Insider Insights: Risk Analysis Best Practices for Art Museums

2019-03-27T14:53:54+00:00 March 27th, 2019|Risk, Vulnerability|

Leonardo da Vinci’s Mona Lisa was attacked in 2009, while on display at the Louvre. A Russian woman had been denied French citizenship and in her anger, she resorted to retaliation against the French government. So she bought a terra cotta mug at the gift shop and hurled it at the world’s most treasured painting. Fortunately, no damage was done, because the Mona Lisa was safely housed behind bulletproof glass.

But other invaluable works of art have been stolen, damaged and even destroyed while sitting on display at art museums. These incidents make international news, and they create major implications for the museums housing the art. The assets they curate are treasured by the whole world, often inspiring nations and playing a role in defining a culture. There’s no replacing the Mona Lisa.

As a result, it’s critical for an art museum to get it right when it comes to security and risk analysis. Recently, art museums have asked us about risk analysis best practices for high-value antiquities and art.

What’s Special About Museum Security?

Museums have to do risk assessments all the time—often, multiple times per week—because they experience such frequent changes in their exhibits or art transportation. They even assess other museums when lending their art.

That kind of frequency is demanding, and it’s important to find every efficiency you can. At the same time, it’s critical not to miss any meaningful gaps in your assessment. With all those moving parts, it’s no easy task to protect the world’s most valuable treasures.

Here’s what the risk analysis process looks like for art museums.

1) Understand Risk

First, it’s critical to understand that risk is dynamic. Risk changes daily. That’s especially true for your art museum, because your curations are constantly in flux. You have different galleries and special exhibits, and you’re constantly borrowing and lending pieces of art to and from other museums and private collectors.  

You probably also host private events for special functions, such as fundraisers or weddings. Those events change the risk profile of your facilities as well.

2) Assess Your Assets

Next, you will need to identify your assets. Need to know what you have and price the value of each piece. For some organizations, the assets are services. In others, it’s data or product inventory. For museums, it’s art. You have to understand what you have and what it’s worth.

3) Assess Your Threats

Once you know the value of your inventory, focus on reducing the probability of an incident. To do that, you’ll need to understand the items you’re housing. Here’s what I mean.

In the case of art, risk is based on more than an asset’s monetary value. Some pieces are controversial, and others evoke strong emotional reactions. Works like The Woman in Gold meet all three criteria—the painting is highly valuable, its history and ownership have sparked controversy, and it has helped to shape Austria’s national identity.

A threat assessment will give you a greater understanding of the probability of an incident. Consider all possible intentional negative events that could occur—anything from terrorism to theft to violence to vandalism. Also identify the potential actors—for example, political activists, thieves or gangs. Valuable art tends to attract theft. Controversial art tends to attract violence or vandalism. Determine what kinds of incidents are most likely, given the assets on your premises.

Don’t limit your evaluation to the public items that are on display. There’s also the back-end infrastructure to consider, ranging from transportation to storage. You’ll need to continually assess those as well. Getting a piece of art from one place to another can be a challenge, and it’s a vulnerability that could be exploited.

4) Determine Probability

Now you’re ready to determine the most probable of all the different threats to your campus. For each scenario, identify the actors, their capabilities and their history. Ask which of those scenarios are most likely, given the information that you have. That will give you a reasonable understanding of the probability level of the potential threats. The most probable scenarios are the ones to build your security program around.

5) Assess Your Vulnerabilities

Now that you know the threats you’re addressing, you need to evaluate the effectiveness of the countermeasures you have in place. That’s where the vulnerability assessment comes in. The vulnerability assessment identifies the weaknesses in your security program to help reduce the probabilities of a threat.

If you’re doing a risk analysis by paper, you’ve got an overwhelming task to deal with. You need to be able to see everything that’s going on, where your art is, and how it’s being protected at the push of a button. You can’t rely on static paper that’s out of date the moment it’s printed.

That’s where Circadian Risk software comes in. Because the risk assessment app is customizable, you can create a standard set of questions tailored to your campus. You don’t need a static survey that applies to every piece of art. Instead, you can create different protective measures, based on evaluation and need, for individual assets. Rather than being locked into a single checklist, you can customize Circadian Risk to your needs, then evaluate those pieces of art based on those preferences.

6) Boost Your Countermeasures

Finally, reduce probability by deploying and improving your countermeasures. Countermeasures are a combination of human beings, technologies, and plans and procedures. They can include anything from armed guards, to laser detection, to enclosures.

You have an endless mix of options, but you’ll narrow the list by evaluating what will work within the corporate culture of your museum. You want the public to come in and see the art, to enjoy their experience and to feel safe. You also want to discourage would-be attackers. Will your visitors be okay with seeing art behind glass? For some pieces they will, but they won’t be happy if all of your work is inaccessible.

How far should you go from a security perspective to protect your assets and reduce risk? Only your security team, together with your Board of Directors, can make that determination.

Every art museum is entrusted to protect international treasures that can never be replaced. It’s an incredibly weighty responsibility, which demands the best security practices. Following this six-step process will help ensure you’re staying on top of your art museum’s security.

Don’t let your risk analysis be the weak link in the chain of security. Find out how Circadian Risk software gives greater insight and actionable remediation. Schedule a demo today.

Subscribe to the Blog

  • This field is for validation purposes and should be left unchanged.
Daniel Young
Daniel Young is the Founder and CEO at Circadian Risk Inc. He was a Regional Bioterrorism Coordinator, Security Account Manager, and has been a security and risk expert for over 10 years.