Threat and Risk Assessment in Close Protection

Threat and Risk Assessment in Close Protection

Close protection provision should be relative to the threat, or the perceived threat towards the Principal and the risk level. So, it is essential to know the difference between a threat and a risk.  

Close Protection Threats

A threat is an expressed intention to inflict pain, injury, misery, embarrassment or damage (physical, mental, political or financial).

Threats may be routine and faced daily or tied to a particular venue, event or route. Some dangers may be imminent others less urgent. Threats may be due to planned attacks or totally unintentional. Terroristic threats could be at a personal or location level or both. Intrusions and security breaches can cause multiple threats. 

Types of threat:

  • a known threat, e.g. the local crime rate and trends;
  • a direct threat, e.g. a threat to life by an individual or group;
  • a perceived threat, i.e. the danger an individual feels due to their situation, circumstances, or environment.

Within the close protection context, threats include unwanted attention, unintentional injury, intentional injury or attack, disruption of lifestyle, embarrassment, and a threat to public image.

It is vital to threat profile Principals to know the enemy and provide the best protection for the Principal while maximising safety for the operatives. Without a threat profile:

  • cannot establish correct team roles;
  • adequate resources cannot be assigned;
  • assignment requirements cannot be clarified;
  • the level of risk cannot be determined.

Close Protection Risks

A risk is the probability of a threat occurring, i.e. the amount of exposure one has to a threat that would result in unwanted harm, damage, or loss.

We can classify risk on a sliding scale: Low, Medium, High or Negligible, Moderate, Severe. Close protection plans should balance the potential damage from a threat and the risk of the threat occurring.

Required Assessments

A respectable security company or close protection operative will start to gather information on a prospective Principal as soon as a client enquiry is received. The CPO uses this due diligence exercise to assess the threat and risk to the Principal, their family, their business interests and assets. 

Information Gathering

The fundamental SIA threat and risk assessment training encourages the CPO to use the seven Ps of principal threat profiling: people, places, personality, prejudices, personal history, political/religious views, and private lifestyle to look for direct and indirect threats. 

Usually, information gathering involves meetings with the client and the Principal. It can be challenging to elicit very personal information such as medical history, but it may be vital. If the Principal has an underlying heart problem this would be an essential fact to include in the threat and risk assessment.

Reconnaissance, route selection, security surveys, and surveillance may all be necessary to determine the level of threat, risk level and resource requirements. It may be required to involve local agencies such as police, embassies and other authorities. The contractor can then complete the assessment and develop an operational plan. This plan can address the need for security, the number of operatives, types of vehicles and other specific requirements.

Close Protection Risk Assessment

Various types of threats require a different approach. Plan to mitigate different threats in different ways. The risk assessment is “the overall assessment of the risk or any risk that is associated or could be associated with the Principal because of their status”. The Principal’s status could be political, celebrity, public figure or purely down to wealth. 

For example, an overseas business person that invested wisely and is high on the Forbes rich list may not be easily recognisable in the UK. Risk of recognition when out in public is low. However, this person could be a potential victim of kidnap. Although the risk of being recognised is low, the potential risk of kidnap is medium. Therefore the threat level associated with the business person could be low to medium, depending on any additional information that may be known.

By using a risk matrix, categories of risk and the likelihood of risk can be listed against the severity of the risk from low to high. The risk matrix enables the prioritisation of the threat level and the associated response and resources required. 

For example, a Principal deemed to have a low threat level would probably not have an SAP team or CAT team. For a low threat level, resources would probably be low key and discreet. 

At the opposite end of the scale, a high threat level Principal such as the President of the United States (POTUS) has unlimited resources with unknown millions spent on security details annually.

Additional advantages of using formal decision-making models as a guide include leveraging predetermined requirements and helping to justify resources and costs. 

For example, although each situation varies, there are common requirements and differences when a Principal is arriving at and leaving a location. The exposure to risk, layers of protection, parking arrangements, and embus/debus points may be different between arrival and departure. Plans for arrival should consider contingencies if the venue is compromised or the entrance compromised. On leaving there should be plans for leaving under routine or leaving under an attack. There may also be the need to accommodate unaccounted passengers accompanying the Principal.

The Real World

Unfortunately, in the real world, vital information and intelligence regarding the Principal are often very difficult to source. Data may not be freely available, and the client or Principal can be reluctant to pass on the information that is required. Reluctance can be due to privacy concerns or lack of trust. Sometimes a problematic and controlling staff member wants to make themselves appear more valuable by being privy to private information.

Assigning the correct level of security to the Principal requires a vast amount of information. Close protection can be hindered by budget constraints, even if all of the information is gathered. Amending the threat and risk assessment to reflect the budget is common (usual?) practice.

UK Government threat levels

Low – an attack is unlikely

Moderate – an attack is possible

Substantial – an attack is a strong possibility

Severe – an attack is highly likely

Critical – an attack is expected imminently

Ongoing Risk Assessment

It can take time to glean the information after the task has started, sometimes from the principal staff members, other contractors, or the Principal themselves. So, beyond the initial assessment, there should be ongoing threat and risk assessments.

The risk assessment should be updated regularly to keep up with a change in the Principal’s lifestyle and status or political movements globally, as this may affect a Principal’s status. Travelling with a Principal to foreign countries often adds further risk. Alter the risk assessment accordingly.

Response and contingency plans need to change as risks and threats develop. New options, mitigation and safety measures may become necessary. Maintaining a high level of security involves situational awareness and preparedness.

Dynamic Risk Assessment

So, the threat and risk assessments should never stop. The close protection operative or team should always be assessing and carrying out threat and risk assessments as dynamic assessments. As soon as they step out or move with their Principal, dynamic assessments will be taking place. For example: is the person walking towards the Principal a threat? is the parked car suspicious? Considerations can be even as dull and monotonous as the weather. If the temperature was below freezing last night, the pathway between the office and the car might be slippery and hazardous. Ice may not be life-threatening, but it is still a potential risk of injury towards your Principal.

Every one of us carries out dynamic risk assessments during everyday life, such as crossing the road. It happens on such a regular basis that it becomes a habit. Most people do not give it a second thought. Threat and risk assessments and dynamic risk assessments carried out by close protection operatives taken this behaviour to another level. Options, mitigation and safety measures should continually evolve. Planned responses must change on the fly if the CPO is to be ready for the unexpected or unplanned. Situational awareness saves lives!

No Substitute for Experience

Novice CPOs can be shocked by the very little information they receive. The inexperienced operative may have to decide whether or not to take on a task or client without the knowledge required to ascertain the current threat level of the proposed Principal or task. Unfortunately, it is these inexperienced CPOs who are likely to accept short notice or ‘fastball’ tasks in an effort to build their reputation. Such tasks are often only for a short duration, and there is often no time or ‘open source’ information available on that particular Principal – even if the Principal’s identity is known!

By not being able to conduct an accurate risk assessment or threat level, the CPO exposes themself and their Principal to potential danger or harm. Also, by taking such work, the CPO is most likely being underpaid for the level of risk they are being exposed to.

Close Protection Services

Westminster Security provides professional close protection security services in London, the UK, and worldwide.


Westminster Security Ltd are not close protection training providers. Content provided is for informational purposes only. Please do not take this content as an operational guide. Some sensitive details have been omitted or changed for confidentiality and security reasons.