Security Company Insurance and BS7858 Vetting: What UK Security Firms Need to Know

Running a security company in the UK carries a level of responsibility that few other industries can match. Whether you operate door supervisors, CCTV operatives, keyholding teams, or close protection officers, your staff are placed in situations where the risk of injury, property damage, or legal claims is ever-present. That risk does not disappear with a SIA licence alone — and that is exactly where the combination of robust insurance and thorough staff vetting becomes essential.

BS7858 is the British Standard for the vetting and screening of individuals employed in a security environment. For insurers, it is one of the most important signals of how seriously a security business takes its risk management. Firms that follow BS7858 consistently tend to attract better insurance terms, lower premiums, and broader cover. Those that do not often find themselves facing higher costs, restrictive policy exclusions, or outright declines.

This guide explains what BS7858 involves, how it interacts with your insurance requirements, and what cover your security business should have in place regardless of its size or specialism.

What Is BS7858 and Why Does It Matter?

BS7858 is a British Standard published by the British Standards Institution (BSI) that sets out best practice for screening individuals employed in environments requiring a high degree of trust. It is most commonly applied in the private security sector, although it also covers sectors such as cash handling, key holding, and alarm monitoring.

The standard covers a structured vetting process that typically includes:

• Verification of identity documents (passport, driving licence, national insurance number)
• A five-year employment history check with gap analysis
• Criminal record checks, including Disclosure and Barring Service (DBS) checks
• Credit reference checks to identify financial vulnerabilities
• Verification of any professional licences, including SIA licensing
• Character references from previous employers
• Right to work verification in line with UK immigration rules

Compliance with BS7858 is not currently a statutory legal requirement in every context, but it is a contractual requirement for many commercial clients — particularly those in financial services, government, retail, and healthcare. The Security Industry Authority (SIA) also encourages its use as part of responsible sector practice.

For insurers, BS7858 compliance is a strong indicator that a security company operates with discipline and due diligence. It reduces the probability of negligent hiring claims, insider theft, and reputational damage — all of which have the potential to generate significant insurance claims.

How BS7858 Vetting Affects Your Insurance

Insurers underwriting security company risks look closely at how personnel are screened. Staff-related incidents — assaults, theft, fraud, and negligent conduct — are among the most common sources of claims against security firms. When a business can demonstrate it has a rigorous, documented vetting process in place, underwriters view it as a significantly lower risk.

Impact on Employers' Liability Insurance

Employers' liability (EL) insurance is a legal requirement for any business with one or more employees in the UK. It covers claims from employees who suffer injury or illness as a result of their work. For security companies, this includes physical assaults during patrol work, slips and falls on client premises, and mental health claims arising from exposure to aggressive or traumatic situations.

Insurers will assess how well your recruitment and training processes are documented. If a member of staff suffers an injury and it later emerges that they were inadequately vetted or trained for the role, your EL insurer may seek to limit their liability or dispute the claim. Having BS7858 vetting records on file demonstrates the duty of care you applied before placing that person in a security role.

Impact on Public Liability Insurance

Public liability (PL) insurance covers claims from third parties — typically members of the public or clients — who suffer injury or property damage as a result of your business activities. In the security sector, this might include a door supervisor causing injury during an ejection, a CCTV operative accidentally damaging client property, or a security guard causing a trip hazard during a patrol.

Claims become far more complex and costly when the individual involved has a questionable background that a proper vetting process would have identified. If a door supervisor with a history of violence causes an injury and it emerges that your vetting was inadequate, you could face a negligent hiring claim on top of the standard PL claim. BS7858 compliance significantly reduces this exposure.

Impact on Professional Indemnity Insurance

Professional indemnity (PI) insurance protects your business if a client suffers a financial loss as a result of your advice, services, or failure to deliver. For security companies, this becomes relevant in scenarios such as a failed alarm response that results in a burglary, a lapse in keyholding that leads to a delayed emergency response, or inadequate CCTV monitoring that misses a significant event.

PI insurers will look at your internal procedures and quality management systems. A company that cannot demonstrate consistent staff vetting and training is less likely to secure favourable PI terms. Conversely, maintaining BS7858 records alongside robust operational procedures gives underwriters the confidence to offer broader cover at a more competitive premium.

Impact on Fidelity and Crime Insurance

Fidelity insurance — sometimes referred to as employee dishonesty cover — is particularly relevant for security firms that handle keys, cash, confidential access codes, or client assets. It covers losses arising from fraudulent or dishonest acts committed by employees.

This is an area where BS7858 vetting has a direct, measurable impact on insurability. A firm that conducts thorough credit reference checks and five-year employment history checks as standard is substantially less likely to employ someone with a history of fraud or dishonesty. Insurers recognise this, and firms with documented vetting procedures tend to secure better terms for fidelity cover.

Essential Insurance Cover for UK Security Companies

Beyond the direct relationship with BS7858, there is a core set of insurance covers that every security company operating in the UK should have in place. Below is an overview of what responsible firms carry and why each matters.

1. Employers' Liability Insurance

As noted above, this is a legal requirement under the Employers' Liability (Compulsory Insurance) Act 1969. The minimum legal limit is £5 million, although most insurers provide cover of £10 million as standard. Security companies — given the physical nature of their work and the environments their staff operate in — should ensure their limit is sufficient to reflect the actual scale of their workforce and the risks they face.

2. Public Liability Insurance

Commercial clients increasingly require security suppliers to hold public liability insurance of at least £5 million, with some contracts — particularly in the public sector, retail chains, and financial services — requiring £10 million or more. Ensure your policy reflects the contract requirements you need to fulfil, and check the policy wording carefully for any exclusions relating to assault or use of force.

3. Professional Indemnity Insurance

Any security company providing advice, risk assessments, monitoring services, or keyholding services should carry professional indemnity insurance. The appropriate limit depends on the scale of your contracts and the financial exposure your clients face if something goes wrong. A minimum of £1 million is common for smaller firms, with larger operations often requiring £2 million or more.

4. Management Liability Insurance

Management liability covers directors and senior managers against personal claims arising from decisions made in the running of the business. This includes wrongful dismissal claims, breach of employment contract allegations, and regulatory investigations. Given the regulatory environment security companies operate in — including SIA oversight, GDPR obligations, and Health and Safety legislation — this is a cover that should not be overlooked.

5. Cyber Insurance

Security companies increasingly hold significant amounts of sensitive data: access codes, alarm schedules, client contact details, CCTV footage, and more. A data breach could expose clients to serious risk and your business to significant liability. Cyber insurance covers the cost of breach response, regulatory fines, third-party liability, and business interruption arising from a cyber incident. Given the sensitivity of the data security firms handle, this is rapidly becoming an essential cover.

6. Commercial Vehicle Insurance

Mobile patrol, keyholding, and response units require appropriate commercial vehicle insurance. Standard personal or social domestic and pleasure policies are not sufficient for vehicles used in the course of security work. Ensure your fleet policy accurately reflects the use of each vehicle and that all drivers are correctly listed and vetted — again, an area where BS7858 documentation becomes relevant.

7. Business Equipment and Contents Insurance

Security companies often carry specialist equipment — body-worn cameras, communication devices, CCTV hardware, access control systems, and vehicles fitted with specialist kit. Business equipment cover protects against loss, theft, or accidental damage to these items, both on and off your premises.

Common Claims Faced by Security Companies

Understanding the most frequent sources of claims helps you manage your risk more effectively and ensures your insurance policy is structured to cover the scenarios most likely to affect your business.

Assault and Use of Force Claims

Door supervisors and manned guarding operatives face a higher risk of assault than almost any other profession. Both as the victim of an assault and — where force is used — as the respondent in a claim. Use-of-force claims are complex, often contested, and can be expensive to defend. Your public liability policy should not exclude claims arising from physical contact as part of your security duties.

Negligent Supervision Claims

If a client suffers a loss — a break-in, a theft, or a violent incident — and believes your team failed to respond appropriately, they may pursue a negligence claim. These claims often hinge on whether the correct procedures were followed and whether your operatives were adequately trained and supervised.

Data Protection Claims

Security companies that operate CCTV systems, store access records, or hold client data are subject to GDPR and the UK Data Protection Act 2018. A breach — whether through a cyberattack, a lost device, or improper data handling — can result in ICO enforcement action and civil claims from affected individuals.

Employee Dishonesty

Given the access security staff have to client premises, assets, and systems, employee dishonesty is a genuine risk. Robust BS7858 vetting is the primary preventive measure, but fidelity insurance provides the financial backstop when the vetting process alone is not sufficient.

Maintaining BS7858 Compliance Across Your Workforce

BS7858 vetting is not a one-time exercise. It needs to be an ongoing, embedded part of your HR and operational processes. Here are the key areas to address.

Keep Vetting Records Documented and Accessible

Every vetting check carried out should be documented with a clear audit trail. This includes the date each check was carried out, the results, any anomalies identified, and how those anomalies were assessed. If a claim is ever made against your business and the adequacy of your vetting is called into question, this documentation will be essential.

Re-Vet Staff Periodically

Circumstances change. An employee who passed vetting three years ago may have since developed financial difficulties, acquired a criminal record, or had a change in circumstances that is relevant to their suitability for a security role. Best practice is to implement periodic re-vetting — particularly for staff in high-trust positions such as keyholding or cash handling.

Apply Consistent Standards Across All Roles

BS7858 should apply across your workforce — including part-time staff, subcontractors, and temporary operatives. Many claims involving negligent hiring arise because a lower standard of vetting was applied to non-permanent staff. If anything, subcontractors warrant more scrutiny because you typically have less day-to-day oversight of their conduct.

Align Vetting Records with Your Insurance Renewal

When you come to renew your insurance, your broker or insurer may ask for evidence of your vetting procedures. Having up-to-date, well-organised records to present at renewal demonstrates professionalism and strengthens your negotiating position. It also helps your broker present your risk in the best possible light to underwriters.

Choosing the Right Insurance Broker for Your Security Business

Not every commercial insurance broker has the specialist knowledge required to place security company risks effectively. The sector has unique characteristics — SIA regulation, use-of-force exposure, data sensitivity, and contractual liability requirements — that require an underwriter with specific expertise in the area.

When evaluating a broker, consider the following:

• Do they have experience placing security company risks specifically?
• Can they access specialist underwriters with a track record in the sector?
• Do they understand the contractual insurance requirements your clients impose?
• Can they advise on how your BS7858 vetting procedures affect your premium?
• Are they FCA-authorised and able to provide a clear explanation of policy terms and exclusions?

A specialist broker will also be able to structure your cover efficiently — ensuring you are not over-insured in areas of low risk while maintaining adequate limits in the areas where your exposure is greatest.

Frequently Asked Questions

Is BS7858 vetting a legal requirement for security companies?

BS7858 is a British Standard rather than a statutory requirement. However, it is required under many commercial contracts — particularly in the public sector and financial services — and is strongly encouraged by the SIA. Failure to follow it can significantly increase your exposure to negligent hiring claims and may affect your ability to secure insurance on competitive terms.

Does BS7858 compliance reduce my insurance premium?

It can, yes. Insurers view BS7858 compliance as a meaningful risk management measure. Firms that can demonstrate documented, consistent vetting procedures across their workforce typically attract better underwriting terms than those that cannot. The impact on premium will depend on the size of your business, your claims history, and the specific insurer.

What insurance is legally required for a security company in the UK?

Employers' liability insurance is a legal requirement for any business with employees. Beyond that, the SIA requires that licensed door supervisors and security guards carry appropriate insurance as a condition of their operating licence. Many commercial contracts will impose their own insurance requirements as a contractual condition.

Can I use subcontractors, and how does that affect my insurance?

Yes, many security companies use subcontractors. However, your insurer will want to understand how subcontractors are managed, vetted, and supervised. It is important that your policy includes cover for subcontracted activities and that you apply BS7858 vetting standards to subcontract staff as well as direct employees.

What should I do if a claim is made against my security business?

Notify your insurer as soon as possible. Do not admit liability or make any payments to the claimant before speaking with your insurer. Gather all relevant documentation — incident reports, shift records, vetting files, CCTV footage, and communications with the client. Prompt notification and thorough documentation significantly improve the prospects of a successful defence.

Does cyber insurance cover a breach involving client CCTV footage?

A good cyber insurance policy should cover data breaches involving personal data held in any format, including CCTV footage where individuals can be identified. Check the policy wording carefully, particularly around the definition of personal data and the scope of third-party liability cover.

How often should I renew my insurance?

Most commercial insurance policies run on a 12-month basis and are renewed annually. You should review your cover at least 60 days before renewal to ensure your policy remains appropriate for your current operations, workforce size, and contractual commitments.

Conclusion

Security companies operate in one of the most risk-intensive sectors in the UK. The combination of physical risk, client liability, data responsibility, and regulatory oversight creates a complex insurance picture that demands careful management.

BS7858 vetting is not simply a box to tick for contract compliance — it is a genuine risk management tool that reduces your exposure to some of the most serious claims your business could face. When paired with a well-structured insurance programme, it forms the foundation of a resilient, professionally run security operation.

At Insure24, we work with security companies across the UK to ensure they have the right cover in place for their specific activities, workforce, and contractual obligations. Whether you are just starting out or reviewing the cover you already hold, we can help you understand your options and secure the right protection.

To discuss your security company insurance requirements, contact our team on 0330 127 2333 or visit insure24.co.uk to get a quote today.