Laboratories are uniquely complex environments where safety and security concerns intersect in critical ways. The convergence of chemical, biological, radiological, and physical hazards in a single workplace presents risks unlike those found in most other settings. For lab managers, understanding and addressing this complexity requires not only comprehensive safety protocols but also an evolving appreciation for security threats.

Robert Emery, a leading expert in laboratory health and safety with over 40 years of experience and multiple national certifications, emphasizes the need for lab leaders to expand their thinking beyond traditional safety measures. Emery serves as vice president for safety, health, environment, and risk management at the University of Texas Health Science Center at Houston.

Get training in Life Safety and earn CEUs.

One of over 25 IACET-accredited courses in the Academy.

Life Safety Course

According to Emery, one of the most important distinctions lab managers should understand is the difference between safety and security. While lab safety focuses on preventing unintentional harm through engineering controls, training, and protective equipment, security often deals with intentional threats—acts of sabotage, theft, or violence that may originate from within or outside the organization. Emery points out that only in the English language are “safety” and “security” treated as separate concepts; in most other languages, there’s a single word for both. This linguistic divide reflects a deeper mindset: safety assumes people are trying to do the right thing while security begins with the possibility that someone may not. Recognizing this distinction is essential for developing a more complete understanding of risk in laboratory environments.

Safety and security: A dual-focused lab culture

“The difference is intent,” Emery says. Safety programs are built on the assumption that employees want to come to work, do their jobs safely, and return home unharmed. Security, on the other hand, starts from a place of suspicion. Security professionals must consider the possibility that someone may seek to intentionally cause harm or exploit vulnerabilities.

This subtle but important distinction changes the way risks are assessed and mitigated. For example, safety professionals may view an open manhole as a fall hazard requiring signage and barriers. A security-minded approach, however, would ask whether someone might intentionally push another person into it—or whether someone might use it to gain unauthorized access.

The insider threat: A growing concern

A significant and often overlooked risk in laboratory security is the insider threat. Emery categorizes insider threats into three types:

• Malicious insiders, who seek employment with the intent to cause harm (e.g., activists infiltrating labs to disrupt research)
• Coerced or sympathetic insiders, who are pressured into harmful actions due to personal or ideological reasons
• Oblivious insiders, who unintentionally create security gaps through everyday carelessness or lack of awareness

Most lab personnel fall into the third category. Actions such as propping open doors, sharing access badges, or posting passwords on computer monitors may seem harmless but can significantly undermine facility security.

A simple, actionable insight

Emery encourages lab managers to incorporate one seemingly simple question into their routine safety inspections: Do you have any safety or security concerns?

When this question was added to lab walkthroughs at his institution, 80 percent of staff responded, and of those, the majority raised concerns not previously covered by standard safety checklists. These included issues as varied as poor lighting in parking lots and suspicious after-hours activity.

In one case, asking this question uncovered a researcher who was using a lab printer at night to steal proprietary data and mail it overseas. The security breach was discovered only because someone mentioned that the printer was always out of paper in the morning.

Rethinking inventory and access

Another critical area that Emery highlights is chemical inventory management. Traditionally, labs track chemical stocks to assess fire loads or compliance with safety regulations. However, from a security standpoint, inventory should also account for “shrinkage”—a term more commonly used in retail. Regulatory authorities may expect labs to immediately account for missing quantities of hazardous materials, viewing unexplained losses as potential security threats.

Similarly, reviewing access logs should include not only who successfully enters restricted areas but also who attempts and fails to gain entry. Failed access attempts, even when innocent, may signal credential misuse, unauthorized activity, or vulnerabilities in the access system.

Cybersecurity and connected equipment

Emery acknowledges that many lab managers are not trained on cybersecurity, but it is a growing concern. He recommends that lab managers expand their definition of security to include digital vulnerabilities. Internet-connected lab instruments, cloud-based data storage, and external software integrations all pose risks if not properly secured. He warns that many labs are unaware of equipment that has public-facing IP addresses, creating potential points of entry for cyber attackers.

Practical steps for lab managers

Emery offers a set of practical measures lab leaders can adopt to enhance both safety and security:

• Integrate security awareness into safety training: Educate staff on recognizing suspicious behavior, protecting data, and securing access points.
• Ask staff about safety and security concerns: Make this a regular part of walkthroughs and create clear channels for reporting.
• Inspect labs after hours: Assess lighting, access, and potential vulnerabilities that may not be visible during daytime operations.
• Monitor failed access attempts: Regularly review logs for unsuccessful badge-ins and investigate anomalies.
• Coordinate terminations with security protocols: Ensure that badge access and login credentials are revoked promptly when staff leave.
• Treat chemical inventory as a security function: Know what substances are stored, where, and in what quantities—and track them in real time.

Laboratory managers are often tasked with maintaining high standards of safety, but it’s just as crucial that security be embedded into everyday lab culture, too. The risks posed by insiders, cyber threats, and unintentional oversights demand vigilance, structured protocols, and an understanding of how safety and security differ—and how they overlap.

By adopting a more holistic approach, lab leaders can better protect their people, research, and reputation—while fostering a culture of awareness and accountability.

Robert Emery delivered a presentation on the topic of laboratory safety versus security at the 2025 Lab Manager Leadership Summit in Pittsburgh, PA, April 7-9. Visit summit.labmanager.com/leadership to learn more about this annual in-person event.