic buttons, and that could continue to impact employee turnover rates. And lastly, option three are full comprehensive action plan.
Not only will we see the benefits from option two, but now we’ve added those additional guard resources, implemented that escorting program as well as the panic buttons. And with these all in place, we may see a positive shift in perception regarding safety of employees and patients, and therefore employee turnover rate might diminish here.
Okay, so step six, quantify and monetize. In taking our baseline, taking all the data that we’ve collected, we now need to quantify and monetize this and put this into numbers. When putting this together are three areas of cost we’re looking to address here, that will be the basis of our financial validation for this approach. And this includes three different sections. First is cost of workplace violence, cost of workplace injury, and then cost of employee turnover rates. One thing, again, just wanted to emphasize here is that these are hypothetical numbers to demonstrate of what an example could look like in a real life scenario. However, this is something that you guys take away and develop within your company. You would work with your team and your main stakeholders, determine what your current baseline is and determine what the expected results and impact of this would look like.
Okay, so starting off with option one, status quo. Within the first section, overview of the cost of workplace violence, as Artem mentioned, we were able to determine that there were 349 workplace violence incidents on an annual basis, and as a result of this, there was a total of 1046 lost days. The cost of day is $600, so adding that up together, that led to $627,000 annually based on the workplace violence incidents. And then looking at cost of settlements on top of the other cost money associated with litigation. Once we calculated this, this had resulted into 940,000. So just within this section alone, we’re looking at just over $1.5 million in costs. Then moving into the next section. So overview of workplace injury, same IDA here, but specific to injuries, annual workplace injuries we’re at 174, which led to 698 loss days and resulted in an annual cost of 400,000. And then again, our settlements resulting at 300,000 regarding employee turnover.
The information here is based on the current employee count that we have, which is 1500 people, and our annual turnover rate was averaging at 24% as we identified in the initial overview. We also connected with our HR team who confirmed that the cost of hiring a new employee and onboarding them averaged at $3,000. In order to replace all those lost employees, this would result in over $1 million alone. Combining all these three sections together, this equals to 3.3 million in losses in one year, and then looking at this over a three year period and applying that 5% discount, this equals up to $8 million in losses. And this is if we maintain status quo. Moving into option two, which is our partial action. So this again is if we’re implementing the first three recommendations, but not adding additional guard resources and no panic button. In here, so the left column within option two is the percentage reduction we expect to occur with implementing this partial plan. And then the other column for new value is simply just demonstrating what that new value is based on the percentage reduction we expect. For a cost of workplace violence, we expect a 35% reduction, which of course results in lesser number of incidents and reduction in days lost.
Based on this, we would see over a $200,000 cost savings compared to the status quo in terms of days lost as well, we would expect a reduction in settlement costs with the implementations of these recommendations at about 50% reduction and seeing a large amount of cost savings here, then going into employee turnover rate. With these new actions in place, we would naturally see a reduction in turnover based on the tools we’ve implemented to reduce incidents and improve perception of safety. Again, taking these three sections, combining them together, potential total losses in year one is just over 2 million and over three years almost at five, altogether looking at 3.1 million in loss reduction. All right, and moving into option three, again, our comprehensive plan, which would implement all of our recommendations. As a result, we would see greater improvements in both workplace violence and employee turnover rates here with those additional guard sources and with those panic buttons. So going up to 50% reduction from workplace violence and employee turnover rate dropping at about 14%. Tying these altogether, we would see a loss reduction of 4.3 million. So this was step six going over quantifying and monetizing, but now we need to look at the cost of investment.
Looking at our different options, and again, starting off with option two doesn’t include the guards or panic buttons, the cost for a centralized security risk management solution, we would have a cost of 75,000 within year one that accounts for the software itself as well as the initial implementation fees in order to set this up. And then year two and three, that price would drop since the software has been implemented. At this point, the company is only paying the reoccurring licensing fee here. Then there is a system integration. So again, this would incorporate other important hospital data into year one centralized system, and this would just be a one-time cost of 65,000 within year one and no further cost afterwards, then going into option three. So the cost for the centralized security system and integration remains the same, but now you have added costs to include the panic buttons and the additional staff for that escorting program.
Now looking at the net improvement versus the status quo with option two, total net benefit equals to 2.9 million and option three equals to 2.45 million. If we were looking at this away from a cost perspective, companies may lean towards option two for this reason. However, it is also important to evaluate those non-quantifiable benefits, two that we spoke to earlier as well. And really depending on what’s important to the company, companies might shift to option three based on what those non-quantifiable benefits could look like for the hospital.
Okay, so yeah, going into what a non-quantifiable metrics. So although you can’t put a specific dollar value to this like we did in the previous step, again, it’s still very important to highlight. And just an example of what a non-quantifiable benefit could look like is quality of staffing. In hospital with higher volumes of workplace violence, you may not be able to attract the top qualified staff because there are higher incidents that are occurring and therefore patient outcomes could be impacted, and this in turn could ultimately reduce to the long run demand for the hospital. So this is just one example of what a non-quantifiable metric could look like for hospitals, but would range across different companies. All right, and step nine. So last but not least in the cost benefit analysis is characterizing your uncertainty.
In a real world situation, using your cost benefits and expected outcomes, you would emphasize what the expected result would be, including how much worse the result could be if we did not achieve that breakeven point. And then returning back to the ISC six step process, going into your final three steps here. So this is where you would anticipate those potential resistant factors, develop your implementation plan and finally delivering your final recommendation. Okay, great. Thank you everyone. Taylor, I’m going to hand it back over to you for any questions the audience may have.
I’ve been submitted throughout the program. I wanted to remind you that we’d love your feedback in our webinar survey to help improve our programs. One of our first questions is how do you calculate the persona production?
I think the key with the initial steps we took in establishing your baseline is establishing those data collection mechanisms or utilizing data collection you have in place. So in that scenario, depending on what measures you’re looking to, what metrics you’re looking to reduce with your initiatives, that’s what you establish the collection for or ensure that you have the consistent collection for. So if we’re talking about incident reduction and you’re collecting incident data that’s fairly straightforward, you’re going to be able to see those reductions, calculated those percentages fairly easily. And the scenario of the example we provided, the key metric was turnover.
It was that 24% total turnover, and you could measure turnover on a monthly basis and annualize it as well. So as you’re implementing those programs and you determine the time that you will measure the outcomes within which in this case was three years total, you’ll be able to see as you implement the programs, whether your turnover rate decreases as a result of that, as that was the clearly established metric by the CEO that he was looking to solve. Additionally, you do have your exit interviews as well. So what percentage of those exit interviews indicate an unsafe working environment that could easily be measured as well as before it was half of them, now it’s a quarter of them, now it’s 10% of them. So that’s ad measure depending on what metric you’re actually looking to reduce.
Great. Another question we have is, what if we don’t have the data to build solid cases?
Yeah, that’s a really good one, and it’s a reality as we’ve seen in the example as well, where it was very difficult to collect the data. I would say almost always you have some data and it’s just imperfect, and sometimes it seems like that’s difficult or it’s not very usable, but in all cases, you make a best effort to utilize some data, and if that means putting in a lot of effort upfront to generate some of that data to manually data enter paper reports that you’ve been writing and collecting for years, that’s an option. Additionally, you could start sampling. So if you truly don’t have any data, you don’t capture any data, you could start sampling and extrapolating. So you could establish measurement now. So let’s say, okay, I don’t have data. All the history is gone, or this is an entirely new program or operation.
You can then say, okay, for the next two months, for the next six months, I’m going to establish data collection. I’m going to start asking people every time this happens, report it here, or write it down in this Excel file that I’m providing and collect data for a period of time. Then annualize it and say, okay, I’ve collected two months. Let’s assume roughly that times six. That’s what it’s going to be for the year. So there’s always ways, and if you truly don’t have anything at all, then you start collecting now for a period of time and extrapolate.
Great. Another question we have is how would you suggest I socialize my intentions and ideas when I have limited access to executives?
Yeah, that’s also a good one. If the question’s limited access, it doesn’t mean no access, right? So it’s really making the most out of the limited access you do have and focus it on demonstrating your ability to be strategic. So if you truly only have maybe one 10 minute interaction with an executive in a month or in a year, make the most of that and position it in this way: “Hey, what’s going on in your business?” It’s like, “Hey, really seeing a problem with an increase of incidents in the parking lot?”
I want to be able to propose some improvements, maybe some panic stations and additional lighting. There’s been a 20% increase in incidents there, and you’re signaling to your executive that you’re problem focused when budgets come up, when they hear about it or an issue bubbles up, you’ve effectively spent those 10 minutes talking about the right things with that exec. And if you don’t have access to an exec, then do this exercise with the highest ranked member of management that you do have access to.
Great. That is all the time we have for today. Please join me in thanking LeeAnn and Artem for a great presentation as well as our sponsor, resolver. If you have any additional questions or comments, please don’t hesitate to click the email us button on the console. Please visit security magazine.com for the archive of this presentation as well as information about our upcoming events. We appreciate your time and hope you have found this webinar to be a valuable experience.