Behind every successful close protection operation sits a piece of work the public rarely sees, the threat and risk assessment. Long before a bodyguard opens a car door or walks a client through a venue, a great deal of careful analysis has already taken place. This assessment is the foundation that everything else is built on, the number of officers deployed, the vehicles used, the routes taken and the contingency plans prepared. Get it right, and protection is proportionate, discreet and effective. Get it wrong, and a client may be over-protected, under-protected, or exposed to dangers no one saw coming.
This guide explains what threat and risk assessments are, how they work, and why they sit at the heart of professional close protection in the UK.
Threat Versus Risk
The two terms are often used interchangeably, but in close protection they mean different things, and understanding the difference is essential.
A threat is the potential source of harm, an intention or capability to cause injury, loss, distress or damage to the person being protected (known in the industry as the principal). A threat might be a stalker, a hostile group, the risk of kidnap, or even an accidental hazard.
A risk is the likelihood of that threat actually materialising, combined with how serious the consequences would be. In other words, a threat describes what could go wrong, while risk describes how probable it is and how bad it would be.
A useful example, a wealthy overseas businessperson might be virtually unknown on the streets of London, so the threat of being recognised and targeted opportunistically is low. Yet because of their wealth, the threat of a planned kidnap could be far more significant. Separating these two ideas allows a security team to focus resources where they are genuinely needed.
Why the Assessment Matters So Much
A thorough assessment shapes every practical decision that follows. Without one, a close protection team cannot:
- Decide how many officers are required, or what roles they should fill
- Allocate the right resources, vehicles and equipment
- Set a protection level that is proportionate rather than excessive or inadequate
- Justify the cost of the operation to the client
- Prepare meaningful contingency plans for when things go wrong
In short, the assessment turns vague concern into a clear, defensible plan.
Building a Threat Profile
To understand the dangers a principal faces, security professionals build a threat profile, a detailed picture of who the person is and what makes them a potential target. UK close protection training, overseen through SIA-aligned standards, encourages operatives to consider a familiar framework often summarised as the “seven Ps”:
- People: Their associates, rivals, staff and known adversaries
- Places: The locations they regularly visit
- Personality: Their character and how they behave in public
- Prejudices: Views or affiliations that might attract hostility
- Personal History: Past incidents, threats or vulnerabilities
- Political and Religious Views: anything that could make them a target
- Private Lifestyle: Habits, routines and patterns that could be exploited
Working through these areas helps the team identify both direct threats (a specific person or group intending harm) and indirect ones (the general risks attached to the principal’s status, wealth or profile).
Gathering the Information
A reputable security provider begins gathering intelligence the moment a client makes an enquiry. This due diligence usually involves direct conversations with the client and the principal, alongside research, reconnaissance of locations and routes, and sometimes liaison with police, embassies or other authorities.
Some of the most important information is also the hardest to obtain. Medical details, for instance, can be sensitive, yet an underlying heart condition could be critical to know in an emergency. Clients are sometimes reluctant to share personal information out of privacy concerns or simple lack of trust, which is one reason an experienced, discreet operator is so valuable.
Measuring Risk with a Matrix
Once threats are identified, the team weighs them up. A common tool is the risk matrix, which plots how likely each threat is against how severe its consequences would be. This produces a clear ranking, from low through to high, that helps prioritise where protection effort should go.
The level assigned then drives the scale of the operation. A principal assessed as low threat might be protected discreetly by a small, low-key team. At the extreme end of the scale, a head of state faces a level of threat that justifies enormous resources and large, specialised teams. Most private clients sit somewhere in between, and the matrix helps tailor a sensible, proportionate response for each.
UK Government Threat Levels
It’s worth knowing the official threat levels used in the UK, as they provide useful context for any assessment:
- Low: An attack is unlikely
- Moderate: An attack is possible but not likely
- Substantial: An attack is a strong possibility
- Severe: An attack is highly likely
- Critical: An attack is expected imminently
These national levels reflect the broader security picture, while a close protection assessment focuses on the specific risks to an individual.
Assessment Never Really Stops
One of the most important things to understand is that a threat and risk assessment is not a one-off document filed away at the start of a job. It is a living process.
Ongoing assessment means the picture is updated as new information emerges and as the principal’s life changes, a new business deal, a shift in their public profile, or travel to a higher-risk country can all alter the threat landscape and require the plan to adapt.
Dynamic assessment happens moment to moment, in real time, as the team operates. Is the person approaching the principal a threat? Is that parked car suspicious? Could the icy pavement between the building and the car cause a fall? Most of us perform simple dynamic assessments every day, judging when it’s safe to cross a road, for example, but a close protection operative does this constantly and at a far higher level. Strong situational awareness is what allows a team to respond to the unexpected before it becomes a crisis.
Why Experience is Irreplaceable
No framework can substitute for hard-won experience. Less experienced operatives can be caught out by how little information they’re given, and may feel pressured to accept last-minute jobs without the chance to assess the threat properly. Taking on work blind exposes both the operative and the principal to unnecessary danger. A seasoned professional knows what questions to ask, what information to insist upon, and when a task simply doesn’t add up.
Conclusion
Threat and risk assessment is the quiet, analytical heart of close protection. By separating what could go wrong from how likely it is, building a detailed profile of the principal, and continually reassessing as circumstances change, professional teams can deliver protection that is proportionate, prepared and genuinely effective. It is detailed, demanding work and it is precisely this groundwork, carried out by experienced operatives, that keeps clients safe.