Skip to main content
← All Case Studies
Field Study · Physical Security

What CCTV cannot see, the business cannot read.

[DRAFT — fill in real data] Mid-market organisation operating across multiple sites, with an established physical-security investment in CCTV and a parallel cyber-security stack.

[DRAFT — fill in real data] The organisation operated a network of cameras installed over a period of years, with placement decisions made at different times by different teams. Some cameras were installed for compliance reasons, some for incident response, some at the request of a specific manager. No single decision-maker held a unified view of what the system was generating — or, more importantly, what it was not.

Problem Statement

CCTV systems are often evaluated from a physical-security perspective, focusing on coverage, field of view, and incident-recording capability. However, camera placement decisions directly influence the quality, completeness, and usefulness of the data generated by the surveillance system. When critical events are not captured at the point of creation, the resulting data cannot effectively progress through the subsequent stages of the data lifecycle, reducing its value for security, operations, governance, compliance, investigation, and business-intelligence purposes. This study investigates how poor camera placement affects the eight stages of the data lifecycle and limits the intelligence that can be derived through the Korvai 22-Lens Framework.

The 8 Data Stages

Where the data was lost.

The findings below trace data through its lifecycle. At each stage we note which gap type — missed, ignored, disconnected, untrusted, unused, or misclassified — applied.

01

Created

  • Missed

    [DRAFT] Critical zones (loading docks, secondary exits, transition areas) were outside any camera field of view. Events occurring in these zones generated zero data — nothing to read, nothing to retain.

  • Misclassified

    [DRAFT] Cameras intended for general coverage were treated as evidence-grade. Frame rate, resolution, and lighting were insufficient for forensic use, but the data was archived as if it were.

02

Transmitted

  • Disconnected

    [DRAFT] Camera feeds reached the recording system but were not transmitted onward to the SIEM, the access-control correlation engine, or the HR access-anomaly monitor. The footage existed in isolation.

03

Transformed

  • Misclassified

    [DRAFT] Footage was compressed and re-encoded for storage efficiency, degrading the data below the threshold needed for licence-plate, facial, or asset-tag recognition. The transformation made downstream lenses unreadable.

04

Stored

  • Untrusted

    [DRAFT] Storage retention was set to 30 days. Incidents discovered after that window had no evidentiary record — even when the events themselves were captured at creation.

05

Consumed

  • Unused

    [DRAFT] Footage was reviewed only after an incident was reported. No proactive analysis, no behavioural pattern detection, no correlation with badge-reader or HR data. The data sat unread until something forced it to be opened.

06

Acted Upon

  • Ignored

    [DRAFT] When patterns were visible in retrospect (repeated after-hours access, recurring loitering, vendor activity outside contract hours), no documented action was taken. The intelligence was visible but not actionable inside the existing organisational workflow.

07

Retained

  • Misclassified

    [DRAFT] Retention rules were uniform across all cameras. High-value zones (cash-handling areas, executive corridors) had the same retention as low-value zones (parking-lot perimeter). Compliance-relevant footage was sometimes lost before audit cycles.

08

Deleted

  • Missed

    [DRAFT] Auto-deletion ran without exception flags for active investigations or legal-hold scenarios. Footage relevant to an open HR matter was deleted on schedule before legal counsel was made aware it existed.

The 22-Lens Reading

What the data — once converged — said.

Not all twenty-two lenses fire for every case. Below are the lenses that surfaced material findings for this engagement, grouped by family.

Security & Risk

Security Lens

[DRAFT] Physical-breach evidence gaps in transition zones between covered and uncovered areas — the most common vector for insider walk-out theft.

Risk Lens

[DRAFT] Insurance exposure: claim disputes citing CCTV evidence were resolved against the organisation in 3 of 4 cases reviewed, due to gap-based reasonable doubt.

Threat Lens

[DRAFT] Pre-incident behavioural sequences (scouting, loitering, dwell-time anomalies) were uncapturable for one third of facility perimeter — pattern detection foreclosed at the data-creation stage.

Governance & Assurance

Compliance Lens

[DRAFT] Regulatory recording obligations (industry-specific) were technically met by camera count but failed substantively because of placement: required zones had no usable footage.

Audit Lens

[DRAFT] Two of the previous three internal audits flagged "CCTV coverage" as adequate. The audit checked existence, not effectiveness — a methodology gap the converged read makes visible.

Policy Lens

[DRAFT] No written policy defined what constituted "adequate placement." Decisions had been delegated to vendors and field staff for over a decade.

Operations & Performance

Operational Lens

[DRAFT] Throughput, queue formation, and traffic-flow data could have been derived from existing footage but were not — placement and retention foreclosed operational re-use.

Asset Lens

[DRAFT] Asset movement (especially high-value mobile inventory) was untrackable across the facility because adjacent cameras had non-overlapping fields of view and no shared timestamp synchronisation.

Vendor Lens

[DRAFT] Contractor activity outside contract hours appeared in footage but was never reconciled against vendor access logs — a class of after-hours risk made invisible.

Business & Strategy

Business Intelligence Lens

[DRAFT] Customer / visitor flow patterns — already paid for in the CCTV investment — were not extracted, denying the business a continuous behavioural data source.

Financial Lens

[DRAFT] Shrinkage and inventory-loss patterns visible in the footage were never quantified — reasonable estimate of unrecovered exposure exceeded the annual CCTV operating budget by a factor of [X].

Data & Human Factors

Data Quality Lens

[DRAFT] Even where data was created and stored, downstream usability was degraded: timestamps were inconsistent across recording units, image resolution was insufficient for AI-assisted review, and audio (where captured) was lost in re-encoding.

Trust Lens

[DRAFT] Because placement bias systematically excluded certain zones, the resulting dataset was not a representative record of facility activity — meaning conclusions drawn from CCTV review carried a hidden selection bias.

Human Behavior Lens

[DRAFT] Insider behavioural anomalies correlate strongly with the uncovered zones — likely a learned avoidance pattern. The system had inadvertently trained the population it was meant to monitor.

"Data not captured at creation cannot be recovered downstream. Camera placement is not a security decision. It is a data-creation decision."
Consequences

What it cost the organisation.

Financial

[DRAFT] Insurance claim denials, undocumented inventory loss, and legal-defence costs in matters where CCTV evidence was incomplete.

Operational

[DRAFT] Incident response delayed by hours when footage from adjacent zones had to be reconstructed manually. Repeated incidents went undetected as patterns.

Compliance

[DRAFT] Two regulatory observations issued in the last two years referenced footage gaps or retention shortfalls. Both could have been prevented by placement and retention policy applied at creation.

Reputational

[DRAFT] Two public-facing incidents in which the organisation could not produce supporting footage. Both reached local media. Trust takes longer to rebuild than the cost of fixing placement.

What the Converged Read Surfaced

The so-what.

[DRAFT] Until the converged read, the organisation believed it had a working CCTV system. The 8-stage and 22-lens framework revealed that the system was a *data-creation* failure, not a *data-storage* one. Adding cameras, increasing retention, or buying analytics software would not have closed the gap. The gap was at the point of capture — and the loss compounded at every downstream stage. The intervention was not technical. It was procedural: every new camera installation now passes through a placement review that scores the decision against all eight stages and applicable lenses before mounting.

Methodology Note

[DRAFT] Findings were gathered through a combination of physical walk-throughs, footage sampling across a 90-day window, correlation against badge-reader and HR records, and structured interviews with security operations, facilities, compliance, and legal stakeholders. Customer identity, location, and quantified figures have been anonymised. All conclusions are representative of the methodology rather than a verbatim record of any single engagement.

Your Data, Read

What is yours telling — that nobody is reading?

One conversation. No commitment.

Request a Conversation