What makes higher costs and shrinking margins only possibilities is the recession that began six months before the devastating terrorist attacks against New York’s World Trade Center and the Pentagon. The economic slowdown has put companies in the position of needing fewer parts anyway. If the assault had taken place at the height of economic activity—say, in either 1999 or 2000—the costs of new security necessary to keep even somewhat tempered demand satiated would have almost assuredly been inflationary or at the very least put pressure on operating margins if prices could not be hiked accordingly.

Bottom Line Hits

So there may be a small silver lining to an otherwise jet black cloud. But the current downturn does not mean that the Sept. 11 tragedy and the subsequent recognition that more attacks are possible will not eventually affect corporate bottom lines in ways other than simply exacerbating the recession. Talk to executives nationwide, and the conclusion is clear: Recession angst may presently supercede the increasingly distant anguish Americans felt as they watched two Boeing jumbo jets turn deliberately into the Twin Towers, but priorities are changing to favor spending on heightened security. It would be hard to find a company that has not already begun at least investigating what kinds of security expenditures may ultimately be necessary to protect business as usual. The unanswered question: When will they start such spending in earnest, given the current round of corporate belt-tightening. “At the moment, executives see it as nuisance spending, something that will eat into productivity,” says Abraham Gulkowitz, chief global strategist for Deutsche Bank. “But eventually security matters will end up as part of the valuation quotient for companies, just the way good environmental practices are today but weren’t a decade ago.”

If that is the case, then the next question the thoughtful chief financial officer must ask is: How much security is too much and how much is too little? The answers are not easy—and corporations have felt burned before by hysterical warnings about the impending Y2K doom. “On net, over the next year, we think additional costs for security-related things will run about 1.5% of GDP,” says David Wyss, chief economist at Standard & Poor’s. That, of course, is assuming no further terrorist attacks. “Although about half of that spending will end up being borne by government—like much of the $15 billion in airline assistance money—that’s still a lot of money that will be spent by business.” Indeed, in a $10-trillion national economy, it represents a roughly $75-billion security bill for the private sector. And even the government’s share represents an indirect cost to both the individual and corporate taxpayer in the form of increased taxes, Wyss points out.

‘Higher Perception of Risk’

Wyss and other economists predict that these higher business security expenditures will fall essentially into three categories: operating costs for increased security personnel; capital spending for improved security facilities, such as changes in buildings, air ducts and scanning equipment; and finally charges from security-related alterations to operations, such as increased inventory costs, higher travel and transportation costs and the need for more back-up systems. Many of these will not be one-off expenses, but will represent higher operating costs that will continue indefinitely and for the most part will not translate immediately into increases in productivity. “Over time, if terrorism becomes more common in the U.S., there will be a heightened perception of risk, and this will mean higher costs in every transaction we make,” says Alberto Abadie, a scholar at Harvard University’s Kennedy School of Government, who recently completed a study of the terror-plagued Basque region of Spain. He concludes that there will be a “measurable impact” on GDP as well as on corporate profits. Peter Navarro, an associate professor of business and government at the University of California at Irvine’s Graduate School of Management, claims that the costs of terrorism—from loss of business, to cleanup and repair, to protection against future attacks—will be hundreds of billions of dollars and could even surpass $1 trillion, depending upon the policy choices that are made in the coming year. Basing his comments on a just completed study on terrorism for the Milken Institute, Navarro says the hardest-hit industries will be advertising, airlines, lodging, tourism and insurance. Just in the immediate aftermath of the attacks, he notes, the losses to the economy reached close to $50 billion.

At the company level, Navarro says financial executives will need to face what he calls “the productive capital versus protective capital trade-off issue.” In other words, “remember as you drive down risks to zero, the costs go to infinity,” he explains. “You have to find the point where the risks and the costs are acceptable, while also meeting your legal liability—which adds to the difficulty of the decision.”

The Spending Begins

At Microsoft Corp.—no doubt, a relatively visible potential target—the spending on increased security has already begun in earnest. According to CFO John Connors, the Internet and software giant will commit as much as $15 million in the current fiscal year, which ends on June 30. On the list of expenditures: increased security coverage for Microsoft facilities in general with a particular emphasis on operations at and near the Redmond, Wash., headquarters; expanded protection for the company’s top executives, plus a widening of coverage to less senior managers and creation of a centralized mail facility that now monitors and actually opens every piece of mail directed to Microsoft or a Microsoft employee.

“Basically in the post-9/11 period, we have established a small working group led by the CIO,” Connors says. “He presented a set of recommendations to the president, who notified the whole company. We have invested in disaster recovery plans and a detailed communication program for reaching all our employees. And we have really tried to heighten awareness of the responsibility our employees have, individually and in groups, to have a more pervasive mentality about recognizing risk.”

Dangers of Nickle-And-Diming

Microsoft is in a select group that has responded with substantial action instead of just talk. To date, most companies have only committed to what Navarro calls stop-gap measures, such as hiring more security guards or more intense monitoring of employee IDs.

But not all precautions need be costly. Take Kindred Healthcare, a hospital and nursing home operator. “We’ve always been very security conscious,” says Leo Hauber, director of corporate facilities. “What we’ve done differently since 9/11 and the anthrax letters is to install an Œanthrax button.’ This ties into a management control system, and by itself can shut down the entire air control system.” The company has also stepped up monitoring of its loading dock area, a vulnerable part of most buildings, which the company had ignored in the past.

For now, the 9/11 assaults have put the nation’s business leaders on edge, hence the episodic nature of spending so far. “Executives have not yet made up their minds what they’re going to do in the long run,” agrees Howard Kunreuther, a professor of financial management at the University of Pennsylvania’s Wharton School of Business. “So far, they’ve just been putting out fires.” Cautions S&P’s Wyss: “My biggest concern is that companies will nickel-and-dime this.” In fact, some companies are already paying for a penny-wise, pound-foolish approach to risk. Robert Hartwig, an economist with the Insurance Information Institute, notes that an industry survey shows that 12% of the businesses hit by the shutdown of lower Manhattan after Sept. 11 had no insurance coverage. Even of the 88% of businesses that had insurance, he says, many were caught short. “Some had property insurance, but not inventory insurance, or they had liability insurance, but not business continuity insurance.” He says that in view of the terrorist attacks, insurance costs—calculated broadly to include premiums, deductibles, co-insurance and self-insurance—will rise 30% to 35%. That’s a cost that will then continue in the years to come. “The impact of that increase,” he says, “will be to reduce S&P net income by 2% to 2.5%.” Of course, that’s if companies can get insurance. The insurance industry has been balking at providing terrorism protection after seeing what terrorists are capable of doing, and even if the government mandates such protection and provides caps and guarantees to the industry, the premium costs could prove astronomical for some firms.

Rethinking Just-In-Time

Meanwhile, companies are also considering ways operations should be altered to protect against business interruption. Reliance on just-in-time inventory—a major factor in American business’s drive to remain competitive in a global economy—is now a problem, says Awi Federgruen, senior vice dean of the Columbia University Business School and a professor of management.

This is particularly so with many major industries—most notably automotive companies—dependent upon cross-border suppliers. “A lot of things are being considered,” Federgruen says. “It’s hard to say how many companies will end up opting for larger inventories, and how many will shift their outsourcing to domestic suppliers, but either way the costs will be enormous.” The implications of such changes, he warns, could be profound. “Just-in-time inventory management has, for many companies, meant the difference between being profitable and not being profitable.”

To cut cross-border trade costs for business and government, Federgruen expects to see the development of an extensive computer-based system of point-of-origin monitoring of international shipments “where every item on a truck or ship is tracked in real time, the way they do at Federal Express.” He says that such a system, if it allowed shippers to get waved through at border crossings, would become a business imperative to remain competitive.  

Positive Contribution

Ultimately, some economists and security experts foresee a day when security-related spending by companies may come to be seen in the U.S. as a positive contributor to its overall corporate valuation, much in the same way the thinking has been revised about the importance of spending on worker safety, environmental protection and even health benefits in recent years. “Back in the 1970s and early 1980s, safety, for instance, was seen as just a business overhead expense,” says John McCarthy, senior manager of risk discovery services at KMPG. “Now, most savvy business executives have done a 180-degree turn and say safety is a good business investment that should be built into the system up front. Security should be the same.”

McCarthy adds that finance and treasury executives will play a key role in any such paradigm shift. “Finance and treasury are the two parts of a business where risk is understood,” he explains. “The guys who handle money and business intelligence have always had to deal with risk, and so that’s where you find good controls. What 9/11 has done is provide a leave to focus on the risks to other parts of the business.”

Of course, the entire equation changes with another sizable terrorist attack, particularly involving biological or chemical weapons, which some experts say is a distinct possibility. “If that happens, expect to see the dithering and talking turn into major spending,” says L. Paul Bremer, CEO of Marsh Crisis Consulting and former ambassador for counter-terrorism. At that point, experts like Bremer say it would be important for risk managers to think clearly about what is needed and what isn’t. “I think the way for executives to figure out what is worth doing is to contemplate what the potential downside is of doing nothing.” And he says that can get personal. “What is at stake in a crisis and how a company handles it is the brand of the company—and the brand of the CEO.”

HEIGHTENED SECURITY MAKES BIOMETRIC IDS LESS OF A LUXURY

Imagine this: You go to the airport for a business trip. At the check-in counter, the clerk has you look into a digital retina scanner. Then, as you head for your gate, you are waved through while dozens of other people are lined up at the security checkpoint.

Science fiction? If DataTreasury Corp., a Melville, N.Y.-based biometrics firm, has its way, digital identification—and tracking—of people will become commonplace at airports, railway stations and corporate offices in a new security-conscious world. Such IDs can rely on retina scans, more conventional fingerprint checks and even facial recognition. Talk about being in the right place at the right time! Since it was founded in 1998, DataTreasury, primarily working in the check fraud business, has been trying to sell companies and government organizations on the idea of a global identity management system, but with little success. “People just weren’t interested,” says Claudio Ballard, chairman and CEO of DataTreasury. “But now security is at the top of people’s agenda.”

Cheaper Than Smart Cards

Ballard says that his firm’s patented global identity monitoring system, which provides for a centralized encrypted computer record of each identified subscriber, could provide a secure identification for each employee in a company at a cost of about $5 per month per employee. “That’s a lot cheaper than paying for thousands of smart cards or ID cards, and having guards at every entrance to your buildings,” he says. He notes that the cost of a biometric reader is just $1,000 to $2,000 per location.

The company has several corporate customers already and hopes to secure contracts with several airports in 2002. In December, DataTreasury put on a public demonstration of its system at MacArthur-Islip Airport on Long Island, N.Y. “People have suggested that security concerns will fall off over time,” Ballard says. “But the impact of 9/11 was so profound, I don’t think it will happen.

-D.L.