Reading Time: 4 minutes
Key Takeaways:
- Most security operations are over-dependent on digital systems and the power grid, leaving core protection functions exposed when they fail.
- Security is fundamentally about people and process; technology should amplify solid workflows, not replace them.
- Organizations that can operate manually during outages are stronger, more disciplined users of technology when it is available.
- Leaders should regularly test their resilience through scenarios like prolonged regional power disruptions, not just brief IT incidents.
Kyle Dukes, Managing Director of Information Systems and Technology at Pinkerton, regularly asks his team a deceptively simple question: “If every system went offline — if all that we had to work with was pen and paper — could the work continue?”
His stance is unambiguous: “The answer must always be yes.”
Most security leaders would struggle to answer that question with confidence.
Why This Question Matters Now
In 2026, enterprise security operations have become highly digitized — and highly dependent on a stable power grid. Access logs live in cloud systems. Threat intelligence flows through automated platforms. Investigation files exist only in databases. Client communication happens through encrypted channels and digital dashboards.
When infrastructure fails — whether the trigger is a regional power outage, a targeted cyberattack on critical infrastructure, or a cascading cloud failure — the effect is the same: screens go dark, systems stall, and security teams lose their primary tools.
The recent Amazon Web Services 13-hour outage in December 2025 exposed something uncomfortable: organizations that depend entirely on digital infrastructure do not have fallback procedures. Not really. They have theoretical plans written five years ago that assume systems will come back online within hours. They assume the internet will work. They assume their cloud provider’s redundancy actually exists.
The same pattern appears when natural disasters knock out the power grid. Severe weather–driven outages have cost the U.S. economy tens of billions of dollars, even from single events, once lost output and business interruption are counted.
In 2021, for example, Texas’s power grid failure during Winter Storm Uri left millions without power for days and generated tens of billions in estimated economic losses.
So, what happens if it does not come back for days? Weeks? Months? A prolonged regional blackout or major grid incident would test not just your IT resilience, but your entire security operation’s ability to function without electricity at all.
But what if it does not come back for days? Weeks? Months?
A prolonged internet blackout or major grid incident would test not just your IT resilience, but your entire security operation’s ability to function without digital infrastructure and/or electricity at all.
The Historical Precedent That Changes Everything
As a historic organization, Pinkerton understands this better than most, because we have lived through it.
In 1871, the Great Chicago Fire destroyed the Agency’s office building and most of their early records — 59 volumes of Secret Service files, years of operative reports, decades of criminal documentation. Everything burned.
The Agency did not collapse. Instead, Allan Pinkerton and his team developed something better: a criminal identification system combining photography and cross-referenced records. This analog Rogue’s Gallery was so effective that it directly influenced law enforcement practices for decades.
Today, that same instinct to turn disruption into innovation shapes how Pinkerton designs modern, integrated security operations, from resilient threat monitoring approaches to continuity playbooks that assume critical systems will fail.
The Real Problem Is Not Technology
Here is what we learned from that lesson and many more over the last 175 years: security fundamentally is not about technology. It is about people, process, and the ability to protect assets, information, and operations.
Technology accelerates these functions. Digital systems speed up decision-making, improve visibility, and enable coordination at scale. But they are amplifiers of good process, not replacements for it.
When technology fails, process is what keeps operations running.
A security team that cannot verify identities without a badge reader is not secure — it is vulnerable. A security organization that cannot coordinate with clients without email is not operational — it is improvised. An investigation team that cannot reference case histories without a database is not professional — it is exposed.
But here is what we have discovered: the organizations that can function without technology — that have documented manual procedures, trained staff in low-tech operations, and built redundant processes — are actually more secure when technology works. Because they understand security at a fundamental level.
At Pinkerton, we deliberately architect programs so that every technology-dependent task has a defined, trained manual fallback — and we routinely pressure-test those fallbacks through exercises and scenario planning.
What Sophisticated Organizations Are Already Doing
Our approach is not unique to us anymore. Federal agencies are required to maintain Continuity of Operations (COOP) plans that explicitly define how critical functions continue if all digital infrastructure fails for up to 30 days. They maintain physical records. They practice manual procedures. They staff trained personnel who remember how to do things without computers.
Leading security firms are embedding the same discipline into their operations. They maintain backup procedures, practice manual procedures, and document critical decision processes that do not require digital systems. Pinkerton follows the same principle, starting with clear analog workflows and then layering in automation, analytics, and integrated dashboards only where they add real resilience.
This is not paranoia. This is professional maturity.
The Competitive Advantage Nobody Talks About
Here is what separates exceptional security organizations from mediocre ones: the ability to operate without technology creates operational excellence when technology is available.
Organizations that understand their core processes deeply enough to execute them manually are better at implementing technology. They know what problems they are solving. They understand workflow. They recognize bottlenecks.
Organizations that depend entirely on technology tend to implement it poorly because they do not understand the underlying process.
The question Dukes asks — could we continue if systems failed? — is not really about disaster scenarios. It is about operational integrity. It is about knowing your business so thoroughly that technology enhances it rather than replacing it.
What You Should Do Monday Morning
Ask your team: “If all our digital systems failed tomorrow, could we keep protecting our assets and serving our clients?”
Be honest with the answer. If it is “no” or “maybe,” you have a vulnerability that extends far beyond technology failure. You have a process vulnerability. A human capital vulnerability. An operational design flaw.
Then run a simple tabletop exercise that assumes a regional power outage: no access control panels, dark cameras, elevators offline, and limited communications. Walk through, hour by hour, how you would secure facilities, account for people, and communicate with leadership until power and systems are restored. This does not require new tools — it requires clarity about roles, manual procedures, and decision rights when technology is unavailable.
The organizations addressing this question now — before they face an actual crisis — will emerge more resilient. They will implement technology more thoughtfully. They will train staff more thoroughly. They will understand their business more deeply.
They will also be prepared for whatever actually happens.
The Bottom Line: Enterprise Risk Mitigation Strategies
Pinkerton has protected assets for 175 years through technological disruptions we cannot even imagine — from the telegraph to the cloud — by continuously innovating how we blend new tools with enduring first principles.
The constant was not the technology. It was the principle of security. Everything else is just how you do it.
Technology is a powerful tool for improving security. But if you cannot do security without it, you do not actually understand security — you understand your software.
Ask yourself Dukes’ question this week. Really think about it. Then pressure-test your answer with a focused tabletop exercise that assumes a prolonged systems or power disruption, and use what you learn to update your procedures and training.
Partners like Pinkerton help organizations design resilient operations — from risk assessments and security plans to continuity tabletop exercises — so that security programs work whether systems are online or offline.
Then download our white paper: The Pinkerton First Principles: Lessons From 175 Years in Security to see how leading security organizations are integrating technology and human expertise into resilient, innovation-driven models that stand up to both digital and power disruptions.
