Building a Strong Security Plan Beyond Guesswork
Every day, security breaches cost businesses millions due to overlooked vulnerabilities. But what if you could stop guessing and build a strong, tailored security plan from the ground up? That’s exactly what we do.
When we talk about a security risk assessment in a business environment, most people picture the obvious threats: criminals forcing their way in, hijackings, armed robberies, and even assassinations. That’s the outside layer of security, also called outsiders: keeping danger out.
We dig deep. We examine everything from the surroundings to the smallest security detail inside the business, project, or property. It’s not just about finding problems; it’s about understanding how your security operates, how maintenance and communication flow, and where risks hide in plain sight.
This means we’ll look at everything from the surrounding neighborhood to the entrance gates, access control points, reception area, and the rest of the business or project environment to understand exactly where the risks are.
It’s not just about spotting risks. We also look at how security is managed, how communication and control take place, and even how maintenance is handled. Once we’ve gathered all that information, we use it to build a safety and security plan. That plan will identify the risks and explain the security measures that should be in place to address them.
Our Role: Independent Risk Assessors
Now, it’s important to understand our role. We are independent risk assessors. Our job is to identify the risks and explain which security solutions will fit those risks best. We don’t install or sell equipment, because if we did, we wouldn’t be independent anymore. Think of it like this: you can’t be the referee and the player in the same game.
The Inner Layer: Insiders
But there’s another side that businesses often overlook: the inner layer, also called the insiders. These are the threats that grow quietly inside the organization, such as corruption, fraud, information leaks, manipulation, and more.
And because every organization has multiple departments and layers of authority, there are often several potential insiders at play, each with their own access, knowledge, and vulnerabilities.
Here’s the uncomfortable truth: the average security system does very little to stop insiders. It isn’t designed for them. It’s a completely different game, one that requires a different mindset.
In fact, in 2024, South Africans spent over R60 billion on private security, where barely 10% of that was directed toward preventing insider threats. Meanwhile, insiders continue to hold the advantage because they belong there. They understand systems, routines, weaknesses, and blind spots better than anyone else.
These aren’t isolated incidents; I have dozens of stories just like them. Insiders are not just a nuisance. They are the driving force behind 80–90% of the curators behind assassinations and a significant portion of major corporate losses.
Our Approach: Inside Out, Then Back Again
That’s why, during a business risk assessment, we start from the inside and work our way out, then reverse the process again.
We look at physical risks, physical security, and the management structures around those risks, including instructions, communication channels, data management, and human behavior. We interview management, analyze internal systems, and map every area where information and access intersect.
Every organization is different. Every environment has unique weak points. And often, the most dangerous vulnerabilities have nothing to do with hardware; they lie in people, processes, and assumptions.
We will ask the uncomfortable questions. We will look at the things no one wants to admit might be happening. But by the end, we will have a complete understanding of the risks inside the environment and how those risks can turn into crime.
Our Goal: Identify, Explain, and Eliminate
Our goal is simple: identify the risk, explain why it is a risk, and design the solution that eliminates it. Sometimes we build an entirely new system from scratch. Most of the time, we simply refine what already exists. Often, it’s as simple as changing a few protocols.
Ultimately, we want everyone in the organization speaking the same security language, one built on clarity, communication, and proper management. Because once that happens, everything else falls into place.