August 12, 2025

Why the Next Security Scandal Will Start with a Compliant Company

“We followed the rules. We used licensed staff. The equipment was ‘approved.’” Those will be the lines. In the internal review. In the boardroom. In the crisis comms memo. Too often heard self-assuring, half-panicking words.

As a person with a legal background, I could offer a legislative blanket and comfort the stressed. However, compliance isn’t a shield anymore. It’s a checklist. And in today’s security landscape — complex, politicized, tech-saturated — that checklist won’t save you. In fact, it might lull you into false confidence while disaster brews just beneath the surface.

‍

The Rise of Compliant Chaos

Security firms and corporate clients alike are operating under outdated assumptions:

If it meets regulation, it’s safe to deploy.

If it’s on the government’s approved list, it’s ethically sound.

If the supplier’s certified, we’re covered.

This all happens in a time where the private security industry, like so many other industry sectors as well, is undergoing a tech arms race. Drones, AI surveillance, behavioral analytics, biometric access control — if it’s shiny and digital, it’s being sold.

But often, these tools are being deployed without a deep contextual knowledge of the operations in which they take place, without full integration, or without understanding the need for specific oversight and control mechanisms. Companies trust vendors who slap a “GDPR-ready” or “SIA-aligned” label without risk modeling, deep understanding of the contextual and operational requirements, proper staff training, or solid processes, tools, and frameworks.

That’s where the real scandal will start. Not with a malicious act, but with a compliant misjudgment. And the recent history is telling us this story.

‍

Show me the lowest bidder – the biggest disturbance

From the client side, a budget defines (almost) all. Procurement teams are under pressure. Even individuals buying security services and equipment are highly cost aware. Because budgets are tight. And when faced with (three?) bids — all claiming “compliance” — they choose the cheapest. That’s how corners get cut:

Staff are undertrained but licensed.
Tech is powerful but unvetted.
SOPs look great on paper but don’t survive contact with reality.

Compliance doesn’t prevent failure — it masks it and provides a satisfying illusion in which one feels safe enough not to ask further questions or dive into inconvenient and time-consuming details such as what constitutes this low rate. Because in this era, we all are so very busy and do not have time for details, checks, and critical questions. However, the scandals that expose how compliant providers could still operate and use equipment in ways that are unsafe, unethical, and ultimately reputationally devastating to both contractor and client. So, are we rushing in the right place and time just to meet the bottom faster?

We’ve seen it across sectors — not just in security. It’s always the same pattern:

A compliant vendor or service provider that was never properly challenged. Perhaps due to the lack of deep understanding of the service content, tools, or context, or simply by being too busy or indifferent.

‍

Final Thought: Don’t Be the Next Headline

If you work in private security, procurement, or corporate governance, it is time to clear your mind. Compliance is essential, but it’s not sufficient on its own, nor does it equate to thorough due diligence or quality assurance. One needs to ask deeper questions and allocate adequate time to define the criteria, indicators, tools, and services required to address the complexity. This approach might also justify potentially higher costs. Because the next scandal won’t arise from a “bad actor” but from a compliant company that stopped thinking critically.

‍

Stay safe,

Pia

‍

Back to blog

Why the Next Security Scandal Will Start with a Compliant Company

“We followed the rules. We used licensed staff. The equipment was ‘approved.’” Those will be the lines. In the internal review. In the boardroom. In the crisis comms memo. Too often heard self-assuring, half-panicking words.

As a person with a legal background, I could offer a legislative blanket and comfort the stressed. However, compliance isn’t a shield anymore. It’s a checklist. And in today’s security landscape — complex, politicized, tech-saturated — that checklist won’t save you. In fact, it might lull you into false confidence while disaster brews just beneath the surface.

‍

The Rise of Compliant Chaos

Security firms and corporate clients alike are operating under outdated assumptions:

If it meets regulation, it’s safe to deploy.

If it’s on the government’s approved list, it’s ethically sound.

If the supplier’s certified, we’re covered.

This all happens in a time where the private security industry, like so many other industry sectors as well, is undergoing a tech arms race. Drones, AI surveillance, behavioral analytics, biometric access control — if it’s shiny and digital, it’s being sold.

But often, these tools are being deployed without a deep contextual knowledge of the operations in which they take place, without full integration, or without understanding the need for specific oversight and control mechanisms. Companies trust vendors who slap a “GDPR-ready” or “SIA-aligned” label without risk modeling, deep understanding of the contextual and operational requirements, proper staff training, or solid processes, tools, and frameworks.

That’s where the real scandal will start. Not with a malicious act, but with a compliant misjudgment. And the recent history is telling us this story.

‍

Show me the lowest bidder – the biggest disturbance

From the client side, a budget defines (almost) all. Procurement teams are under pressure. Even individuals buying security services and equipment are highly cost aware. Because budgets are tight. And when faced with (three?) bids — all claiming “compliance” — they choose the cheapest. That’s how corners get cut:

Staff are undertrained but licensed.
Tech is powerful but unvetted.
SOPs look great on paper but don’t survive contact with reality.

Compliance doesn’t prevent failure — it masks it and provides a satisfying illusion in which one feels safe enough not to ask further questions or dive into inconvenient and time-consuming details such as what constitutes this low rate. Because in this era, we all are so very busy and do not have time for details, checks, and critical questions. However, the scandals that expose how compliant providers could still operate and use equipment in ways that are unsafe, unethical, and ultimately reputationally devastating to both contractor and client. So, are we rushing in the right place and time just to meet the bottom faster?

We’ve seen it across sectors — not just in security. It’s always the same pattern:

A compliant vendor or service provider that was never properly challenged. Perhaps due to the lack of deep understanding of the service content, tools, or context, or simply by being too busy or indifferent.

‍

Final Thought: Don’t Be the Next Headline

If you work in private security, procurement, or corporate governance, it is time to clear your mind. Compliance is essential, but it’s not sufficient on its own, nor does it equate to thorough due diligence or quality assurance. One needs to ask deeper questions and allocate adequate time to define the criteria, indicators, tools, and services required to address the complexity. This approach might also justify potentially higher costs. Because the next scandal won’t arise from a “bad actor” but from a compliant company that stopped thinking critically.

‍

Stay safe,

Pia

‍