The workplace has changed. Hybrid working, flexible workspaces, and multi‑tenant office buildings have reshaped how people use commercial property. Visitor traffic is up. Contractor access is more complex. The duty of care employers owe to their staff has never been more visible.
Corporate security is no longer about locking doors at night and trusting a receptionist during the day. It now supports business operations, employee wellbeing, regulatory compliance and operational resilience. This article examines the new security landscape facing UK offices, the evolving role of facilities management, the convergence of physical and cyber threats, and what organisations should expect from their security partners.
Table of Contents
From Maintenance to Intelligence Hub: Why Facilities Management Now Leads Corporate Protection
Security is no longer a standalone function. It has become a core responsibility of facilities management (FM). FM teams manage the buildings where people work. They control access, oversee CCTV and alarm systems, and coordinate with security providers. They are uniquely positioned to bridge the gap between physical protection and operational efficiency.
FM teams are responsible for integrating physical security measures across the building estate. This includes managing access control systems, maintaining surveillance camera networks, overseeing intruder alarms, and ensuring that all security equipment is operational and compliant with health and safety regulations. They also coordinate with external security providers to ensure that guarding services are delivered consistently and effectively.
The scale of the challenge is significant. Modern office buildings are complex environments with multiple entry points, shared spaces, and diverse tenant populations. FM teams must balance the need for robust security with the requirement to maintain a welcoming, accessible environment for staff, visitors, and contractors. This requires a deep understanding of both security principles and building operations.
FM teams increasingly work alongside security providers rather than treating security as a separate function. Business continuity, workplace experience, employee confidence, corporate governance, and ESG (Environmental, Social and Governance) commitments all depend on effective security. Facilities management security is no longer about maintenance. It is about intelligence, integration and resilience.
Office Security Risks Have Changed Since Hybrid Working
The shift to hybrid working has created new vulnerabilities. Office security risks today are not the same as they were in 2019.
Empty office floors: Buildings are no longer fully occupied five days a week. Empty floors create blind spots and reduce natural surveillance. Criminals and unauthorised visitors have more opportunities to move undetected. The “coffee badging” trend, where employees briefly badge into the office solely to meet attendance requirements, adds another layer of unpredictability to occupancy patterns.
Flexible occupancy and shared desks: Employees work from different desks on different days. It becomes harder to recognise who belongs and who does not. Tailgating following an authorised person through a secure door becomes easier when security staff cannot identify every face. Hybrid schedules mean that employees who do come in may be less familiar with security protocols or may let their guard down.
Contractor access and parcel deliveries: More contractors, cleaners, and delivery drivers enter buildings than ever before. Each one needs to be verified. Without proper systems, access credentials are shared, lost, or copied. Delivery personnel must not directly access critical building spaces such as data centres, other secure areas, or office premises without proper authorisation.
Co‑working spaces within office buildings: Multi‑tenant buildings now host co‑working spaces alongside traditional offices. Different access rules, different visitor policies, and different security cultures create confusion. A compromised badge system can open access to server rooms. A hacked collaboration tool can give insight into physical office layouts or meeting schedules.
Lost access cards and credential sharing: Physical access cards are easily lost, stolen, or shared. Once a card is compromised, it can be used repeatedly until reported. Many organisations do not have real‑time visibility over who holds active credentials.
Access control blind spots: Hybrid work complicates who should and shouldn’t be in the office. Employees moving between home and office networks increase the risk of data leaks, device theft, and unauthorised access to sensitive corporate information.
Buildings with changing occupancy patterns require different security strategies. The old model: one card, one receptionist, one set of rules, no longer works. Office building security must adapt to dynamic, unpredictable usage.
Workplace Security Is About More Than Crime Prevention
Workplace security is not just about stopping theft or vandalism. It is about protecting people.
Employee safety: Staff need to feel safe when they arrive, during their working day, and when they leave. Fear of violence or harassment affects productivity, retention, and mental health. In the year ending June 2025, there were 1.1 million incidents of violence with or without injury experienced by people aged 16 and over. Employers have a common-law duty to ensure the safety of their employees and may be liable for accidents caused by employees acting in the course of their employment.
Lone workers: Many office workers now come in on quiet days when the building is largely empty. Lone workers are more vulnerable to accidents, medical emergencies, or aggressive visitors. Security teams need to know who is in the building and where they are.
Visitor welfare: Visitors, contractors, and delivery drivers are also owed a duty of care. They need clear guidance, accessible help points, and visible security presence. Employers must assess the health and safety risks in their organisation for all places where work is carried out.
Medical emergencies and fire evacuation support: Security teams are often the first responders. They provide first aid, guide evacuations, and coordinate with emergency services. A well‑trained security officer can save lives.
Aggressive visitors and reception incidents: Reception staff are often the first point of contact for angry or distressed visitors. Security presence at the front desk de‑escalates situations before they escalate.
Security convergence: Traditionally, physical security teams handled guarding against intruders, fires, and workplace violence, while cybersecurity teams focused on digital threats. The modern workplace demands that these functions work together. Security convergence integrates cybersecurity and physical security functions under one unified strategy.
Visible security improves confidence as well as safety. When employees see uniformed, professional guards, they feel safer. That confidence translates into higher productivity, lower absenteeism, and better retention.
Security Risk Assessment: The Starting Point for Every Commercial Building
Every security strategy begins with a security risk assessment. Without understanding the vulnerabilities of a building, its occupants, and its operations, security measures are guesswork.
An effective risk assessment covers:
| Area | Questions to Assess |
| Reception | Who can enter? Are visitors logged? Is there a check‑in process? |
| Loading Bay | Are deliveries verified? Is access controlled? |
| Car Park | Is access monitored? Is the lighting adequate? |
| Plant Rooms | Are they restricted? Who has keys? |
| Common Areas | Are corridors and stairwells covered by CCTV? |
| IT Rooms | Is physical access limited to authorised personnel? |
| Fire Exits | Are they secure from outside but accessible from inside? |
The Health and Safety at Work Act 1974 places a clear duty on employers: it is the duty of every employer to ensure, so far as is reasonably practicable, the health, safety and welfare at work of all employees. This extends to assessing risks to health and safety and implementing measures to control those risks.
Identifying vulnerabilities is the first step. Occupancy levels, high‑risk areas, delivery routes, access routes, and emergency planning all need to be assessed. A security risk assessment should be conducted at least annually, or whenever the building changes use, occupancy, or layout.

Building Security Systems Alone Is No Longer Enough
Building security systems such as CCTV, access cards, intercoms, and alarms are essential tools. But they are not enough on their own.
- CCTV records what happened. It does not prevent it. A camera can capture footage of a theft, an assault, or a tailgating incident. It cannot stop any of them.
- Access cards can be lost, stolen, or shared. They grant access to anyone who holds them, authorised or not.
- Intercoms and alarms alert someone to a problem. They do not solve it. They rely on someone responding, and that response takes time.
- Mobile credentials are transforming access control, with more than 60% of security professionals highlighting mobile access as a top priority. They are currently used by around 39% of organisations, up from 32% in 2022, with adoption expected to reach as high as 94% by 2029. But even the most advanced technology cannot replace human judgement.
Technology has limits:
| Technology | Human Security |
| Detects | Responds |
| Records | Intervenes |
| Automates | Assesses |
| Alerts | Resolves |
| Monitors | Protects |
That is why technology needs human support. Concierge teams, static guards, reception officers, and patrols provide the human element that systems lack. They challenge suspicious individuals. They de‑escalate conflicts. They provide reassurance. They are the difference between a building that is watched and a building that is protected.
Designing secure office layouts begins with zoning. Facilities should clearly distinguish between public, semi‑restricted, and secure areas. Policies should discourage leaving documents or devices unattended, even briefly, and end‑of‑day routines should include checking locks, clearing desks, and securing portable assets.
Commercial Property Security Requires a Layered Approach

Commercial property security is not a single solution. It is a combination of people, procedures, and technology working together.
- Multi‑tenant buildings: Different tenants have different security needs. A law firm needs different protection from a creative agency. Security must be flexible enough to accommodate diverse requirements while maintaining consistent standards across the building.
- Shared entrances and basement parking: Common areas are shared by all tenants. They are also shared by visitors, contractors, and delivery drivers. Controlling access to shared spaces is more complex than controlling a single‑occupancy building.
- Loading bays and deliveries: Deliveries happen throughout the day. Each one is a potential security risk. Unverified vehicles, unlogged drivers, and unsecured goods all create vulnerabilities.
- Visitor management and executive floors: Visitors need to be logged, badged, and escorted where necessary. Executive floors require additional protection – restricted access, visitor accompaniment, and enhanced monitoring.
Security convergence is not a product. It is a project that spans people, policies, and platforms. Organisations must integrate cybersecurity strategies with physical security policies for a more holistic approach that safeguards all aspects of their operations. The layered approach combines physical barriers (fences, gates, locks), electronic systems (CCTV, access control, alarms), and human presence (guards, concierge, reception). Each layer reinforces the others. If one layer fails, others still provide protection.
Why Access Control Is Now Central to Office Building Security
Access control offices have evolved far beyond key cards. Modern access control is about validating movement, not just locking doors.
- Visitor registration: Digital systems log visitors before they arrive. Pre‑registration speeds up entry and creates an audit trail. Walk‑in visitors can be checked against watchlists.
- QR codes and temporary passes: Visitors receive time‑limited QR codes. Once used, they expire. No lost cards, no sharing.
- Lift access and restricted floors: Access control now extends to lifts. Employees can only access their own floor. Contractors can only access the floors they need.
- Contractor access and delivery verification: Contractors and delivery drivers are logged, badged, and tracked. Their access is time‑limited and location‑restricted.
- Mobile wallet credentials: A London office building recently turned to a mobile wallet solution for access control. For corporate sites across the capital, working with a professional security company in London ensures that access control systems are properly integrated with physical guarding and incident response.
Mobile credentials combine convenience, security and flexibility. Users no longer need a physical card, only the device they always carry with them. Access is contactless. Office building security depends on knowing who is in the building, where they are, and why they are there. Modern access control systems provide visibility in real time.
Security Incident Response: Preparing for the Unexpected
Security incident response is as important as prevention. Even the best security systems cannot eliminate all risks. When something goes wrong, the response matters.
Common incidents in office buildings:
- Medical emergencies – heart attacks, falls, seizures
- Suspicious packages – unattended bags, unknown deliveries
- Aggressive visitors – angry clients, disgruntled ex‑employees
- Fire alarms – false alarms and real fires
- Unauthorised access – tailgating, stolen cards, forced entry
- Lift entrapments – people stuck between floors
- Building evacuations – fire, gas leak, bomb threat
An effective incident response follows a clear process:
- Incident: Something happens. A fire alarm sounds. A visitor becomes aggressive. A package is found unattended.
- Assessment: Security staff assess the situation. Is it a false alarm? Is it serious? Do they need to escalate?
- Response: Security takes action. They evacuate the building. They call emergency services. They calm the situation.
- Escalation: If the incident is beyond their control, they escalate to management, police, or other authorities.
- Reporting: Every incident is logged. What happened? When? Who was involved? What action was taken? Incident logs should be linked to timestamps, responders, and outcomes.
- Review: After the incident, the response is reviewed. What worked? What could be improved?
Response procedures matter as much as prevention. A well‑practised team can turn a potential crisis into a controlled event. Regular drills and table‑top exercises ensure that staff know their roles and can act quickly when it matters most.
The Duty of Care: Legal and Moral Obligations
Employers have a legal and moral duty to protect their employees. Under the Health and Safety at Work Act 1974, it is the duty of every employer to ensure, so far as is reasonably practicable, the health, safety and welfare at work of all employees. This duty extends to persons not in their employment who may be affected.
What this means in practice:
- Employers must assess risks to health and safety.
- They must implement measures to control those risks.
- They must provide information, instruction, training, and supervision.
- They must maintain safe plant and systems of work.
Employers must ensure that employees are properly trained and supervised and that a risk assessment is carried out before work begins on a specific task. By law, employers must assess the health and safety risks in their organisation. They must do this for all places where work is carried out.
The Worker Protection Act 2023 introduced a mandatory duty on employers to take reasonable steps to prevent sexual harassment of their employees. This duty is anticipatory; employers must act before harassment occurs, not just respond after the fact.
Martyn’s Law (the Terrorism (Protection of Premises) Act 2025) introduces a tiered framework for compliance based on premises’ size and capacity. Those responsible for certain premises and events frequented by members of the public must implement measures to ensure the safety of the public in the event of a terrorist attack.
- Standard duty applies to premises where it is reasonable to expect at least 200 people. This tier requires basic security awareness training, evacuation and lockdown procedures, and incident response plans.
- Enhanced duty applies where more than 800 people are expected. This tier requires additional physical measures, documented security plans, and a designated senior individual.
The Security Industry Authority (SIA) has been confirmed as the regulator for Martyn’s Law. Failure to comply can lead to enforcement action, significant fines, and reputational damage.
Business Security UK: What Organisations Should Expect From Their Security Provider
When selecting a security partner, organisations should evaluate more than price. Business security UK providers should demonstrate competence, reliability, and professionalism.
- SIA licensing: Every security officer must hold a valid SIA licence. This is non‑negotiable.
- ACS accreditation: The SIA Approved Contractor Scheme (ACS) sets standards for quality and professionalism. ACS‑accredited providers have been independently assessed.
- Facilities management experience: Providers who understand FM can integrate security with building operations, maintenance, and tenant services.
- Digital reporting: Real‑time incident reporting, digital logs, and audit trails provide visibility and accountability. REMS and similar platforms allow managers to track security activity.
- Communication procedures: Clear escalation paths, regular updates, and direct contact with management.
- Scalable staffing: The ability to increase or decrease security cover as building occupancy and risk levels change.
- 24/7 support: Security incidents do not happen only during office hours. Providers must offer round‑the‑clock support.
- Security convergence capability: The provider should understand how physical security integrates with cybersecurity strategies. Nearly all cybersecurity leaders recognise the need for integration between physical and digital security.
Accredited providers demonstrate commitment to quality, safety, and ethical compliance. Organisations should look for SIA Approved Contractor status, ISO 9001 certification, SafeContractor approval, and relevant sector experience.
The Future of Corporate Security: People, Technology and Facilities
The future of corporate security will be built around three pillars: people, technology, and facilities.
- AI‑assisted monitoring: Artificial intelligence will enhance CCTV and access control systems, detecting anomalies and reducing false alarms. But AI will not replace human judgement, it will support it.
- Smart buildings: Integrated building management systems will combine security, lighting, HVAC, and access control into a single platform. Real‑time data will enable predictive security.
- Integrated FM platforms: Facilities management and security will become increasingly integrated. One platform will manage maintenance, cleaning, security, and tenant services.
- Visitor analytics: Data on visitor patterns, peak times, and access trends will inform security planning. Buildings will adapt to usage patterns rather than following fixed schedules.
- Hybrid workplaces: Security strategies will need to accommodate flexible working. Empty floors, shared desks, and variable occupancy will become the norm. Whether staff are in the office or remote, converged systems and zero‑trust controls maintain consistent protection across environments.
- Sustainability: Security systems will need to be energy‑efficient and sustainable. Low‑power devices, smart lighting, and reduced waste.
- Mobile credentials and cloud‑based management: Mobile credentials, cloud‑based management software and AI‑driven insights will define the next generation of commercial access control.
- Human judgement: Despite advances in technology, human judgement will remain essential. Trained security professionals will assess, intervene, and protect in ways that systems cannot.
Frequently Asked Questions – Corporate & Office Security
1. Why is integrated security (physical + cyber) important for offices?
Physical security breaches can enable cyber attacks. Unsecured comms rooms, stolen laptops, and weak access controls undermine digital security. Integrating both protects people and data.
2. What are the key components of a modern office security strategy?
Access control, CCTV, manned guarding, concierge services, incident response plans, and regular risk assessments. All supported by clear procedures and trained personnel.
3. How does Martyn’s Law affect office buildings?
If your building has capacity for 200 or more people, you may fall within scope. Standard Tier requires basic security training, evacuation procedures, and incident response plans.
4. What is the role of facilities management in office security?
FM teams manage access control, CCTV, alarms, and building systems. They coordinate with security providers and ensure compliance with health and safety regulations.
5. How often should security risk assessments be conducted?
At least annually, or whenever the building changes use, occupancy, or layout. Major incidents or near‑misses should also trigger a review.
6. What are the penalties for non‑compliance with security regulations?
Fines, enforcement action, and reputational damage. Under Martyn’s Law, penalties can be significant for serious breaches of public protection requirements.
Conclusion
Corporate security has evolved. It is no longer about locks and cameras. It is about integrated risk management, employee well-being, regulatory compliance, and operational resilience. The threat landscape has changed. Hybrid working, flexible occupancy, and smart buildings have created new vulnerabilities that traditional security models cannot address.
Facilities management now plays a central role in protecting people, assets, and reputation. FM teams are uniquely positioned to bridge the gap between physical and cyber security, integrating technology, procedures, and human presence into a unified approach. The best security strategies combine people, technology and intelligent systems. Organisations that invest in professional security are not just protecting their buildings. They are protecting their people, their reputation, and their future.
Business Security You Can Rely On
Trusted by leading businesses nationwide for reliable, 24/7 protection.
or call 0330 912 2033
We have used Region security for quite a while now. Top notch service, great guards and helpful staff. We love our guards and the team for all of their help / work. No need to try the other companies at all."
Andy Yeomans - Jones Skips Ltd
Great company, professional services, friendly guards and helpful at times when required."
Rob Pell - Site Manager
A professional and reliable service. Always easy to contact and has never let us down with cover. No hesitation in recommending and competitively priced also. After using an unreliable costly company for several years it is a pleasure to do business with Region Security"
Jane Meier - Manager
Region Security were very helpful in providing security for our building. We had overnight security for around 4 months. The guards themselves were professional, easy to reach and adapted very well to our specific needs. Would definitely recommend Region for security needs.
Lambert Smith Hampton
Great service. Reliable and professional and our lovely security guard Hussein was so helpful, friendly but assertive with patients when needed. He quickly became a part of our team and we would love to keep him! Will definitely use this company again
East Trees Health Centre
Fantastic Service from start to finish with helpful, polite accommodating staff, we have used Region Security a few times now and always been happy with what they provide.
Leah Ramsden - Manager


