Designing an Annual Security Programme for Private Clients | CloseProtectionHire

The security needs of a high-net-worth individual are different from the security needs of a corporate executive. The corporate executive operates within an organisational security programme – a procurement function, an IT security team, a corporate security manager, and a duty of care framework imposed by the employer. The private client is managing their own security. The decisions are theirs, the budget is theirs, and the gaps in the programme are their personal exposure.

This guide covers the design and management of a private client security programme: the components of a credible programme, the threat assessment process, the management model, and the review cycle that keeps it current.

Programme components

A mature private client security programme integrates the following components, calibrated to the individual’s threat level:

Threat assessment. The documented analysis of who might wish to harm or exploit the client, what their capability is, and what specific vulnerabilities the client’s lifestyle presents. Updated annually and at any material change.

Residential security. Physical and electronic security for each residence: CCTV with appropriate coverage and retention, perimeter security (fencing, gates, lighting), access control, alarm systems with monitoring, and a physical security assessment to identify and remediate vulnerabilities. For higher threat levels, residential security staff (a security manager, guards, or a caretaker with security duties).

Travel security. Pre-trip intelligence briefings for higher-risk destinations, vetted ground transport, advance work for complex trips, CP coverage where warranted, K&R insurance for travel to KFR-risk destinations, and a documented personal emergency response plan.

Close protection. Where the threat level warrants it, a dedicated CPO or a CP team for regular assignments. The decision to deploy CP should be threat-assessment led, not prestige-led. A well-designed security programme achieves protection through multiple layers, of which personal CP is one – and often not the most cost-effective in lower-threat environments.

Digital security. Digital footprint management (electoral register, Companies House, data brokers), secure communications protocols, clean device discipline for high-risk travel, social media security for the client and family, and protective intelligence monitoring.

Family security. Briefings for spouse/partner and children (see our security briefing for family members guide), domestic staff vetting, the family emergency protocol, and where warranted, security arrangements for school runs and family travel.

Protective intelligence. Ongoing monitoring of relevant open sources for threat indicators: social media, press, dark web (for data breach monitoring), and threat-specific intelligence feeds. Periodic counter-surveillance assessment of regular routes and locations.

The annual review

The annual programme review is the mechanism by which the programme stays current rather than becoming a static document. The review covers:

Threat reassessment. Has the client’s public profile, sector, travel footprint, or residential situation changed? Has the geopolitical environment in any regularly visited destination changed? Is there any known threat indicator that should change the threat level?

Provider assessment. Are the current providers – CP company, residential security provider, ground transport operators – still meeting the required standard? Has the relationship been reviewed against the market? This is not an annual procurement process, but complacency in provider relationships is documented as a precursor to quality degradation.

Physical security audit. An independent physical security survey of the primary residence (see our physical security assessment guide). Residential security is not static – new vulnerabilities emerge from changes to neighbouring properties, route patterns, vegetation growth affecting camera coverage, and the accumulation of minor maintenance deferrals.

Digital footprint review. Confirmation that the data broker removals, electoral register opt-outs, and Companies House suppressions are current. Data broker entries can re-emerge after removal – active maintenance is required.

Protocol review. Review all documented protocols with the client and family members. Emergency contact numbers still current? Code words known? Family members briefed on any changes to the threat level or the programme?

The security adviser relationship

The most important single element of a private client security programme is the quality of the individual or provider managing it. A programme managed by an adviser who does not know the client, does not understand their lifestyle, and is primarily motivated by selling services will be overloaded with unnecessary measures and underequipped in areas that matter.

The characteristics of a credible private client security adviser:

Qualification and experience – ASIS Certified Protection Professional (CPP) qualification or UK Fit to Practice (Close Protection) qualification with demonstrated private client experience. Not just military background and an SIA licence.

Independence – an adviser who is not commercially tied to specific service providers can give objective recommendations. An adviser who earns commission from every provider they recommend has a conflict.

Discretion – private client security requires an adviser who understands the sensitivity of the relationship and does not use the client’s details to build their own profile or network.

Longevity – the best private client security relationships span years, during which the adviser builds detailed knowledge of the client’s patterns, vulnerabilities, and preferences. A fresh provider does not have this knowledge and cannot achieve the same quality of advice immediately.

Programme tiers by threat level

Private client programmes are not one-size-fits-all. A useful three-tier framework:

Basic programme (low-moderate threat). Annual threat assessment. Residential security audit and remediation. Digital footprint management. Travel briefings for non-routine destinations. K&R insurance. Security adviser on retainer for consultation. No dedicated CP. Cost range: GBP 15,000-40,000 per year.

Intermediate programme (moderate threat). All basic components plus: active protective intelligence monitoring. Residential security manager or monitored alarm with response. Vetted drivers for regular transport. Periodic CP deployment for elevated-risk appearances or travel. Cost range: GBP 50,000-150,000 per year.

Comprehensive programme (elevated threat). All intermediate components plus: dedicated CP team (one to four CPOs depending on lifestyle). Armoured vehicle or hardened vehicle with security driver. 24-hour residential security. Real-time intelligence monitoring. Family security staff (nanny with security background, school run protection where needed). Cost range: GBP 300,000-1,000,000+ per year depending on scale.

These ranges reflect UK market rates for provision of the described quality. International programmes, multi-residence clients, and clients with high-profile family members attract higher costs.

For the threat intelligence methodology that keeps the programme threat assessment current, see our threat intelligence for executives guide. For the family office security context in which many private client programmes sit, see our security for family offices guide.

Sources

ASIS International: Private Client Security Programme Design Standards, 2024. Control Risks: Private Client Security – Programme Design and Management, 2024. Kroll: High-Net-Worth Security Programme Benchmarking 2024. UK Finance: Fraud and Extortion Targeting High-Net-Worth Individuals 2024. CPNI: Protective Security for Private Individuals, Centre for the Protection of National Infrastructure, 2023. Hiscox: HNW Security Risk and Insurance Report 2024. Lloyd’s: High-Net-Worth Risk Advisory – Security Standards, 2024.