|
CHAIN REACTION:
Zachary Slavin of The
Slavin Group (left)
and Scott Sanders of Lazar
Sanders.
Photo Buck Ennis.
 Scott
Sanders had thought about upgrading security at his 25-employee accounting
firm well before last September.
In fact, last July, the
managing partner at Lazar Sanders in
Jericho, L.I., hired The Slavin Group, a Manhattan security consultant, to perform a threat assessment
and develop evacuation and business continuity plans.
The preliminary report arrived
in August. Mr. Sanders and his partner, Terry Lazar, looked it over, but other
issues seemed more pressing at the time. Then came Sept. 11.
Messrs. Sanders and Lazar
didn't take any more chances. "We called Slavin back in and coordinated how to
go forward with the plan," Mr. Sanders says.
The price tag of approximately
$5,000 for introducing new systems, such as digitized closed-circuit security
cameras, an access control system and off-site data storage-in addition to the
initial $15,000 cost of the report-suddenly didn't seem like a lot to pay.
"It's really not that much when you're talking about your data and your
employees," he says.
All over New York, companies are deciding how much is not a lot, and
how much is too much, as they upgrade security and implement emergency and
business continuity plans. For some, this is just part of doing business in
the post-Sept. 11 era. For others, the range of
security issues they now have to consider seems staggering, as does the cost.
Charting a reasonable course
through the security thicket, whether it means putting turnstiles in lobbies
or deploying state-of-the-art cyber-protection technology, is one of the
biggest challenges facing local companies today.
"If you want your security to
match your rhetoric, it's a huge bill," says Michael McConnell, a former
director of the National Security Agency and vice president of Booz Allen
Hamilton's Infrastructure Assurance Center of Excellence, which advises the
federal government and a handful of corporations on cyber-protection.
Since Sept. 11, the firm has focused on marketing its information security
expertise to top firms in the private sector. "The big question is how much is
enough (to thwart a cyber-terrorist attack), and we don't know," says Mr.
McConnell.
High-profile buildings in
New York may be doing the most. According to a spokesperson
for the Empire State Building, which is regarded as a terrorist target, the
price of installing and maintaining bag-scanning and X-ray machines at its
five entrances-and employing retired or off-duty New York City police officers
to supervise the added security personnel-now costs approximately $5 million a
year.
Open and shut
Even run-of-the-mill midtown
office buildings have been adding proximity readers-pads that unlock doors
with the wave of a computerized pass-and guards who demand photo
identification from all visitors.
"Buildings that used to be
`open buildings' are now `closed buildings,' " says Wayne Taub, managing
director of Insignia/ESG Inc., the real estate services firm that manages the
MetLife
Building at 200 Park Ave., among others. The cost of these upgrades can run
into the substantial six and seven figures annually. But it's a necessary
expense, building owners say, regardless of the likelihood of a terrorist
attack.
"We think the risk is minimal
for Class A buildings, but we're proceeding this way to put the minds of the
tenants at ease," says Peter Malkin, chairman of Wien & Malkin, which
supervises the partnerships that own the
Fisk Building and the Lincoln
Building in midtown.
Tenants in Wien & Malkin's
buildings now carry computerized security passes with photo identification,
and security guards have been added at all major properties.
"The first line of defense is prevention, which is why I would say over 90% of
the companies in the New York area have done something about access," says
Robert Littlejohn, president of the International Security Management
Association, an organization of senior security executives of major
corporations. "But you don't want to go overboard. In today's economy,
anything we do should be cost-effective, and designed to thwart a specific
threat."
According to a recent ISMA survey of its members, all of them Fortune 500
companies, 77% expect to increase security spending in their domestic
operations, and 68% will do so internationally. And these are companies that
had already been spending on security.
"If they have black-and-white security cameras, they'll upgrade," says Anthony
Celando, chief executive of Full Security Inc. in Manhattan. "If they've got
relatively new equipment, they'll double up manpower."
z
z
Like most other security firms
here, Full Security has seen its business spike 25% or more since Sept. 11.
It's not only the spending
priorities that have changed. Planning is also different. "Security is now a
very important part of the business process on the strategic level," says Mr.
Littlejohn, who is also vice president of global security for Avon Products
Inc., based in
Manhattan.
When it comes to checking out
the political, economic and social issues in the country of a prospective
overseas partner, he explains, companies now realize that "folks in security
should be involved."
Walk-throughs
Random House Inc., the
Manhattan-based trade-book publishing giant, recently appointed one of its
executives to the newly created position of chief response officer, in charge
of coordinating emergency procedures.
"We've conducted evacuation drills where
we've walked down the stairs so everyone can see what it's like, instead of
just meeting at the doorway and running through procedures," says Richard
Romano, who is response officer and Crown Publishing Group's senior vice
president of business operations
Not surprisingly, consultants like
to play down the cost of improving security. Mr. Slavin argues that for a
company with revenues of $20 million a year, spending $50,000 on a
soup-to-nuts evacuation, continuity and threat-assessment plan, and another
$100,000 on new systems, is not a lot of money.
Even Booz Allen's Mr. McConnell, while
acknowledging the high cost of protection against a sophisticated
cyber-terrorist attack, insists that the expense would be only a fraction of a
large company's IT budget.
Copyright 2002,
Crain Communications, Inc.
|
