Security — the state of feeling safe, free from anxiety or fear— has become big business, both for commercial and governmentalentities. From the U.S. Department of Homeland Security to the newIntelligence Czar, governmental focus on security is targeted atpreventing terrorism. Commercial and institutional security isaimed at a variety of targets, ranging from terrorism to computerfraud or other crimes, as well as employee safety. For bothgovernment and commercial risks, however, the danger can come fromwithin, as well as from outside; as much mayhem can result from theactions of employees as from external sources. Security mustprotect against both.

The new century practically began with the events of Sept. 11,2001, following on the heels of the late 1990s turmoil involvingthe Y2K computer problems. Commercial and governmental entitiesbecame much more security conscious. Although a few corporations orgovernmental agencies (primarily courts) had provided security andscreening at their entrances for a decade or more, the vastmajority had given little thought to aspects of security, includingtheir own employees as either security risks or securityvictims.

Insurers, likewise, paid minimal attention to security factors.Occasionally, security-related claims would come to the court'sattention when coverage issues arose, such as were common when asecurity guard might injure a third party in the defense of insuredproperty. Such issues often focused on whether such claims wereexcluded as being “intentional” injuries.

However, 21st century security problems, and potential insurancedisputes, go far beyond that. How much screening is necessary toassure an entity and its customers that they will not be harmed orripped-off by employees? How far can an employer go in checking anemployee's background without violating that person's right ofprivacy? To what extent can an entity invade the privacy of vendorsor customers in the name of security? If the need for securityconflicts with personal rights, how might this affect coverageunder personal injury insurance? With further globalization,computerization, and instant communications, to what extent mustbusinesses adapt to new exposures and the ways commercial entitiesdeal with them? How can such exposures be better managed?

Security Risks Throughout History

Security is big business. Historically, society has soughtsecurity through its government. Whether it was the Roman Army thatkept the peace or the town marshal who ran the gunslingers out, wehave turned to our officials for protection from a variety ofenemies. That is official security, the governmental agenciescreated for the specific task of protection.

For hundreds of years, however, businesses and othernon-governmental institutions also have provided private security.As Paul Newman asked Robert Redford in the movie Butch Cassidy andthe Sundance Kid, when the two train robbers were being pursued byan army of Pinkerton detectives, “Who are these guys?” The samequestions were asked in labor disputes such as Pittsburgh'sHomestead Strike in 1892, when the Carnegie Steel Company hiredhundreds of Pinkerton agents to help break the strike. The resultwas a battle that required the military — public security — torestore order. Damaging and fatal strikes and riots have filledAmerican history.

Security agencies are among the major businesses of the UnitedStates, providing a variety of services ranging from private guardservices to the rescue of kidnapped executives. Corporations noweven operate prisons under contract to the government. Citizens payhigher real estate or rental prices to live in gated communities,where security guards patrol neighborhoods or limit access topremises. Burglar alarm system operators compete to serve homes andbusinesses, car alarms and “panic button” electronic keys protectour vehicles, and sales of mace and handguns, and even fierce dogs,for self-protection are growing. The evening news suggests thatcriminals and terrorists are everywhere; the world is not safe, butsecurity vendors hope that they can convince viewers that theirservices or products will make them safer.

These are all issues of and for risk management. Since man firstlived in caves and threw rocks at mastodons, society has soughtways to make itself safer. Realizing that there was safety innumbers and danger in isolation, society gathered in villages thatgrew into cities. It built walls around the cities, and postedguards to watch for enemies or strangers who might bring dreaddiseases. All too often, unfortunately, the risks of disease,violence, and crime came from within the cities, rather than fromoutside. Society built its cities on hilltops or providedfortifications. It created laws to provide a minimum standard ofbehavior for its citizens. It invented locks for its doors, policeto prowl the streets and catch lawbreakers, and jails in which toisolate miscreants.

Unlike earlier societies, we no longer build our cities onhilltops or construct high walls around them to keep strangers out.Those loss prevention techniques have given way to newer and moremodern processes. However, as with the ancient methods, many of thecurrent risk control tools do not really prevent loss, althoughthey may deter it. For example, an alarm system does not keep aburglar out, although it may hasten his departure with the familysilver that he has stolen. Neither a fire extinguisher nor a smokealarm prevents a fire from starting; unlike sprinkler systems, theyonly work if someone is there to hear the alarm and use theextinguisher. Having a guard at the gate still may not prevent thebreak-in, rape, or murder.

Each of these loss control steps produces risk costs regardlessof whether a thief breaks in, a fire occurs, or a terroristattacks. Alarms and the companies that monitor them (often fromhundreds of miles away) are expensive. Burglar bars may keepthieves out but, in the event of a fire, may keep occupants trappedinside. Fire suppression systems are costly, and their requirementunder many commercial building codes and regular maintenance addsto the cost of construction. Even with all of the screening,surveillance, monitoring, and guarding, acts of terrorism and crimemay still occur.

The risks created by security fall into three categories:

1. Liability for the failure of the security system or service toprevent loss;
2. Liability for injuries or damages that may arise out of theproviding of or failure to provide sufficient security;
3. Invasion of privacy or violation of civil rights arising out ofthe providing of security.

The costs associated with providing security usually cannot betransferred. Some offsets, such as insurance discounts for security(alarms, type of construction, presence of guards) do reduce thecost of risk, but not the cost of providing the security. However,some of the costs associated with risks that arise out of providingsecurity can be transferred, usually through insurance mechanismsor via contractual agreements.

Employee Screening

Security risks related to employment are diverse, but fall intotwo distinct arenas: providing security and related privacy forcurrent or prospective employees; and providing protection for theentity and its customers from employees or vendors.

Since at least the beginning of the 21st century, many politicaland social observers have commented on the increasingly strainedrelationships between employees and employers. Some cite adeterioration of the loyalty level that may (or may not) haveexisted in an era before words such as downsizing, outsourcing,restructuring, layoffs, furloughs, and similar terms, all meaningjob termination, became common.

Obviously there always have been job terminations, whatever theywere called. In societal transition from one era to another,employment often will shift from one type of job to another. Theinvention of the steam locomotive put canal diggers out of work,but they soon found jobs building railroads. Personal computers ande-mail meant that the typical mid-level office worker no longer hada stenographer or secretary to do paper work. In a paperlesseconomy, that same person might be needed for data entry or otherclerical work. Steamboat pilots became airline pilots; farmingbecame the food production industry. Even in Japan, where theconcept of cradle-to-the-grave employment and employer-providedbenefits once were considered virtually a birth-right, economicchange has meant less job security and heightened tensions betweenworker and boss.

While jobs change, psychological characteristics of workers donot. Employees continue to feel, and often express in overt ways,frustrations, anger, jealousy, fear, spite, and other emotions.Such expressions can have a devastating impact on employers. Whenfrustration or anger over a job loss leads to a violent reaction,the current term used to describe the employee is “going postal,”with reference to a number of terminated U.S. Postal Serviceemployees who have returned to the workplace to shoot employees andmanagers.

Such violence is not limited to the government, however, a factthat worries many employers. Employers often are the victims ofemotional responses expressed through employees' acts of vandalism,breaches of confidentiality regarding co-workers, lying, theft,including overt time-theft, labor agitation, and similar behavior.Not all of this necessarily is illegal and, in some cases,employees' hostile reactions (as in whistle-blowing on employers'criminal or fraudulent activities or organizing for labor unions)actually may benefit society. One workplace violence survey showedthat 57 percent of human resource personnel were “somewhat or veryconcerned” about workplace violence, and that 82 percent conductbackground investigations of potential employees, an increase from66 percent in 1996.

In my article, “Fire and the Innkeeper,” published in the CPCUJournal in June 1984, I traced the cause of high-fatality hotelfires and found that employee arson was a factor in a large numberof such fires. These included the 1980 Stouffer's hotel fire inHarrison, N.Y., in which 26 guests died; the 1981 Las Vegas Hiltonfire, which killed eight; and, after the article was published, theSan Juan Dupont Plaza fire in Puerto Rico.

What steps can employers take to try to prevent employee-causedlosses? Prevention must fall into two categories: pre-hiringscreening, and post-hiring observation and assistance. It is notjust criminal background that may be a significant indicator of apotentially dangerous employee. A number of factors may contributeto hostile or dangerous situations. Proving that an employee acteddishonestly in committing a crime depends on issues such as theemployee's “manifest intent” to cause loss to the employer and gainto the employee. Furthermore, under employee dishonesty bonds, oncethe employer has knowledge of any “dishonest” act by an employee,either before or during employment, fidelity bond coverageapplicable to that employee ceases.

This can present a problem when an employer is overtlysecurity-conscious. For example, if an employer screens applicantsor hired employees through lie detectors, and an employee admits aprevious “dishonest act” that occurred many years earlier or wasnever prosecuted, the employer now has knowledge of such an act andfidelity bond coverage ceases as to that employee. If the employeeis one whom the employer wishes to hire or retain, the employermust obtain an exemption from the surety. Suppose, however, thatthe employee does not admit any dishonesty, but the lie detectiondevice records a deviation, indicating dishonesty. Does bondingcease for such an employee? Could the hiring of such a personcreate a bonding coverage issue years later if the employee were tocommit a subsequent act of dishonesty, causing the employer aloss?

Ken Brownlee, CPCU, is a former adjuster and risk manager,based in Atlanta. He now authors and edits claim adjustingtextbooks.