Protecting the Past, Securing the Future: a conversation with Valentina Sabucco on the Evolving Landscape of Museum Security

We recently met Valentina Sabucco during the discussion event that ARTE Generali held in collaboration with Apollo in Maastricht during TEFAF, dedicated to the topic “Make art safe (AGAIN) – How do you mediate the risks of showing art in museums?” . Alongside Valentina, the panel featured Christopher Maxwell (Chair and Eloise W. Martin Curator of Applied Arts of Europe at the Art Institute of Chicago) and Jan Six XI, collector and art historian. The conversation was moderated by Edward Behrens, Editor of Apollo, whose guidance sparked a thoughtful exchange on the challenges and opportunities facing museums, institutions, and private collectors when it comes to lending and exhibiting artworks.

Following this insightful debate, we sat down with Valentina Sabucco to explore her vision for the evolving landscape of art security in museums — and to understand how cultural institutions can protect their past while preparing for an increasingly complex future.

1. What are the most underestimated risks museums face today when it comes to protecting their collections?

Insider threats is one of the most underestimated risks, as individuals naturally tend to trust colleagues and may hesitate to question their behaviour, particularly when dealing with longstanding staff members or those in senior positions. However, personal circumstances such as financial, social, or cultural pressure, as well as organisational decisions that may affect an individual’s sense of loyalty, can influence behaviour over time. These factors may increase the risk of intentional harm or create vulnerabilities to coercion or blackmail.

At the other end of the spectrum, accidental damage typically arises from a lack of awareness rather than malicious intent. Cultural venues often assume that staff, contractors, and visitors understand how to handle artworks appropriately. In practice, this is not always the case. For example, components of contemporary installations may be mistaken for waste and discarded, surfaces may be improperly cleaned, or visitors may interact with artworks that are not designed to be touched, resulting in unintended damage.

Finally, cyber threats are becoming increasingly prevalent, and cultural institutions are not immune. While awareness is growing, such risks still remain underestimated across the sector. Cyber incidents can have long-lasting consequences, affecting daily operations, compromising technical systems, hindering the recovery of critical data, and exposing sensitive information relating to both visitors and staff.

2. From your experience, what common structural or organizational weaknesses do you see in museum security?

Quite frequently, a lack of engagement from senior leadership can significantly increase an organisation’s overall risk exposure. It is therefore essential that risks are clearly communicated alongside practical solutions. This enables Boards and Directors to understand the organisation’s risk profile and make informed decisions regarding priorities, resource allocation, and expenditure. In turn, this supports effective governance by clearly defining roles and responsibilities across the organisation.

Another common weakness is the persistence of siloed working practices, where teams operate independently without sharing knowledge or developing joint solutions. Functions such as IT, security, estates and facilities, and human resources must collaborate closely, as each contributes to the organisation’s overall security posture. Effective information sharing ensures that systems are secure, personnel are appropriately vetted, and vulnerabilities are minimised. This integrated approach, often referred to as “security convergence”, is essential to reducing gaps that could be exploited by adversaries.

3. As museums move toward prevention instead of reaction, what does a practical, modern preventive security culture look like?

Proactive risk management is only possible when an organisation understands the threats it faces. Risks are not static; they evolve over time in response to the social, cultural, economic, and political context, as well as the nature of exhibitions or events being hosted. For example, certain items may be perceived as controversial, potentially attracting protests, while others may be targeted due to their value or appeal to criminals.

Organisations should regularly review and update their risk assessments, particularly following incidents, so that these documents remain dynamic tools for preparing and implementing targeted security measures that address potential vulnerabilities. Effective security requires the engagement of all staff — security is everyone’s responsibility.

4. How can museums stay open and welcoming while still protecting their art, especially with the rise of protest-related incidents?

Balancing accessibility and security is one of the most challenging aspects of managing cultural venues, with the risk of both over- and under-specifying security measures. The guiding principle for any decision should be proportionality: security measures should reflect the nature of the collection, the likelihood of it being targeted, and the potential impact. In other words, not all items require high-specification cases or multiple layers of barriers.

Technology can play a valuable role in supporting security, but it should be viewed as an aid to human activities rather than a replacement. Systems can be hacked, tampered with, or become obsolete, and they require ongoing maintenance. Their implementation should therefore be carefully considered, regularly reviewed, and integrated into a broader security strategy.

While venues should strive to manage and mitigate risks, some residual risk is inevitable. As long as decisions are clearly documented and risks minimised as much as reasonably practicable, this represents an acceptable approach.

5. For museums with limited budgets, which quick, high-impact steps can most improve safety for art, staff, and visitors?

• Invest in staff training: Staff can be the most effective element of your security strategy. Front-of-house personnel and invigilators, for example, can often be the first to notice suspicious activity or behaviour but they need training to recognise these and have clear mechanisms to report it to those responsible for the overall site security. Training should also cover how to manage difficult situations and respond appropriately to incidents.

• Be mindful of online content: Marketing and social media are important tools for attracting visitors and showcasing activities, but the information shared can be exploited by adversaries. Avoid posting details that could reveal security arrangements or vulnerabilities.

• Conduct open-source research: Publicly available information such as reviews, social media posts, and images in which your venue is tagged, can provide valuable insights into how your organisation is perceived, highlight potential weaknesses, and identify areas for improvement. This research does not require advanced investigative skills and can be performed quickly by staff, providing actionable steps to strengthen the overall security posture of the organisation.

About the author

Valentina Sabucco

Manager Security and Protection Advice, Arts Council England

Valentina Sabucco is Manager Security and Protection Advice at Arts Council England, where she leads on strategic security guidance and risk-based protective advice for cultural organisations borrowing under the UK Government Indemnity Scheme. In this role, she assesses the security arrangements of venues and storage facilities, supporting institutions to manage risks while safeguarding public access to cultural heritage.

Her professional experience spans security advisory practice, risk management, and cultural property protection. Prior to joining Arts Council England, Valentina worked with organisations including UNESCO and Blue Shield International, contributing to research, policy development, and the delivery of training on best practice in the protection of tangible cultural heritage.

She is co-author of La protezione dei beni culturali dalle aggressioni criminali (The protection of cultural heritage from criminal aggressions) and a contributing author to Safeguarding Cultural Property and the 1954 Hague Convention: All Possible Steps.

Valentina holds a Level 4 Protective Security Adviser qualification and the ASIS Associate Protection Professional (APP) certification. She holds an MA in Heritage Studies from Newcastle University and a BA (Hons) in Classics from Università Cattolica del Sacro Cuore. She is an active member of ICOM’s International Committee for Museum Security, the ASIS Cultural Properties Community, and UK Blue Shield.