Security During Corporate Insolvency, Administration, and Restructuring

Corporate insolvency and restructuring events create a security threat window that is distinct from the background threat environment that most executives and directors operate in. The combination of financial loss, job loss, and public attribution of blame generates motivated grievances directed at named, findable individuals – directors, administrators, and senior management – in ways that other business controversies rarely do.

James Whitfield, Senior Security Consultant, advises directors, administrators, and restructuring teams on the personal and organisational security requirements that arise during corporate insolvency. The consistent pattern is that security risk is recognised only after a threat has materialised – a confrontation at the premises, threatening communications to the director’s home, or a significant data extraction event in the final weeks of trading – rather than being planned for in advance.

Why insolvency creates a specific threat

Standard executive security planning addresses external threats (crime, politically motivated actors, reputational attacks) and internal threats (disgruntled staff, corporate espionage). Insolvency combines elements of both and adds a feature not present in most threat scenarios: the concentration of blame on specific named individuals through formal public records.

When a company enters administration or liquidation, the administrators file reports with Companies House under the Insolvency Act 1986. Director conduct reports are submitted to the Insolvency Service. If disqualification proceedings are brought under the Company Directors Disqualification Act 1986, the proceedings are public. The director’s name, professional history, and their connection to the failed company appear in public records that are easily searchable, indefinitely.

Creditors – particularly individual creditors who have lost significant sums – can identify these individuals. Former employees who have not received expected redundancy payments can identify them. Suppliers with outstanding invoices can identify them. These are not abstract grievances directed at a corporate entity; they are personal grievances directed at people.

The NFTAC (National Firearms Threat Assessment Centre) and NaCTSO threat assessment frameworks both recognise the escalation pathway from financial grievance to targeted threat: online research to identify the individual, direct contact with threatening or accusatory content, escalating frequency and tone, and in a small number of cases, physical confrontation or worse. Not all grievances escalate. But the pattern is consistent enough to require a monitoring and response protocol.

Personal security for directors during the event

Directors face the highest personal risk profile during the most acute phase of the insolvency event: the week of the administration filing, the period when large creditor or staff meetings take place, and the weeks immediately following redundancy notifications.

During these periods, a security review should cover the following elements.

Home address security. If the director’s home address is researchable through Companies House director records (which it often is, or was historically), a basic residential security review is warranted: the condition of perimeter security, external lighting, and alarm and CCTV coverage. The Electoral Register suppression scheme and Companies House registered address suppression under the ECATA 2023 are legal mechanisms for reducing the searchability of the director’s home address for future filings, though they do not address information already in the public record.

Threat monitoring. Monitoring of direct communications (email, phone, social media contact) for threatening or escalating language. The first threatening communication should be reported to the police and documented. The Protection from Harassment Act 1997, the Malicious Communications Act 1988, and the Communications Act 2003 s.127 all apply to threatening or offensive messages. Documentation from the outset establishes the evidence base for restraining orders or prosecutions.

Journey security. During the acute phase, the director’s routes to and from the insolvency practitioners’ offices, relevant courts, and any creditor meetings should vary. Creditor meetings, in particular, are attended by the people most likely to have a grievance and to have done the research to identify the director’s face and movements.

Personal protective equipment. Close personal protection is warranted where specific, credible threats have been received, where the financial sums involved are very large and creditor anger is demonstrable, or where the director has received media attention that has generated a volume of hostile public comment. The threshold for CPO deployment should be threat-specific, not precautionary, unless the nature of the insolvency warrants a higher baseline.

Insider threat during the redundancy period

The period between redundancy notification and physical departure is the highest insider threat window in a corporate insolvency.

An employee who knows they are being made redundant has both access and motivation. The data they can extract – customer lists, supplier contracts, financial records, product specifications, personnel files – has value to competitors and may also be used as leverage. The Computer Misuse Act 1990, GDPR Article 32 (appropriate technical and organisational security measures), and employment contract confidentiality obligations all create legal liability after the fact. The practical mitigation is procedural.

At the point of redundancy notification, network access should be reviewed and adjusted to operational necessity only. Elevated privileges (admin access, financial system access, HR data access) should be revoked unless operationally required through the notice period. Unusual data access or large downloads in the days before and after notification should be flagged by the IT security monitoring system.

Physical handover of credentials – keys, fobs, access cards, company mobile devices, and any physical security materials – should be conducted as a formal process at the point of departure, with a signed receipt. This is not bureaucratic formality; it is the mechanism for ensuring that former employees do not retain physical access to the premises after their employment has ended.

For managing the insider threat dimension during this period, the framework in our insider threat and corporate security guide applies directly. For the crisis communications and incident management requirements that frequently accompany a major insolvency event, see our corporate crisis management and security incidents guide.

Sources:

Insolvency Act 1986. HMSO. Company Directors Disqualification Act 1986. HMSO. Companies House: Director Conduct Reporting Requirements. 2024. Computer Misuse Act 1990. HMSO. Protection from Harassment Act 1997. HMSO. Malicious Communications Act 1988. HMSO. UK GDPR Article 32: Appropriate Technical and Organisational Measures. ICO, 2024. NaCTSO: Identifying and Managing Workplace Violence Risk. 2024. NFTAC: Targeted Violence Assessment Framework. 2024. ASIS International: Workplace Violence Prevention Standard, ASIS WVPI.1-2011. Reaffirmed 2023. Control Risks: Corporate Restructuring Security Requirements. 2024. R3 (Association of Business Recovery Professionals): Administration Process and Director Obligations. 2024.

James Whitfield is a Senior Security Consultant with experience in executive protection, corporate security programme design, and security management during high-risk corporate events.