Some years ago, while working as a contract security professional for a company I will not name in a Midwest town I will not specify, I was taken aback upon learning that a particular client site was an effective time bomb. The industrial facility lay at the heart of an urban center, unprotected by so much as a fence, within a short stroll from the nearest residence. On the premises was a number of chemical storage tanks, the contents of which I was told were so volatile that a properly configured explosion could result in devastation across state lines. Yet, there it sat in the open, protected far more by its inconspicuousness than any active security effort.
Such vulnerabilities are legion, cloaked in a shroud of public ignorance, protected by the fact that few know they exist or precisely how to exploit them. It is only when someone finally does the unthinkable that a particular vulnerability rises in profile and is taken more seriously. In retrospect, should not all cockpit doors always have been locked? It seems a sensible precaution, yet it took the attacks of September 11, 2001, to prompt the policy.
So it always is in the realm of security. While we may be tempted to blame policy makers or responders rather than the perpetrators of criminal or terrorist acts, we must first pause to recognize that security precautions are not guarantees, but exercises in risk mitigation. Like insurance, security measures serve to minimize potentially costly probabilities. Like insurance, more and greater risks mitigated translate to more expensive and inconvenient premiums paid.
Another client from my contract security past told me that his company went years without employing professional protective services until a late-night fire nearly destroyed their facility, inflicting a cost into seven figures in property damage and lost productivity. The cost of hiring an overnight guard to monitor the facility was a drop in the bucket by comparison. Yet, the company only perceived the value of a guard after the fire.