Skip to content

Levers Against Liability

​THE FAMILY OF A MAN who was shot and killed while shopping in a jewelry store settled out of court with the store owner for $2.2 million. The store did have one security guard, but he failed to show up for work on the day of the incident.

In another case, a casino patron who was attacked on a hotel walkway and sustained serious head injuries was awarded $5 million in damages. The jury found that the hotel was negligent because the walkway was isolated and adjacent to a vacant lot where assaults frequently occurred. The hotel failed to monitor the walkway and a security guard patrolled the area only once a day.

In yet another case, an apartment building owner was ordered to pay $16 million to the families of several people who were murdered in the building. The jury found the owner negligent because he failed to fix a faulty lock on the front door and to provide a backup security officer to guard the area. The single security officer hired by the owner had not come to work the day of the fatalities.

As these examples illustrate, a jury verdict can directly relate to inadequate security. Thus, failure to take appropriate security measures and to consider how those measures can be defended in court can be extremely costly. Security managers can reduce the chances that the company will lose when it gets its day in court by taking the following steps.

Assess Risk

The first step toward ensuring that any case against the company will fail is to show that the company is aware of security and makes an effort to provide a safe environment. Toward that end, the company must first assess the potential threats on its property. It must do so by considering the property itself and the surrounding neighborhood, including incidents and crime trends. In addition to routine risks, it must also consider remote risks, such as those that may arise from a natural or manmade disaster. Is the property in a flood plain, for example?

Another factor to consider is how shared property is allotted. This is especially important for businesses in shopping malls, multitenant high rises, or industrial parks. Businesses that share parking lots may also share liability for criminal acts that occur in those common areas.

In one case (McClung v. Wal-Mart, U.S. Court of Appeals for the Sixth Circuit, 2001), a man sued Wal-Mart stores after his wife, Dorothy McClung, was abducted from a shopping center parking lot. Mc- Clung had been shopping at the Wal-Mart before she was assaulted but was parked in front of a Circuit City store. (McClung was raped and murdered after her abduction.)

Wal-Mart argued that McClung was not parked in its portion of the parking lot—where the company had installed exterior lighting—when she was assaulted so the company had no liability. The court disagreed.

It ruled that because Wal-Mart customers were allowed to park anywhere in the shopping center, the company could not claim a particular part of the lot as its own. Further, cash register receipts and other evidence showed that the perpetrator followed McClung around the store and out into the parking lot. Since Wal-Mart shared the parking lot, it didn’t matter exactly where the victim had parked her car.

Assessments can be costly, but a failure to conduct one can increase a company’s liability. Because threats can change over time, this assessment should be refreshed periodically.

To ensure that the company is aware of any emerging crime trends, security should invite neighboring businesses as well as local, federal, and state security representatives to participate in meetings concerning their security programs.


Once issues are identified, they must be addressed. Most companies don’t have the money to do everything at once, however, so the organization should consider making security improvements over several years in a staged and documented approach. This allows the company to defer extremely large costs, while showing that the company is taking steps to improve its security.

Security managers should prioritize the order of improvements. It makes sense to start with lighting. Several studies conducted on lighting and its effect on crime have indicated that proper lighting can prevent crime and improve the overall perception of security at a facility.

Security managers should start by having a professional company complete a lighting matrix study, using the Illumination Engineers Society of North America (IESNA) guideline on security lighting for property and public spaces. IESNA is an American National Standards Institute (ANSI) developer, and it is likely that the guideline will become a national standard for the security industry.

Other simple approaches to mitigating liability are to keep properties visible, using aspects of crime prevention through environmental design (CPTED). To use CPTED principles, security managers must ask themselves: Can I see in all directions from the property? Am I allowing for increased witness potential?

When evaluating these questions, security professionals should take special care to examine landscaping. Plant heights should be low enough to prevent ambush opportunities. Vegetation should preclude access and deter climbing. Security must work with the landscaping designer to coordinate these plans. The primary goal is to verify that the projected growth of trees, bushes, and hedges will not interfere with camera or lighting systems.

Sufficient and consistent. While phasing in improvements, the company must ensure that all countermeasures are sufficient and consistent. That will be the standard if the company has to defend its practices in court.

For example, in one case (Bouraee v. Lutheran Medical Center, New York Supreme Court, 2000) an employee sued his employer after he was attacked in the company elevator. Magdy Bouraee, a vascular surgeon at Lutheran Medical Center, was grabbed from behind by an assailant who demanded money. The two struggled and Bouraee received lacerations to his neck, eye, and hands before the attacker fled.

(The perpetrator escaped and had not been identified by the time of the trial.)

At trial, the company showed that it had records of prior incidents at its facility and no similar crime had occurred in the previous two years. Although the security protocols had been breached on the day of the incident—the three security officers stationed near the elevators had left to respond to a fire in the emergency room—the court found that the company did have sound security procedures in place.

The court noted that “while there may be an inference that stronger security measures would have acted as a deterrent to the assault, this court is reminded that Lutheran Medical’s duty is limited to taking minimal security precautions against foreseeable criminal acts by third parties.” In this case, the court ruled, the company had indeed taken these precautions.

Every company will also need plans for evacuations and other contingencies in the event of crises or disasters. In crafting the security policies, the security director should keep up with developments related to local, state, and federal laws and regulations that might affect what is required or allowed.

Security must also stay abreast of emerging safety and security guidelines and standards, such as those being issued by the ASIS commission on guidelines. These can be used to help the organization build programs to meet best practices, making them eminently defensible in court.


Having assessed risk and put in place a plan intended to reasonably reduce that risk, the next step (really a concurrent step) is for the company to make sure that it is adequately documenting these efforts. This amounts to ensuring that management will have the evidence at hand with which to defend the company for that inevitable day in court.

The documentation should cover the company’s policy and procedures manuals, problem-solving techniques, physical infrastructure, human resources procedures, and training practices as well as logs of incidents and how they were resolved.

Technical system testing, maintenance, and physical site observations must all be meticulously documented. Reviews should be conducted quarterly and should also be documented.

Where possible, this documentation should be carried out using forms to ensure that information is collected in a consistent and complete manner. Of course, if a company does not enforce its information-collection policies or if it fails to act on information collected, this could ultimately be used against it in court.


As a part of the company’s overall program, security managers should develop security awareness handbooks. These are especially important for multisite tenant facilities. Awareness handbooks welcome tenants, employees, residents, or contractors to the facility. They promote direct communication regarding acceptable activity, available resources, and daily operations at the company.

Awareness documentation serves as a supplementary document and is not intended to be all-inclusive. For instance, in a residential or multitenant office building, awareness documents do not amend the terms of the tenant lease or change any rules and regulations of the property.

An awareness handbook does, however, give additional information, including evacuation procedures, emergency reporting methods, tenant duties, and insurance responsibilities. The handbook might also contain guidance on how to deal with suspicious activity, domestic violence, noise, solicitations, accidents, and bomb threats.


If an incident occurs on company property, security managers should contact the proper authorities immediately. Communication is essential. All of the parties involved should be made aware of the decisions made by the company. This helps prevent confusion at the scene and contradictory reports after the incident.

Security managers should develop and maintain relationships with media representatives so that they will be able to get their facts across in the event of an incident that garners public attention. The company should also provide media training for key staff members who may have to talk about a response effort in the event of an incident.

By applying these commonsense measures, the company can minimize risk. By carefully documenting those measures, the company can also minimize its potential for future liability.

Sean A. Ahrens, CPP, is a senior security consultant with Schirmer Engineering Corporation in Deerfield, Illinois.

Marieta B. Oglesby is a security/property management consultant with Defenbaugh & Associates, Inc., in Texas.

Both are members of ASIS International and serve on the ASIS Commercial Real Estate Council.