Duty to Protect


To what extent is a business obligated to provide security for its customers?  And to what extent does security influence which businesses a customer choses to frequent?  These questions are particularly relevant in light of the recent shooting at a grocery store location in Colorado which left ten people dead.

Some would say that businesses have a duty to protect, even a moral obligation to do their utmost to see that employees and customers are secure.  

Another less lofty reason from the business’ point of view is to do so to avoid potential litigation and liability in the event that something bad happens.  And then, most businesses are constrained by their financial bottom line which may well dictate the nature and level of the security they provide.  

Regardless of why anyone puts security in place, it is hard to know when security is sufficient; standards are elusive.

Meeting a government mandated security regulation does not necessarily guarantee anything.  Airlines at the time of 9/11 were meeting the standards and clearly, it was not enough.  Although many lawsuits were filed to hold the airlines liable, for the most part the U.S. government stepped in taking the posture that one could not sue the airlines but in any event, the victims would be compensated for the failure by the government.

In terms of standards, our company was brought in as an expert witness for a case where the plaintiff charged a retail mall of failing to provide adequate security when someone was attacked and injured there. The argument was that one of our clients (one of the world’s largest malls, with an excellent security system that includes red teaming and an undercover unit) although totally uninvolved in the case had set a security standard for all mall operations across the U.S.  The plaintiff argued that the incident about which the case was being brought could have been prevented and that the defendant had an absolute duty to protect which it failed to meet.  So, if one business demonstrates a certain level of security, does that constitute the standard and mean that everyone else has to meet it?

Although we’d like to think that everyone should adopt the security methods and posture that Chameleon promotes, one problem is that security is hard to measure.  One only knows for sure that it is working well and effectively after the security system and/or officer has been faced with a breach or attack.  (Indeed, this is why Chameleon supplies red teaming services.) It’s not like for example, food safety where tests are conducted in laboratories that adhere to known standards and work with strict procedures.  Whether that can of lima beans is safe is more or less, measurable.  Not so with security.  

Or take the admittedly unappealing example of public restrooms.  We hope and prefer that their cleanliness is up to par, that it meets a standard. It doesn’t even matter who sets those standards be it an individual business or a government agency as to how often the restroom gets cleaned, the cleaning agents used, the skill of the cleaning staff and the oversight of management to ensure it’s done right.  You walk in and the cleanliness is evident, one way or another.  We know what a clean mirror looks like; each of us non-professionals has sufficient expertise in this area to make that determination.

But when customers look to judge a business’ level of security, it gets tricky.  They may have a perspective on security, impressions but clearly not every one has professional expertise.    We don’t all know just by looking.  Very often we hear from both customers and employees at a site we are assessing and from physical security companies too is that what everyone wants is an atmosphere of good customer service. The officers should be helpful and friendly. They should be well groomed and look the part.  That’s nice but actually, we want and need a bit more than that.  If you were at the beach, for example, and notice the lifeguard at the station next to where you and the kids are camped - you will have expectations. Even if the duty lifeguard looks like he stepped off of the set of Bay Watch, you also expect that he knows how to swim very well, that he is alert and on the ball and that he is completely willing and ready to jump in and do all that it takes, if needed.

Given the increase in crime over the last couple years, the craziness that is covid, violence fueled by politics and the economy, most people see the world right now as a crazy place.  We hear about every crummy event instantly.  Many have come to feel that we should expect the worst and be content to just survive another day.  We are all on high alert for the next disaster.

More than ever, most customers hope and expect that security will protect them when they are in a retail parking lot from being attack or mugged, from gang crimes and active shooters.  Customers want to feel safe and secure.  And whether real or not, a perception of good security at a location is a factor that draws customers to choose one location over another.  In that respect, security is a marketing variable.  There is a business case for developing and maintaining good security, regardless of other motivations for doing so.  The trick is aligning customer expectations for security with a given business’ understanding of security and then, all of us doing our best to create and uphold meaningful standards.

Leave a Comment