The recent theft at the British Museum has sent shockwaves through the cultural and security communities alike. While the loss of invaluable artefacts is devastating, the incident serves as a poignant reminder that insider risks are not confined to the digital realm. They can manifest in the theft of physical assets, tarnishing an organisation’s reputation and causing irreparable damage.
The Incident Unveiled
Around 2,000 artefacts, including gold jewellery and gems, were stolen from the British Museum over an extended period. The thefts were so extensive that they led to the resignation of the museum’s director, Hartwig Fischer, and the dismissal of a staff member from the museum’s department of Greece and Rome. The museum’s chair, George Osborne, revealed that not all of the museum’s collection was properly catalogued or registered, a situation not unique among large institutions. A “forensic” inquiry is underway to determine the extent of the thefts.
The Warning Signs Ignored
What makes this case particularly alarming is the revelation that warnings had been issued as far back as 2020. A second expert even claimed that concerns were raised multiple times after spotting certain items for sale on eBay. Despite these red flags, the museum failed to take adequate action, leading Osborne to admit that there might have been some “potential group think” at the top of the institution.
The Insider Risk Element
The British Museum case exemplifies how insider risks can extend beyond the digital sphere. The thefts were not the work of an external criminal but were facilitated from within the institution. This incident underscores the need for organisations to broaden their understanding of insider risks to include not just digital assets but also physical ones.
Mitigating Physical Insider Risks
Addressing physical insider risks requires a multi-faceted approach:
- Robust Access Control: Limit access to sensitive areas and implement stringent checks for those who do have access.
- Inventory Management: Regularly update and audit the inventory of valuable assets.
- Employee Training: Educate staff on the importance of security measures and the potential consequences of laxity.
- Regular Audits: Conduct unannounced audits and security checks to ensure compliance with security protocols.
- Whistleblower Policies: Encourage staff to report suspicious activities without fear of reprisal.
The theft at the British Museum serves as a cautionary tale for organisations worldwide. It highlights the need for a comprehensive approach to insider risks that encompasses both digital and physical assets. By understanding the evolutionary path of insider risks and implementing robust countermeasures, organisations can better protect their most valuable assets and maintain the trust of their stakeholders.