When thieves stole more than $80 million in jewels from the Louvre in Paris, they didn’t exploit a total absence of security but rather gaps in the museum’s broader security program, encompassing both aging systems and situational awareness, according to early reports. The museum’s director later confirmed that the balcony used in the break-in wasn’t covered by a functioning external camera; the only camera nearby faced the wrong direction. Meanwhile, French senators have questioned how a truck with an extendable lift could park the wrong way on a major road beside the museum, up against the wall, for two hours without anyone challenging it.

Even without cameras aimed at that façade, the scene alone should have prompted a quick response. A basic perimeter patrol, one of the most fundamental layers in any protection plan, might have noticed the lift, verified whether any construction work was scheduled, and reported or challenged the activity. If perimeter security had been fully briefed on maintenance schedules and empowered to question irregularities, the setup might have been recognized as suspicious much sooner.

This was not simply a matter of technology but of coordination and awareness. It is a reminder that the effectiveness of security depends as much on people and processes as on equipment. While details of the Louvre incident are still emerging, it already illustrates that upgrading cameras without strengthening the human and procedural layers around them provides only partial protection. Even the most advanced systems can falter when hardware, communication, and on-the-ground awareness aren’t aligned.

Whether Louvre or Local: The Same Lesson Applies

Whether it’s priceless jewels at the Louvre or a student sculpture outside a school, the principle is the same: meaningful protection starts with understanding risk, not just adding hardware. After the theft of a $7,000 student sculpture, the Toledo School for the Arts (TSA) is expanding its outdoor surveillance. The decision makes sense, but as the Louvre demonstrates, ensuring that cameras are functioning is only part of the process. Just as important is identifying where the initial installation may have missed blind spots, or where later changes to the physical environment have created new ones.

Public art thefts often succeed not because there are no cameras, but because the wrong areas are monitored, the footage is poor, or staff don’t recognize what’s unfolding in real time.

Start with a Risk Assessment

An informed, holistic risk assessment is the most valuable first step in any security upgrade. It helps determine where cameras truly add value, where other controls are more effective, and how human factors can bridge the gaps that technology alone cannot. It also encourages institutions to define what “normal” looks like and to prepare personnel to recognize when something deviates from it.

At the Louvre, based on the information currently available, it remains possible that a risk assessment had been conducted and that some vulnerabilities, such as misdirected cameras, limited external coverage, or coordination challenges with law enforcement, were already known. What is clear, however, is that no measures appear to have been taken to address these issues before the theft occurred. Reporting has also raised the possibility of insider involvement, suggesting that someone with access to such information could have acted before improvements were made. And if no assessment had been performed, this incident makes clear that one was long overdue.

At Toledo, a proactive assessment can help ensure that any planned upgrades are accompanied by immediate, practical measures, such as improved lighting, clear sightlines, and staff awareness, so that technology and human judgment reinforce each other from the start.

Building a Layered Security Program

True security depends on a program that integrates technology, people, and process, reinforced by continuous testing and awareness. Even the most advanced systems and well-designed procedures are only part of the equation; the other part is the readiness of those who use them. Just as phishing simulations and training have increasingly turned employees into active participants in cybersecurity, testing has long been a core element of effective physical security programs, even if we do not read about it as often. Simulations and scenario-based exercises help staff stay alert to potential risks and understand how to respond effectively. When systems are maintained, teams are trained, and procedures are practiced, protection becomes proactive and resilient, and culture becomes one of vigilance and shared responsibility.

The Real Lesson

Whether protecting national treasures or student art, security should be seen as a living ecosystem, part technology, part vigilance, and part culture. The Louvre case underscores that even in world-class institutions, risk management is a continual process, not a static achievement.