Strategic Risk Intelligence: Balancing Stability with Changing Crime Patterns
Organizations depend on risk intelligence to guide long-term security planning. But crime conditions are never static. Patterns shift, new threats emerge, and short-term fluctuations can appear in local data.
So how should organizations balance stability in their security strategy with the need to respond to real changes in crime activity?
To explore this topic, CAP Index CEO and President Steven Aurand and Dr. Grant Drawve, VP of Geospatial Crime Solutions, discuss how organizations should think about risk intelligence, crime trends, and security decision-making.
Below are highlights from that discussion.
Organizations rely on risk intelligence to guide long-term security planning, but crime conditions can change over time. How should organizations determine the right cadence for updating risk models?
Grant Drawve, Ph.D.:
When we think about cadence, it really comes back to being strategic. What can that company do from a security standpoint? Some may find it challenging to adjust strategy more than once a year where others can handle changes 2 or even 3 times a year.
For clients who use our scores to establish risk tiers that dictate specific security solutions, changing a score may mean changing tiers and, in turn, deployment of resources like guards. Those decisions have downstream implications that need to be considered.
Whether you are relying on CAP Index external risk data or working with models we develop that incorporate your internal incident data for a more holistic view, the same principle applies. You do not want to play whack-a-mole where you are constantly making changes, but you also want to stay aware of what is happening in and around your locations.
Steven Aurand:
There is also a practical aspect to it. Crime does not usually change dramatically from month to month, and in many areas it is fairly stable over time, although some locations can experience more noticeable swings.
So if you are updating too frequently, you may not actually be capturing meaningful change.
Grant:
Right. You don’t want to be updating monthly, constantly changing security postures. But at the same time, you also don’t want to wait three to five years. You need to stay current with crime conditions and what is trending.
Steve:
That is really the balance. You want something stable enough to guide strategy, but current enough to reflect real changes when they happen.
Why is it important that models don’t react to every short-term fluctuation in crime data?
Grant:
You don’t want to follow or chase the blips. For instance, you might have an ORC group hitting one city multiple times. That is one group driving a spike. Other spikes might occur seasonally.
If you are always reacting to these kinds of events, you are always behind. You are never being proactive…you’re just waiting for something to pop and then responding to it.
Steve:
As I said earlier, crime levels are fairly standard over time. That’s why we average crime over multiple years in calculating our scores. A longer time frame allows us to see patterns developing and provides the stability needed to make sensible security resource decisions. You certainly don’t want to be in a position where you’re putting guards in and taking them out repeatedly…it’s impractical and unnecessary.
Grant:
Right. And from an operational standpoint, if you keep moving resources around like that, you’ll never know if what you are doing is actually working.
How should organizations think about the role of past crime versus other factors in risk models?
Grant:
The best predictor of future crime is past crime. That is a place to start. But if that is all you are using, you are still just being reactive.
You don’t know what is driving crime in the first place. You are waiting for it to happen…you hit a threshold and then react.
Steve:
And that is where place really matters. Different parts of the country behave very differently. Some are very stable. Others change more quickly.
Grant:
Exactly. That is why you want to understand what is underneath. Business data, sociodemographic data, environmental conditions.
If you understand those drivers, you can move from reactive to more predictive and proactive. And those models tend to outperform just using crime alone.
What challenges will organizations face if their security strategy changes every time short-term indicators fluctuate?
Grant:
It becomes a cat-and-mouse game where you’re always trying to catch up. And at the same time, you’re not giving yourself enough time to measure whether your solutions are actually working.
There is a broader shift, especially in law enforcement, toward being more data-driven and evidence-based. Agencies are moving away from purely reactive responses and toward evaluating what actually reduces crime.
That requires time and consistency. You have to be able to step back and ask, did the change we made have an impact? Did it reduce incidents? Did it improve outcomes?
Steve:
And it is just not practical operationally. You do not put cameras in and take them out every few months or constantly shift your entire security posture.
Grant:
Right. If you are constantly moving resources, you are not giving yourself the ability to answer those questions. You are just reacting instead of improving.
When should organizations pay attention to temporary increases in crime activity, and how can they effectively monitor these changes?
Steve:
Short-term data help you see whether something is just a blip or the beginning of a trend. Our Crime Incident Feature (CIF) provides confirmed police crime data around your locations to spot unexpected changes and temporarily adjust deployment if needed. An unexpected rise or fall in nearby crime might indicate a new or growing presence of an attractive nuisance unexpectedly driving crime up, or a crime mitigator pushing crime away.
Grant:
And people still want to know what happened yesterday. That matters.
Crime is not felt equally across a city. Even if crime is going down overall, what is happening around your site could be very different.
Steve:
Right. And that is where you might need to pay attention. Not to react to everything, but to know when and why something actually is different from what you would expect.
Why is it important to rely on confirmed crime data rather than social media or unverified sources?
Grant:
With social media, the question is always, is it reliable? Is it accurate? What about data quality?
Yes, things get reported quickly, but they’re not always verified. The same event might be represented as multiple different events. Crime classifications can change as investigations progress and social media isn’t updated, so the record will be wrong. Something that looks like a crime initially might not even be criminal once police get involved. You really can’t make informed decisions with this kind of information alone.
Steve:
There is also a bias problem. If you have a robbery in a major city, you might get a hundred posts about it. In a rural area, you might get none.
Grant:
Plus the bias towards sensationalism. They go for the attention-grabbing click bait rather than facts.
Steve:
Right, who’s going to make a social media post about a shoplifting incident vs a violent crime? This is a contributor to why the public generally has a heightened perception of crime even though overall crime rates are down.
You can’t normalize this type of data for reliable results across locations.
When organizations notice a short-term increase in crime, what should they examine to determine if it is a temporary situation or represents a meaningful shift in risk?
Grant:
One of the first questions is, is this connected?
Is it an ORC group? Is it a network spiking criminal activity at your locations, or are these just disconnected incidents? Figuring this out can be challenging and it really shows the value of collaborating like many of the ORCA groups do. ORC still requires a response, but it’s a different response than for a surge in one-off shoplifters.
Steve:
And context matters. We encourage our clients to gather information about what’s happening at their sites but what’s happening in a community more broadly can also drive short-term changes. People do need to react to what’s happening in the moment, but they also need to see the broader picture to understand the breadth of the impact.
Grant:
Right. You also see things like near-repeat victimization. Once a location is identified as a viable target, that perception can spread through networks and lead to repeat activity. Information about vulnerabilities, whether shared informally or through organized groups, increases the likelihood of continued targeting.
So you have to look at what is driving the activity, not just the volume.
From a strategic perspective, how should organizations combine long-term risk intelligence provided by CAP Scores with awareness of recent activity as seen with the Crime Incident Feature (CIF)?
Grant:
From a long-term standpoint, you already know how a site is operating in terms of a risk profile. What’s your risk tolerance in terms of internal incidents? What is the norm for external risk?
Short-term data helps you stay aware of what is happening right now. If something looks elevated, that can trigger a deeper look.
Steve:
And ideally, you are blending the two.
The long-term view helps you rank locations and allocate resources. The short-term view helps you identify sites that warrant attention and that may be in the process of changing.
Grant:
Security isn’t about constantly overhauling everything, it’s about aligning your approach with the actual risks in your current environment. You evaluate what’s happening around you and ask: Is this threat coming from outside or inside? Does our existing security setup already protect us?
Some signals you see will be irrelevant noise, while others indicate real risks that require attention and action.
Conclusion
Effective risk intelligence is not about reacting hastily. It is about developing a deeper understanding of risk so decisions are proactive, not reactive.
That starts with a stable, strategic foundation. Long-term models allow organizations to understand baseline risk, prioritize locations, and allocate resources with confidence. But stability alone is not enough. Security teams also need visibility into what is happening right now and the judgment to know when a change is meaningful versus when it is simply noise.
Just as important is the quality of the data behind those decisions. Reliable, verified crime data provides a consistent and trustworthy view of risk. Without it, organizations risk chasing incomplete or misleading signals and making decisions based on perception rather than reality.
The organizations that get this right are not the ones reacting to every spike. They are the ones combining strong, data-driven models with informed awareness of current conditions, allowing them to stay both steady and responsive.
Continue the conversation
Risk Score Updates: Why More Isn't Better
Learn why, when it comes to risk intelligence updates, more frequent data doesn’t lead to better decisions—and how the right cadence can deliver clearer, more actionable insights.
Use Data - Not Headlines - to Understand Crime Risk
A data-driven approach is essential for accurately understanding and managing crime risk, especially amid misleading headlines and generalized statistics.
The Science Behind Reliable Crime Risk Assessment
In today’s data-saturated landscape, it’s convenient to rely on what’s easy to access. But in the world of crime risk assessment, surface-level data—no matter how convenient—can’t capture the true complexity of crime.
Recent Posts
Why Prioritizing Branches by Risk is the Smartest Security Strategy
A Conversation with McDonald’s Director of Security Rob Holm
