miles-long lines of trucks waiting for inspections and customs clearance at the

U.S. point of entry–a consequence of the federal crackdown following the Sept.

11 attacks on New York and Washington. That said, the added security efforts at

the Canadian and Mexican borders still have truckers idling their engines and

cooling their heels for hours, while Customs Service officers sift through their

cargo. The trucking industry is asking Congress to approve a tripling in the

number of customs inspectors, but that will take time–and money. Meanwhile,

companies dependent upon plants in Mexico and Canada for components and supplies

are starting to contemplate building up bigger inventories or even shifting to

domestic suppliers. Both potential precautionary measures suggest one thing: The

cost of doing business may rise.

What

makes higher costs and shrinking margins only possibilities is the recession

that began six months before the devastating terrorist attacks against New

York's World Trade Center and the Pentagon. The economic slowdown has put

companies in the position of needing fewer parts anyway. If the assault had

taken place at the height of economic activity–say, in either 1999 or

2000–the costs of new security necessary to keep even somewhat tempered demand

satiated would have almost assuredly been inflationary or at the very least put

pressure on operating margins if prices could not be hiked accordingly.

Bottom

Line Hits

So

there may be a small silver lining to an otherwise jet black cloud. But the

current downturn does not mean that the Sept. 11 tragedy and the subsequent

recognition that more attacks are possible will not eventually affect corporate

bottom lines in ways other than simply exacerbating the recession. Talk to

executives nationwide, and the conclusion is clear: Recession angst may

presently supercede the increasingly distant anguish Americans felt as they

watched two Boeing jumbo jets turn deliberately into the Twin Towers, but

priorities are changing to favor spending on heightened security. It would be

hard to find a company that has not already begun at least investigating what

kinds of security expenditures may ultimately be necessary to protect business

as usual. The unanswered question: When will they start such spending in

earnest, given the current round of corporate belt-tightening. "At the moment,

executives see it as nuisance spending, something that will eat into

productivity," says Abraham Gulkowitz, chief global strategist for Deutsche

Bank. "But eventually security matters will end up as part of the valuation

quotient for companies, just the way good environmental practices are today but

weren't a decade ago."

If

that is the case, then the next question the thoughtful chief financial officer

must ask is: How much security is too much and how much is too little? The

answers are not easy–and corporations have felt burned before by hysterical

warnings about the impending Y2K doom. "On net, over the next year, we think

additional costs for security-related things will run about 1.5% of GDP," says

David Wyss, chief economist at Standard & Poor's. That, of course, is

assuming no further terrorist attacks. "Although about half of that spending

will end up being borne by government–like much of the $15 billion in airline

assistance money–that's still a lot of money that will be spent by

business." Indeed, in a $10-trillion national economy, it represents a roughly

$75-billion security bill for the private sector. And even the government's

share represents an indirect cost to both the individual and corporate taxpayer

in the form of increased taxes, Wyss points out.

'Higher

Perception of Risk'

Wyss

and other economists predict that these higher business security expenditures

will fall essentially into three categories: operating costs for increased

security personnel; capital spending for improved security facilities, such as

changes in buildings, air ducts and scanning equipment; and finally charges from

security-related alterations to operations, such as increased inventory costs,

higher travel and transportation costs and the need for more back-up systems.

Many of these will not be one-off expenses, but will represent higher operating

costs that will continue indefinitely and for the most part will not translate

immediately into increases in productivity. "Over time, if terrorism becomes

more common in the U.S., there will be a heightened perception of risk, and this

will mean higher costs in every transaction we make," says Alberto Abadie, a

scholar at Harvard University's Kennedy School of Government, who recently

completed a study of the terror-plagued Basque region of Spain. He concludes

that there will be a "measurable impact" on GDP as well as on corporate

profits. Peter Navarro, an associate professor of business and government at the

University of California at Irvine's Graduate School of Management, claims

that the costs of terrorism–from loss of business, to cleanup and repair, to

protection against future attacks–will be hundreds of billions of dollars and

could even surpass $1 trillion, depending upon the policy choices that are made

in the coming year. Basing his comments on a just completed study on terrorism

for the Milken Institute, Navarro says the hardest-hit industries will be

advertising, airlines, lodging, tourism and insurance. Just in the immediate

aftermath of the attacks, he notes, the losses to the economy reached close to

$50 billion.

At

the company level, Navarro says financial executives will need to face what he

calls "the productive capital versus protective capital trade-off issue." In

other words, "remember as you drive down risks to zero, the costs go to

infinity," he explains. "You have to find the point where the risks and the

costs are acceptable, while also meeting your legal liability–which adds to

the difficulty of the decision."

The

Spending Begins

At

Microsoft Corp.–no doubt, a relatively visible potential target–the spending

on increased security has already begun in earnest. According to CFO John

Connors, the Internet and software giant will commit as much as $15 million in

the current fiscal year, which ends on June 30. On the list of expenditures:

increased security coverage for Microsoft facilities in general with a

particular emphasis on operations at and near the Redmond, Wash., headquarters;

expanded protection for the company's top executives, plus a widening of

coverage to less senior managers and creation of a centralized mail facility

that now monitors and actually opens every piece of mail directed to Microsoft

or a Microsoft employee.

"Basically

in the post-9/11 period, we have established a small working group led by the

CIO," Connors says. "He presented a set of recommendations to the president,

who notified the whole company. We have invested in disaster recovery plans and

a detailed communication program for reaching all our employees. And we have

really tried to heighten awareness of the responsibility our employees have,

individually and in groups, to have a more pervasive mentality about recognizing

risk."

Dangers

of Nickle-And-Diming

Microsoft

is in a select group that has responded with substantial action instead of just

talk. To date, most companies have only committed to what Navarro calls stop-gap

measures, such as hiring more security guards or more intense monitoring of

employee IDs.

But

not all precautions need be costly. Take Kindred Healthcare, a hospital and

nursing home operator. "We've always been very security conscious," says

Leo Hauber, director of corporate facilities. "What we've done differently

since 9/11 and the anthrax letters is to install an OEanthrax button.' This

ties into a management control system, and by itself can shut down the entire

air control system." The company has also stepped up monitoring of its loading

dock area, a vulnerable part of most buildings, which the company had ignored in

the past.

For

now, the 9/11 assaults have put the nation's business leaders on edge, hence

the episodic nature of spending so far. "Executives have not yet made up their

minds what they're going to do in the long run," agrees Howard Kunreuther, a

professor of financial management at the University of Pennsylvania's Wharton

School of Business. "So far, they've just been putting out fires."

Cautions S&P's Wyss: "My biggest concern is that companies will

nickel-and-dime this." In fact, some companies are already paying for a

penny-wise, pound-foolish approach to risk. Robert Hartwig, an economist with

the Insurance Information Institute, notes that an industry survey shows that

12% of the businesses hit by the shutdown of lower Manhattan after Sept. 11 had

no insurance coverage. Even of the 88% of businesses that had insurance, he

says, many were caught short. "Some had property insurance, but not inventory

insurance, or they had liability insurance, but not business continuity

insurance." He says that in view of the terrorist attacks, insurance

costs–calculated broadly to include premiums, deductibles, co-insurance and

self-insurance–will rise 30% to 35%. That's a cost that will then continue

in the years to come. "The impact of that increase," he says, "will be to

reduce S&P net income by 2% to 2.5%." Of course, that's if companies can

get insurance. The insurance industry has been balking at providing terrorism

protection after seeing what terrorists are capable of doing, and even if the

government mandates such protection and provides caps and guarantees to the

industry, the premium costs could prove astronomical for some firms.

Rethinking

Just-In-Time

Meanwhile,

companies are also considering ways operations should be altered to protect

against business interruption. Reliance on just-in-time inventory–a major

factor in American business's drive to remain competitive in a global

economy–is now a problem, says Awi Federgruen, senior vice dean of the

Columbia University Business School and a professor of management.

This

is particularly so with many major industries–most notably automotive

companies–dependent upon cross-border suppliers. "A lot of things are being

considered," Federgruen says. "It's hard to say how many companies will

end up opting for larger inventories, and how many will shift their outsourcing

to domestic suppliers, but either way the costs will be enormous." The

implications of such changes, he warns, could be profound. "Just-in-time

inventory management has, for many companies, meant the difference between being

profitable and not being profitable."

To

cut cross-border trade costs for business and government, Federgruen expects to

see the development of an extensive computer-based system of point-of-origin

monitoring of international shipments "where every item on a truck or ship is

tracked in real time, the way they do at Federal Express." He says that such a

system, if it allowed shippers to get waved through at border crossings, would

become a business imperative to remain competitive.

Positive

Contribution

Ultimately,

some economists and security experts foresee a day when security-related

spending by companies may come to be seen in the U.S. as a positive contributor

to its overall corporate valuation, much in the same way the thinking has been

revised about the importance of spending on worker safety, environmental

protection and even health benefits in recent years. "Back in the 1970s and

early 1980s, safety, for instance, was seen as just a business overhead

expense," says John McCarthy, senior manager of risk discovery services at

KMPG. "Now, most savvy business executives have done a 180-degree turn and say

safety is a good business investment that should be built into the system up

front. Security should be the same."

McCarthy

adds that finance and treasury executives will play a key role in any such

paradigm shift. "Finance and treasury are the two parts of a business where

risk is understood," he explains. "The guys who handle money and business

intelligence have always had to deal with risk, and so that's where you find

good controls. What 9/11 has done is provide a leave to focus on the risks to

other parts of the business."

Of

course, the entire equation changes with another sizable terrorist attack,

particularly involving biological or chemical weapons, which some experts say is

a distinct possibility. "If that happens, expect to see the dithering and

talking turn into major spending," says L. Paul Bremer, CEO of Marsh Crisis

Consulting and former ambassador for counter-terrorism. At that point, experts

like Bremer say it would be important for risk managers to think clearly about

what is needed and what isn't. "I think the way for executives to figure out

what is worth doing is to contemplate what the potential downside is of doing

nothing." And he says that can get personal. "What is at stake in a crisis

and how a company handles it is the brand of the company–and the brand of the

CEO."

HEIGHTENED

SECURITY MAKES BIOMETRIC IDS LESS OF A LUXURY

Imagine

this: You go to the airport for a business trip. At the check-in counter, the

clerk has you look into a digital retina scanner. Then, as you head for your

gate, you are waved through while dozens of other people are lined up at the

security checkpoint.

Science

fiction? If DataTreasury Corp., a Melville, N.Y.-based biometrics firm, has its

way, digital identification–and tracking–of people will become commonplace

at airports, railway stations and corporate offices in a new security-conscious

world. Such IDs can rely on retina scans, more conventional fingerprint checks

and even facial recognition. Talk about being in the right place at the right

time! Since it was founded in 1998, DataTreasury, primarily working in the check

fraud business, has been trying to sell companies and government organizations

on the idea of a global identity management system, but with little success.

"People just weren't interested," says Claudio Ballard, chairman and CEO

of DataTreasury. "But now security is at the top of people's agenda."

Cheaper

Than Smart Cards

Ballard

says that his firm's patented global identity monitoring system, which

provides for a centralized encrypted computer record of each identified

subscriber, could provide a secure identification for each employee in a company

at a cost of about $5 per month per employee. "That's a lot cheaper than

paying for thousands of smart cards or ID cards, and having guards at every

entrance to your buildings," he says. He notes that the cost of a biometric

reader is just $1,000 to $2,000 per location.

The

company has several corporate customers already and hopes to secure contracts

with several airports in 2002. In December, DataTreasury put on a public

demonstration of its system at MacArthur-Islip Airport on Long Island, N.Y.

"People have suggested that security concerns will fall off over time,"

Ballard says. "But the impact of 9/11 was so profound, I don't think it will

happen.

-D.L.