Fearmongering vs education in security

These tangible services can come in such forms as physical security countermeasures or software. Intangibles often come in the form of special and unique knowledge or skills.  If we work in-house, the customer is our employer.  Consultants provide a variety of temporary services to whoever requests them. An installer of security countermeasures is providing specialized equipment.  An alarm monitoring station provides peace of mind, more than anything.  IT professionals provide a variety of technology-based solutions.  These examples are just a few of the multiple requirements necessary to meet the needs of today’s complex and risk aversive society.  The bottom line is that security professionals have a specific set of skills and products and the customer wants what we have.

There are different methods for marketing these services.  You can take an active and aggressive approach.  Despite the fact that there are enough problems of a security nature, there are those who prefer to drum up business by scaremongering.  They have a set of standard lines that can either be told individually or put together in sequence.  First, they run around telling everyone that the world is a big, bad place full of evildoers, just waiting to pounce on the unprepared and unsuspecting.  We are all just moments away from being victimized.  They create or introduce doomsday scenarios that can or have happened but on extremely rare occasions.  Then ask us if we are prepared.  They don’t tell us that the chances of such an event are extremely rare.  Instead they focus on the after-effects of such an event if we are not prepared.  Everything is an emergency.  Often they use visual imagery to invoke negative emotional responses such as a factory in flames or an airplane flying into a building.  Their marketing materials may involve iconic societal symbols such as handcuffs, badges, or weapons to represent authority so that the customer hopefully, will subconsciously connect this particular service provider with the goodwill of the icon.   Once they have sufficiently scared the customer, they go about trashing every other security service provider.  They tell the customer that only they have the skills and expertise to save them.  Often times, these so called security service providers have few real security skills, training or knowledge.  Whether they come from within the security industry or outside is irrelevant.  They either don’t know or care that a comprehensive security program is based on a detailed and systematic yet standard process based on a true analysis of the organization, its assets and its threats.  It takes into account probability and criticality factors as well as a sound review of a variety of countermeasures.   They fundamentally don’t understand or ignore that a security program should be based not on fear but fact.

Once the potential customer is sufficiently frightened and competition is reduced to the appearance of incompetence, it is just a matter of figuring out how much money the “service provider” can get out of the customer before they start all over again on the next one.  Thankfully most customers are too smart to fall for this type of sales pitch.  However, their continued existence is proof that this marketing approach does appeal to some customers.

At the other end of the sales spectrum, there are those security service providers who fundamentally understand that our industry is providing a service and as such, know they don’t need to sell services through fear.  They don’t need to trash the competition.  Their reason for existence is to be a business enabler and to serve clients, not the other way around.  They are not an end unto themselves.  At first glance, their approach can be misconstrued as passive because they are not running around telling everyone that the world is coming to an end.  They are realists and recognize that bad things can and do happen.  However, they don’t use fear but common sense.  They use logic and knowledge of the security process that let the facts speaks for itself. They understand their constituents and let clients draw their own conclusions about what the security service provider can and will do for them.  They remove the emotion from the equation and provide information in a systematic and clearly understood process where the client makes the final decision after a thoughtful analysis of the entire process.   In short, they respect their customers.

That only leaves one question.  What kind of service provider are you?

Glen Kitteringham, M.Sc., CPP, F.SyI, CPOI