The platform

The risk management platform for corporate security

Holtium brings your risks, security controls, locations, and spending into one place, helps your team decide what to do next, and measures it all in dollars.

Losses avoided

Today + In progress + Full roadmap
Counting only controls that are live today.
−$19.4M Before your controls After your controls $48.6M $29.2M $150M $100M $50M $0
Mitigated risk
$19.4M
Severe year, mitigated
$54M
Worst case, mitigated
$210M+
Your active controls reduce exposure from $48.6M inherent to $29.2M residual in a year like this.
The problem

Your security program lives in too many places at once

Your risk scores sit in one tool, your controls in another, your projects in a third, and your spending in a spreadsheet. Each holds a piece of the picture, and the things that shape your risk most, the services you pay for and the activity at each of your locations, live outside the tools entirely.

Where are we most exposed?

Without a quantified picture, even a strong program leans on instinct to find the risk.

Where are we overspending?

Budget follows the loudest problem, not the one that reduces the most risk.

What should the next dollar protect?

With no single place to compare the options, the call is hard to defend when leadership asks.

What Holtium does

The platform your security team runs its program on

Holtium is one place where your risks, controls, locations, and spending come together. It helps you decide what to do next, and it measures your program in dollars, the language your leadership already speaks.

You do not run it alone. A Holtium Forward Deployed Risk Engineer, a named expert assigned to your account, works alongside your team, so you get the analysis without having to build it. And because decisions get made and tracked here, not filed away, it is a system of action, not a system of record.

How it works

The thread that ties your security work together

Holtium connects the pieces you already have, so every decision traces from the risk that drives it to the work that closes it.

Start with your risk register, or bring in the one you already have, and keep it current as your program changes.

Control mapping shows which risks each control reduces and which sites it covers, so you can see where you are protected and where the gaps are.

Model a change with the What-If simulator and see the effect on your exposure before you commit a dollar.

Every decision becomes a roadmap item with tasks, owners, and due dates, so you can always answer what is open at any site, who owns it, and whether it is getting done.

When a control is delayed or declined, the reason and a future review date go on file. What was decided stays visible, and your team is covered if something goes wrong later.

LOCATIONS MAP
LOCATIONS MAP — world map, markers sized by annualized exposure
The platform

Six capabilities, one connected system

Quantified risk position

A dollar figure for your risk: the baseline if you did nothing, what your controls already prevent, and the exposure that remains. A computed maturity model benchmarks your program against where one your size should be.

Risk register and control mapping

Your risks and the controls that reduce them, mapped to the sites they cover. The rest of the platform runs on this map, so the picture updates as the work gets done.

Decisions and business cases

Model a change with the What-If simulator and see the effect on your exposure before you commit a dollar. The platform then turns the decision into its business case: what it costs, how much exposure it removes, and what the spend buys.

Sourcing

We do not sell the controls ourselves, so what we recommend answers to your risk and nothing else. From your register, we help you define requirements, run the RFI, and compare vendors across the whole security market, and every purchase stays tied to the risk it addresses.

Policy and training

Draft your security policies, and plan and track the training that puts them into practice. Both stay tied to the risks and controls they support, so the rules your team follows and the readiness to meet them move together.

Governance and reporting

Keep every decision on file, including the controls you delay or decline, each with its reason and a date to revisit it. Each quarter, the program produces an executive risk report that reads like a page from a board packet.

Getting started

A platform, and the people who run it with you

Holtium is not software we hand over and leave you to run. A Forward Deployed Risk Engineer is assigned to your account, builds the first picture of your program from what you already track, and carries the analysis between meetings. You validate and calibrate, we do the heavy lifting, and most teams are up and running within weeks.

How much we run is up to you. Some teams run the platform themselves and meet us quarterly. Teams without a security strategy and governance function have us run the whole program, up to an embedded resource. Either way, most teams spend a few hours a month in the platform.

The number

How we put a dollar figure on your security risk

The first question every CFO asks is how you arrived at the figure, and it deserves a real answer. We start with your baseline, the loss you would face with nothing but doors, walls, and locks. We subtract the losses your current controls already prevent. What remains is your exposure today, broken into the kinds of loss behind it, such as safety, legal exposure, and reputation.

The model is built on recognized standards and loss data, the same quantitative discipline used in cyber, operational risk, and engineering. The loss data comes from recognized public and industry sources, such as Bureau of Labor Statistics and OSHA figures and sector-specific studies. Your figure begins as a range and sharpens as your controls are verified. Every figure traces back to what drove it, so you can stand behind it in front of your board.

EXPOSURE BREAKDOWN
Inherent risk exposure, with no controls $48.6M
Losses avoided by current controls −$19.4M
Residual risk exposure $29.2M
Residual risk exposure by loss type
Safety
$12.4M
Legal exposure
$9.1M
Reputation
$7.7M
“The executive vision is the difference. Other tools manage the day-to-day; Holtium shows leadership our exposure and coverage in dollars, which is the conversation that gets budget.”
Regional Security Lead, semiconductor manufacturer
Your data

Works with the systems and the data you already have

Your access control, video, and alerting systems produce data every day, and so do the services you pay for, the records in your spreadsheets, and the Governance Risk and Compliance or Enterprise Risk Management systems your company already runs. Holtium takes all of it. Our open API is live, so a system connects directly when its provider enables access, and flat files and exports work today. You do not need to replace anything to start.

FAQ

Questions we hear from security teams

How do you put a dollar figure on physical security risk?

We model each risk at each site using recognized standards and loss data, the same quantitative discipline used in cyber, operational risk, and engineering, starting from the data you already track. The figure starts as a range, sharpens as your controls are verified, and always traces back to what drove it.

What data do you need to get started?

Whatever you already have, in any format: incident data, site assessments, guard contracts, insurance schedules, spreadsheets, and exports. Your engineer maps it for you, and most teams are up and running within weeks.

Do we have to replace our existing tools?

No. Your access control, video, and alerting systems keep doing their jobs. Holtium connects to what they produce, directly through our open API where providers enable access, and through flat files and exports otherwise.

We’re a large company with a small security team. Which program fits?

Program fit follows how your security function is staffed today, not your revenue. A small team at a large company usually fits the Mid-market program, where your Forward Deployed Risk Engineer carries the program between meetings. The price reflects your footprint either way.

What happens to the assessments we already paid for?

They become input. We ingest the assessments you already have, map the findings to risks, controls, and sites, and keep the picture current as controls change, instead of letting the report age in a drawer.

We already use AI tools on our security data. What does Holtium add?

AI on a folder of documents can only summarize what the folder contains, and the answer can change each time you ask. Holtium brings what the folder does not have, a documented methodology and the loss data behind it, so the same inputs produce the same figure and every figure traces back to what drove it. And a chat window cannot run a program. The register, the control mapping, the roadmap, and the business cases live in one system, and they all move the same number as the work gets done.

See what your exposure is worth