The security industry has traditionally focused on hardware, guarding services, and reactive responses.
# Risk assessment – However, these measures alone rarely address the real drivers of crime. This article explores a more foundational approach that prioritises understanding risk before any solution is applied.
It explains why many security efforts fall short when underlying vulnerabilities are not properly identified and why repeating the same approach with different providers often produces the same limited results. Drawing on long-term industry experience, it highlights the importance of independent analysis, critical thinking, and a structured assessment process that examines how criminals identify and exploit weaknesses.
Ultimately, it reinforces the need for a risk-driven approach to security that goes beyond equipment and focuses on the conditions that allow crime to occur.
If we look at the history of the security industry, it has largely focused on selling hardware and providing guarding services. Very few have been involved in identifying the risks that lead to crime or understanding the broader vulnerabilities that need to be addressed.
Security has been the primary response to crime for more than sixty years. While the industry has grown significantly and technology has advanced, crime has not been eliminated.
In many cases where security measures fail, the response is to engage another security provider.
The underlying issue is that the same approach has often already been applied for years without resolving the root cause.
Changing providers does not change outcomes if the actual risks have never been properly identified or understood.
The key principle is simple. If the risk is not understood, it cannot be addressed. If it is not identified, it cannot be managed. Without a clear understanding of the vulnerabilities that create opportunity for crime, no amount of equipment, technology, or manpower will deliver effective security. Adding more hardware does not resolve a risk that has not been defined.
The security industry in South Africa has existed for more than sixty years.
Despite the growth of technology and the wide range of available solutions, crime remains a persistent challenge. Over the past twenty years alone, significant resources have been spent on security, often without achieving the intended outcomes. In many cases, this is the result of following incorrect or incomplete guidance.
A useful comparison is medical care.
A person with a heart condition who relies on general advice rather than consulting a specialist is unlikely to receive the correct treatment. Basic support may be available, but proper diagnosis requires specialist knowledge and experience. Security operates in the same way. Without the involvement of a specialist who understands how risks develop and how vulnerabilities are exploited, the solutions applied may appear reasonable but often fail to address the underlying issue. A simple question remains: if the risk is not understood, what exactly is the security protecting?
It is also important to recognise that criminals often spend more time thinking about security than business owners, procurement teams, or property managers.
study weaknesses, observe patterns, and actively look for opportunity. This reality should not be underestimated. Until risks are properly identified and understood, security will continue to fall short of expectations.
In today’s environment, criminals, insiders, robbers, kidnappers, and targeted attackers often operate with access to similar tools and, in some cases, a deeper understanding of how organisations and private properties function.
One reason for this is that criminals are not restricted by internal processes, procurement rules, or administrative procedures.
They can act quickly and without the constraints that often slow down legitimate decision-making structures. In contrast, procurement systems, compliance requirements, and scoring models can sometimes result in unsuitable providers being appointed. Over time, this has contributed to repeated failures across different environments.
One of the assessment types used in practice is a reference assessment. This focuses on the background and credibility of those providing security services. In many ways, the principle is similar to well-known lessons in operational environments: equipment and inputs must meet minimum standards, yet cost pressures often lead to compromises that affect long-term performance. The same applies in construction, where poor material choices and weak planning result in structural failure long before completion.
Security follows the same logic.
If a proper independent security risk assessment has never been conducted, then effective security has not truly been established. This is why a large percentage of installed security measures eventually fail to deliver the expected outcome. This conclusion is based on more than twenty years of assessment work and repeated observation of the causes behind security failures.
This brief explanation provides context for our approach. # SA risk assessment