are you proactive or reactive?

As far as management was concerned, the third-party logistics facility's security measures were more than adequate. The distribution center, which housed $22 million worth of consumer electronics, clothing, and cosmetics, was protected by uniformed guards 24/7 as well as an alarm system. So when one of the facility's customers suggested an independent review of the security program and offered to foot half the bill, the general manager was taken aback. He assured the customer that the company had confidence in its loss-prevention programs and that this would be an unnecessary expense.

The very next inventory, however, found that $215,000 worth of inventory was missing. The customer insisted on a post-theft investigation, which revealed that three DC employees had easily circumvented the facility's security systems and had been methodically stealing from their employer. Not only did the 3PL have to pay for the loss, but it lost the customer to boot.

For the 3PL, the experience proved to be a particularly costly lesson on the value of taking a proactive approach to security (or to be precise, the consequences of not being proactive). The assessment that the customer had suggested would have exposed many of the flaws in the existing controls. And considering how things turned out, it would have been a bargain. The assessment would have cost approximately $12,000 (half of which would have been paid by the customer)—a fraction of the $215,000 loss.

In tough economic times, companies are sometimes reluctant to spend money on security audits and assessments, assuming, as in the case described above, that guards and security systems are enough. But that's a risky approach in the long run. As many executives have learned, failing to strategically allocate funds for loss prevention can end up costing them 10, 20, even 50 times more in after-the-fact expenses if a breach occurs.

Another illustration of this involved a distribution center protected by intrusion detection and video systems that were supposedly "state of the art" at the time of their purchase. Ten years later, the DC lost $1.6 million in inventory when professional thieves broke in.

Only after this theft did management bring in an independent consultant to evaluate its protective technology systems. The consultant's report identified 16 critical deficiencies with the design, installation, and programming of the alarm and closed-circuit TV systems. Had the facility discovered these problems earlier, it could have addressed the deficiencies. As it was, the information came too late.

So how do you know if you're taking a proactive approach to security? While there's no simple formula, here are a few questions that can help you determine whether you're more proactive or reactive:

1. When your cycle counts or inventory numbers haven't looked right, have you taken decisive action to find out why? If so, did you uncover the reasons for the discrepancies?
2. Have your security policies and practices kept pace with the risks that logistics companies face today?
3. Do your employees have a 100-percent risk-free way to anonymously report illegal or unethical activity?
4. Have you evaluated and tested your security technology within the last three years to make sure it couldn't be circumvented by crooked employees or professional thieves?

If you haven't answered yes to at least three of these questions, your approach is probably not proactive. That doesn't necessarily mean that your company will be victimized, but it raises the odds against you. Business crime is estimated to cost U.S. companies $30 billion to $50 billion a year, and warehousing and transportation firms are frequent targets.

Security experts agree that the companies that manage to avoid problems with theft have one characteristic in common: They proactively identify weaknesses in their asset protection programs before others can find and exploit them.