Both feelings and facts influence our sense of security. Sometimes we have a hard time distinguishing between the two because we feel first and think later. If we ever get around to thinking about security, then inexperience and a host of preconceived notions can all combine to cloud our view and lead to poor decisions.
In this blog, we take a look at what high net worth families, and any other family, really, can do about it to make better fact-based decisions about their security needs.
The process starts with acknowledging a lack of security expertise and understanding some of our cognitive biases. We then need to become more aware of the trade-offs between enhancing security and limiting lifestyle choices – and review our options using transparent criteria.
Feelings and facts both impact our sense of security, but we have a hard time distinguishing between the two.
The differences between perceived and actual security are not obvious to most people. You can’t always tell which conditions cause which outcomes if you don’t have a certain level of expertise and experience. Even if you have no objective means of determining whether or why you’re safe, you can still have plenty of feelings one way or another.
To begin with, you can be relatively secure even if you don’t feel that way. Just think of how many people are afraid of flying but have absolutely no worries when it comes to driving, then compare the statistics for both. Commercial air travel is clearly the safest way to get from A to B and you’re far more likely to die in a car crash, but a lot of people still feel way more insecure when flying than driving.
The converse is also true. We might be less secure, objectively speaking, than our feelings would lead us to believe. To stick with the driving example, consider that 83% of drivers consider themselves to be more careful than the average driver, 16% see themselves as average, and less than 1% rate themselves as below average.
We’ve run into plenty of hardnosed business people who demand nothing but fact-based decision making at work, then consistently rely on feelings when it comes to their personal security. They might feel like an ordinary Joe despite sudden and massive prominence and therefore reject the fact that highly prominent people are more exposed to security risks than others.
Still, feelings do matter when it comes to security. If one or more persons in a family feel insecure and unprotected in the face of perceived threats, then this causes anxiety and reduces their quality of life. Indeed, the presence of a lot of security staff, especially the less professional teams that make an overt show of themselves, can also bring on feelings of insecurity. On the other hand, unrealistic feelings of invulnerability might prevent people from acknowledging actual threats and taking appropriate countermeasures to mitigate them, thus exposing themselves and others to unnecessary risks.
Some security activities straddle the gap between perception and reality with “security theater”: They provide the illusion of effective security but not the authenticity of effective risk mitigation or forceful response in case of emergency. This isn’t always a bad thing. After 9/11, armed members of the National Guard appeared in many U.S. airports bearing weapons that were sometimes unloaded. Their purpose was as much to reassure a jittery public as it was to deter attacks and provide first response.
Security theater isn’t always smart. Cookie cutter alarm systems are a case in point as they often don’t work as promised, are easy for real pros to circumvent, and are so inconvenient that people end up turning them off. They don’t actually prevent home invasions, but they can create an illusion of safety that is far worse than the real thing if push comes to shove. The same goes for some residential and other security guards we have audited. Teams can be complacent, unmotivated and fail to follow even the most ineffective SOPs, but they are on site. As principals have no obvious means of discovering this, they might feel safe even though their security is not contributing much more than theatrics.
Our bottom line is this: If you feel safe, you probably won’t want to do anything about your security situation. If you feel unsafe, you probably will. Ultimately, the family’s feelings on the issues are the only evaluation that matters. If they want additional security, they’ll get it. If they don’t want it, they won’t get it.
Nonetheless, we believe families can and should learn to make better security choices informed by both feelings and facts. To do that, they need to understand their own limitations and get some outside help.
The following five cognitive biases cloud our perception of security needs – and get in the way of good decisions.
Whether on the road or at home, most people are under-informed about the security risks that actually face them. The probability of threats and their potential damage – the classical anchor points of risk analysis – are poorly understood. Instead, we rely on snap judgments brought to us by our emotions and shaped by our cognitive biases. Let’s look at some of the psychological predispositions that affect our security decisions
1. The optimism bias: We humans seem to be hardwired for optimism when predicting what’s going to happen in the future. We overestimate the probability of good outcomes and underestimate the likelihood of bad ones.
Don’t get us wrong – we generally prefer to see the glass as half-full rather than half-empty. However, when it comes to risk analysis, we prefer realism to either pessimism or optimism. Most high net worth individuals will admit that is (or ought to be) true for investment and business continuity risks. In our business, we know it is also true regarding personal security risks.
2. The spectacular bias: What’s statistically riskier fades to insignificance next to something that’s spectacular but unlikely to happen again soon. For example, we know of people who cancel trips to Europe due to the terror attacks in France and Belgium, but happily travel to emerging countries, where the risk of injury in traffic is far greater than the U.S., without ever considering hiring a vetted driver.
3. The zero-risk bias: Investment pros are familiar with this one. We tend to reduce some risks to zero even though it might be smarter to decrease other, more impactful risks to a lesser extent – and thus lower overall risk with the same costs. It’s easy to understand with money. Leaving assets in a bank account means zero risk of losing them, but it also means zero or very low returns. It can be harder to grasp with security.
A zero-risk approach to personal security might lead people to completely eschew travel to some places despite their business or personal interests, whereas a more balanced approach would enable such journeys through proven risk mitigation means – and thus enable the achievement of business and personal goals despite the apparent risks.
4. The unknown bias: Psychologists have long known that we tend to trust the familiar and distrust the unfamiliar. This no doubt made sense when our ancestors were faced with unusual plants (to eat or not eat?) or a new group of guys with wooden clubs in our territory (to fight or flee?). It doesn’t always help in our modern, globalized world.
We feel that we are in control in the familiar situations where we spend most of our time. These might, in fact, be the riskiest because they provide the highest levels of predictable opportunity for those who wish us ill.
In the same way, principals might think twice about hotel security when traveling to far-off places, yet be perfectly happy with an off-the-shelf (and largely ineffective) home alarm system – even though they live in an area with high crime rates. Their companies would never hire consultants without having first checked out their reputations, but they can and do hire nannies and other household help without thorough background checks.
5. The control bias: We typically downplay risks when we believe we are in control of the situation, and overrate them in situations that we don’t feel we control. Unless you’re a pilot, driving versus flying comes to mind again, but there are other instances we often run into in our line of business.
For example, we know of principals who hire extra residential security guards if they are away but their family is home, but then let them go as soon as the principal returns. We also know high net worth individuals who would never dream of driving a rental car in another country, but don’t think twice about driving themselves to and from work – and staying on top of emails while at the wheel.
The combination of naiveté and cognitive biases makes an unfortunate security cocktail. You don’t know what you don’t know, and that might mean trouble.
Facts matter, too. Introducing the RTVA.
While emotions matter and should always be acknowledged, there are ways to bring rational thinking into the security equation. In our opinion, the best way to do this is to perform a risk, threat and vulnerability analysis (RTVA) that includes both qualitative and quantitative assessments according to the equation Threats x Vulnerabilities = Risks, where
- Threats are the actual and potential hostile actions facing the principal
- Vulnerabilities are the gaps in the current security apparatus according to identified threats
- Risks are the probability of critical threats being actualized in light of identified vulnerabilities to identified threats
RTVAs are to security as SWOT analyses are to business. Whereas few CEOs would approve a business plan without having professionals analyze the strengths, weaknesses, opportunities and threats facing the venture, plenty have no problem making security decisions without any kind of RTVA.
RTVAs are based on facts that can be independently verified against objective and agreed criteria, and move beyond the realm of feelings. Depending on available resources they can be exhaustive or cursory, performed in-house or by third parties. The goal of the RTVA is always the same: To provide an evaluation of security situations that is as comprehensive, accurate and actionable as possible.
Here are just a few of the questions an RTVA for family security seeks to answer:
- External factors not in our control
- What is the public prominence of the individual or family? Wealth and success increase prominence – and increased prominence elevates risk levels, whether the principals want prominence or not.
- Have there been any direct threats or other security risks to any family member? As we know from the Secret Service Exceptional Case Study Project, assailants who committed assassinations of public figures rarely broadcast their intentions prior to their attacks through overt threats, and those who do make written or verbal threats are statistically less likely carry them through; but this does not mean that all such threats need not be taken seriously – they must.
- Are there indirect threats, e.g., security risks not actively targeting the family per se, but still relevant?
- What would be the impact, or loss, should these threats be realized?
- How vulnerable is the family to these threats given current security procedures?
- Internal factors in our control
- What can be done to mitigate security vulnerabilities? What are the options, costs and expected results?
- What is the status of current and past residential protection and other security programs? What lessons can we learn?
- Which stakeholders in the family office or residential ecosystems are relevant to security efforts?
- What are the family’s personal preferences regarding security and lifestyle?
- What are acceptable or unacceptable tradeoffs between heightened security and constraints on personal freedom?
- Gap analysis: Where we are now compared to our goals?
Only once the RTVA has been completed should a security master plan be designed and implemented. The security master plan should combine the physical, tech, manpower and procedures– ideally at home, at work or traveling – to mitigates risk by providing protection wherever the principal or family members are located.
Principals don’t need to know all the details of the RTVA or security master plans if they so choose, but they should be open to risk mitigation advice based on them.
The following are three things families can do to make better-informed security decisions:
What can a family do about all of this? Acknowledge your lack of expertise and get some qualified help, be aware of the trade-offs, and demand transparency from your security providers.
1. Find a specialist partner to help you with your security planning: Experience and expertise do make a difference in overcoming naiveté and cognitive biases. That’s why high net worth families hire the best financial advisors to help with investments and the best lawyers to help with estate planning. They should consider retaining specialist security advisors to help them with security, too.
These advisors don’t necessarily have to be the same ones that eventually provide the security services. They should have a verifiable track record in starting up, turning around and sustaining high-performance security programs for other families.
2. Choose the trade-offs between security and lifestyle that best suit you: There are no guarantees of permanent, absolute and unchanging safety in the real world. Security is always relative to surrounding conditions and available resources. Relatively good security is far better than relatively bad security – and there are ways to distinguish good from bad security.
Tradeoffs between security and freedom are a fact of life. It’s true for governments and it’s true for families. The benefits of enhanced security must be compared to the costs – be they financial or psychological in terms of limitations on freedom of movement or lifestyle choices.
Perfect security would mean zero exposure to any risk, ever. This works if you’re willing to hunker down in your own version of Fort Knox and never again venture into the world, but who wants to do that? Even the president of the United States is never completely safe out in the world, even though he is protected 24/7 by vast security resources costing upwards of $2 mil. per day.
Extremely prominent high net worth individuals know that they can’t move around the world with the same freedom as the rest of us. There are simply too many people that recognize them and want a piece of them to be able to go to the supermarket whenever they feel like shopping. Like everyone else, they too want to get out and pursue their business and personal interests – and they want their children to be able to enjoy childhood and make their own way in the world – with as much freedom as is safely possible.
In our experience, the least intrusive and most personalized security measures are often the most expensive in the short term, but prove to be the best investment in the long term. For example, families will actually use a custom-made alarm system designed by security experts in collaboration with architects in the design phase of a new home or remodeling of an existing home, but often grow tired of plain vanilla alarms, even from “leading providers”, and simply stop using them. Why? If alarms are cumbersome and unreliable, the hassle is not worth the perceived benefit.
Cookie-cutter security is never better than customized security. Families that work with security providers that are responsive to their lifestyle preferences, and can adapt best practices to the family’s particular needs, are more likely to forge sustainable relationships with their security providers and stay safer. They also save time, trouble and money by choosing top-tier security partners rather than having to recruit, train, fire – repeat – new ones all the time.
3. Demand transparency into the issues that matter: Since few families are security experts, it can be difficult for them to ask the right questions of prospective or current security providers. That doesn’t mean these questions shouldn’t be asked.
How do security providers vet employees and subcontractors? How happy is the family with the services provided? How do managers combat complacency among security staff when nothing usually happens (and that’s a good thing)? How do they perform quality assurance? What are the KPIs they measure their own performance on – and how will they share these with you?
The family needn’t know all the details, but those responsible for family security must. To do so they must demand transparency so they can look behind the curtains of their security providers, and continue to be sure that they are getting the best risk mitigation possible for the available resources.