Consider the Antwerp World Diamond Centre robbery in 2003 – a break-in at a vault two floors underground protected by no fewer than 10 layers of security. As the story tells, Leonardo Notarbartolo disguised himself as a diamond merchant and moved into an apartment next to the centre in 2000 and in 2003 he and his crew stole diamonds and gold worth $100m without triggering any of the 63 security cameras. Bizarrely, Notarbartolo was eventually linked to the crime by roadside rubbish and his DNA found on a sandwich.

Not quite as extreme, but nevertheless outrageous, is the theft in November 2024 of the entire rPET recycling plant from QC Polymer (in administration). As Printweek reported in December, the line was found to be stolen on the eve before a public inspection of assets before an auction. Printweek wrote that, notably, “the administrators had estimated that it would have taken seven days to dismantle this plant, and a fleet of 10 articulated lorries and two cranes to cart it away”.

Just as peculiar, is another case that Printweek reported at the beginning of this year of a “customer-owned item” worth £50,000 that had gone missing from the failed Works Manchester. It was not disclosed what the item was, but the value alone should be enough to raise eyebrows.

And then there was the ‘lesser’ case from 2008 which Printweek also reported on. In this instance, a production worker at book printing firm Clays had been stealing copies of various books over an 11-month period from a plant in Bungay, Suffolk, to sell on eBay for around £5 each. It is not clear how many were stolen or how much he had gained from selling them.

Interestingly, the government’s 2023 Commercial Victimisation Survey (CVS), updated in September 2024, found – among things – that an estimated 26% (409,000) of all business premises, in England and Wales, were a victim of a CVS crime during the previous 12 months; and the most prevalent offence type experienced by businesses was theft (14%), followed by burglary including attempted burglary (8%) .

Risks of loss

Zachariah Islam, managing director of Region Security Guarding, says that loss in commercial and industrial environments is more prevalent than many business owners might assume – “while retail settings often focus on shoplifting, industrial and commercial sectors face diverse risks that can lead to significant financial losses”.

Typically his firm sees crimes relating to external theft which will most commonly involve trespassing and break-ins targeting valuable stock, machinery, and even fuel. He says that “it’s not uncommon for organised crime groups to begin targeting businesses if they notice there’s a lack of effective security on-site”.

And then there’s employee-related theft, which will often target the removal of easy-to-conceal company property.

Dave Kearns, managing director of the Expert Investigations Group, sees three different vectors for attack.

The first comes through external players who commit fraud or who perpetrate cyberattacks for financial gain by, for example, either obtaining monies via false invoicing or supplier frauds. He warns that “gaining access for data, including personal details, can enable fraudsters to use identification for other fraud or criminal means.”

Next comes external physical theft by what he terms the ‘typical criminal’ through burglary, walk in theft, and criminal damage. He notes that it should be obvious what the initial effect that theft and burglary can have on a business, but “one must also consider the loss of downtime and productivity as a result of the theft... this could be theft of certain tools, computers or vehicles”.

Thirdly, Kearns highlights the risk of internal theft and fraud committed by employees.

He adds that in “over 25 years I have investigated in every type of commercial, industrial or manufacturing business. The offences and those that go undetected are and have been committed at all hierarchal levels of a business”. He continues: “When several people are involved, or senior/board members are involved, statistics show it takes longer to identify the theft or fraud, and the median losses are higher than an individual working alone.”

Losing items

Theft goes beyond the obvious ‘removal’ of the physical as employees can also ‘lose’ items such as phones or laptops.

As Kearns outlines, “it is simple for an employee to ‘lose’ something... steal it and report it as a loss and sell it – especially as there are many routes for sale for stolen products”. And where an employee makes the decision to steal or commit fraud then the costs can be significant, and more importantly, it may go unnoticed.

Islam thinks the same. He too says it is surprisingly easy for employees to ‘lose’ company property, and it may not always be accidental: “In workplaces with weaker security measures, items like laptops, phones, tools, or even sensitive documents, are at risk of disappearing without a trace.”

However, they’re certainly not the only thing that will get stolen.

He points here to personal protective equipment (PPE) as “another potential target that non-retail commercial environments should be wary of; it’s not uncommon for workers or thieves to take them for their own personal use, or for resale purposes.”

Then there’s fuel which he considers probably one of the larger ‘non-conventional’ targets of theft though. As he outlines, “if company vehicles are left unattended, it’s a perfect window for thieves – or even employees – to siphon fuel; this can be especially hard to keep track of if it’s done in small amounts”.

But as Kearns well knows, everything has a value, whether it is in a raw or finished state – “there is a marketplace and outlet for the sale of all stolen goods in one format or another”.

And he’s seen some big numbers at clients – the theft of £125,000 of vehicle parts in completed state. In this instance, an employee came on site, loaded a vehicle, used a forklift and drove the goods away. Another case saw high-value flooring worth £90,000 loaded by employees into their vehicles and sold on eBay. And in a third, there was the theft of scrap metal by three Saturday workers when there were no supervisors around; they loaded their vehicles and went to a scrapyard each Saturday afternoon. The possible loss over many years was estimated to be around £100,000.

Equally, Kearns reckons that not all cases have to be high value: “An employee who can steal £100 per week in some format or another will be happy with their gain and draw no attention to themselves.”

Similarly, Islam thinks low-value items are at high risk of loss and are surprisingly common targets. And this is because “low-value items often go unnoticed when missing, which makes them an easy target. But repeated theft of low-value items can add up to a significant sum over time.”

Inventory loss

And what about losses of inventory in general? In relation to this Kearns is bothered that so few businesses put internal theft and fraud on the board’s agenda. As he says: “It’s only after a theft or fraud that they are willing to accept the risk as real and put measures in place to prevent it happening again – but this too late… a typical case of ‘closing the stable door after the horse has bolted’.”

Indeed, Islam sees losses of inventory, particularly consumables that are easy to resell, as being more widespread than many business owners realise or are willing to admit. As he comments: “Unlike high-value items that require tracking, small consumables – such as stock-in-trade materials, office supplies, or raw goods – can disappear unnoticed over time.”

But why don’t directors see theft as a risk to their business? It’s very odd for as Kearns says, “there are simple, cost effective measures they can introduce to prevent, disrupt or detect such crimes”.

The problem is likely the feeling of invulnerability, until it’s too late; often a business will not know there has been a theft or fraud until something happens to highlight it.

Take fraud. Kearns says that the figures from the Association of Certified Fraud Examiners Report to the Nations 2024 shows that (internationally) 19% of fraud was found by accident and in 32% of cases, the internal controls had been overridden .

Fundamentally, he believes “there is the opportunity for dishonesty in every type of commercial or industrial business irrespective of its geographical location, turnover, number of employees or industry sector”.

A typical criminal?

With a hint of caution, Kearns says that risk is ever present and so “there are no generic telltale signs; people being dishonest generally do not attract attention to themselves”.

While there have been documented and proven ‘red flag’ indicators such as excessive control, a person not taking holidays, aggressive and socially disruptive behaviour, the problem is that the world has changed with virtual and hybrid working – especially as work can be subcontracted out – which makes it harder to see those indicators.

Indeed, Kearns notes that such working can “afford the time for an employee to be dishonest as they are not under a natural surveillance in the workplace with supervisors, managers or colleagues being on site to make observations, be involved or see behavioural changes”.

Even so, Islam reckons that the risk of an insider working with someone outside the company is “one of the biggest and most difficult-to-detect security threats in commercial and industrial environments. Employees with access to sensitive information, valuable inventory, or restricted areas can significantly increase the impact of external theft or fraud”.

He’s seen cases where warehouse employees have coordinated with external thieves to leave access points unsecured; staff with knowledge of security systems have disabled alarms or CCTV at key moments; logistics workers have tipped off criminals about high-value shipments or weak security protocols; and office staff with financial access have leaked company banking details or conducted invoice fraud.

The key to protection

Crime prevention measures such as technology, zero-tolerance attitudes, written policies and inventory tracking are, in Kearns’ opinion, “the most neglected area by businesses, managers and directors”.

He reckons that situational crime prevention should include IT and software systems, CCTV, access control, inventory and stock monitoring, perimeter security, lighting, housekeeping as well as a written managed protocols that is disseminated to all employees. Such measures form layers of protection.

This is a tack that Islam would take.

He too advocates a multi-layered approach that combines physical security measures, technology, strict policies, and a strong security culture. As he says, “businesses that rely solely on one aspect, say, just CCTV, often find that gaps still exist. The most effective strategies involve a mix of security measures and employee accountability”.

If advising, he would deploy measures such as CCTV and remote monitoring for sensitive and key areas and recording evidence; access control and key cards to restrict movement; sign-in/sign-out systems to log the movement of items and reduce unauthorised removals; regular stock audits – both scheduled and surprise; close monitoring of high-risk and costly items; and possibly, the use of security guards.

But even with such measures Kearns reminds, though, that “dishonest employees can override measures put in place or the measures themselves may not be sufficient. Therefore the question is ‘how effective are these measures?’”

He worries that “firms believe that once they have these measures in place that they are secure. They are not. Every time I conduct a security review, I find that CCTV is ineffective – cameras are faulty or lighting is insufficient, or access controls doors have been jammed open”.

Advice going forward

So, in trying to lock the door before the horse contemplates bolting, both Islam and Kearns recommend a number of steps.

For Islam, it’s important that firms take a proactive approach to identifying risks and implementing strong security measures. The key is to gather information, analyse patterns, and establish clear controls to prevent future losses.

Kearns thinks that firms must be realistic and mature and work from the broad and general to the specific – all with expert help. As he says, “you are the experts in your business not security and investigations.”

Both Islam and Kearns emphasise that security must be regularly reviewed via a multi-tiered approach that involves the board understanding the risk and leading from the top, along with internal training.

Lastly, Kearns thinks it essential to instil a culture where workplace dishonesty is not tolerated so as to counter the perception held by (some) employees that the likelihood of being caught is minimal and so the risk of prosecution is unlikely.

Summary

Crime happens – it’s regrettable, but that’s life. This means that every firm needs to consider itself under potential attack and so must take proactive steps to protect its position. To assume that ‘it’ll not happen to us’ is to be both naïve and negligent.

REDUCING CRIME OPPORTUNITIES

Protecting business assets is just as important as protecting premises. Assets may include computers, laptops and tablets; information stored on paper or computers; mobile phones; company vehicles; stock; items held on behalf of clients; and specialist tools and equipment.

Mark assets

Each piece of equipment a business owns should be permanently marked and a note of the model, make, and serial number should be recorded.

Keep a record of what assets are held, who’s responsible for them and where they’re located. Secure any high-value items in a secure storeroom when they’re not in use.

Mobile phones and computers

If a mobile phone, laptop, computer or tablet is stolen, it’s the loss of data that can be more of a security threat than the loss of the item itself, especially if sensitive information could be accessed.

All mobile phones can be identified with their international mobile equipment identity (IMEI) number, something that should be written down in a log of assets. To find a mobile phone’s IMEI type *#06# into the handset.

Goods and business vehicles

Any business vehicle should be treated just like the premises of the business with secure windows and doors and a lockable box in the back. Other security devices that can be added include a steering lock; an immobiliser; a vehicle tracking system; and an alarm.

For high-value machinery and vehicles, e.g. plant machinery or specialist equipment, tracking devices or marking these so they’re easily identifiable should be considered.

Stock

To keep stock secure, it’s necessary to know where it’s located and what is held with records of when stock is used, sold, thrown away or replaced. Conduct regular stock checks including deliveries; operate a stock control system, making sure records are only amended after authorisation; keep stock away from areas where they can be easily reached, e.g. doors; use secure rooms or cabinets that are lockable and fireproof for high-value stock; use CCTV or mirrors to keep equipment and stock monitored at all times; and limit how many people can access valuable stock.

Preventing theft by staff

There are a number of things that can put be in place to prevent theft, including installing CCTV in staff car parks; creating an honest working environment, communicating to staff members the costs and implications of stealing from the company; regularly changing who controls stock; and restricting access to stationery cupboards, stockrooms and warehouses.

And before a new employee is hired, references should be checked thoroughly and their identity verified.