Independent Security and Risk Advisors
Security BlogRead our latest security insights.

Part Two: Our CCTV findings on 4000+ cameras – What have we learnt?

Physical SecurityTwo weeks ago we revealed some key CCTV findings on over 4000 cameras we have evaluated over the last four years.

These cameras are connected to 89 separate CCTV systems of various sizes and configurations that we have been engaged to review.

In that article, we specifically looked at camera performance and how well they worked in their respective applications.  You can check it out here.

In this article, we examine these 89 CCTV systems and see if they measure up against the evaluation criteria we use when we assess CCTV systems.

When we evaluate CCTV systems, there are a series of data sets outside of cameras, that we are also interested in.

The main one naturally is – are they performing their intended function?

For most CCTV systems however, there are many other things we look at, to determine if a CCTV system is in fact fit for purpose.


These are the things we look at to evaluate whether a CCTV system is performing as it should:

  • Gaps in coverage – it is important to not only understand where cameras are, but where they aren’t. Are there any critical areas that do not have appropriate coverage? Where else should cameras be installed?
  • Recording resolutions and frame rates – just because a camera can record at high-resolution, it doesn’t mean it does. Many CCTV systems can record at one resolution and display at another and often camera resolutions and frame rates are reduced as a way of minimising storage requirements.
  • Media archiving – how long can the data be stored for and is it appropriate to the application?
  • Communications network – are there data transmission issues such as frame dropping, pixilation or other issues that suggest issues with the broader CCTV network?
  • Displays and control systems – are the monitors and control systems appropriate for the application? Are they easy to operate? Can the operators see and do what they need to?
  • Operator permissions – what are the CCTV operators allowed to do with the systems? Is there a risk of footage making it on to Youtube?
  • System intelligence and alarm interfacing – how is the system monitored and what level of intelligence is applied to the systems to make it more effective from an operational perspective?
  • Policies and procedures – are the appropriate policies and procedures in place?
  • System reliability – is the system overall reliable and able to perform its intended function?


Here is what else we have learnt:

Even with the transition to megapixel cameras over the last 5 years or so, the vast majority of cameras (67.8 %) are still only recording at 4CIF or 0.4 megapixel. That is not terribly surprising because we commonly review older CCTV systems. What is surprising is that some sites still insist on recording at lower resolutions to save on storage. One building was recording all their analogue cameras at just 0.025 megapixel which is ridiculously low resolution by today’s standards.

The average archive period was 22.4 days per camera.

What is surprising is that some sites still insist on recording at lower resolutions to save on storage.

Only 23 of the 89 systems we reviewed (25.8%) were enterprise or server based systems. Considering the average number of cameras associated with each system is 45.2, we think this is a little crazy. Sure, it’s less expensive to use DVR’s but good servers are far more reliable. Which CCTV vendor quotes MTBF (mean time between failure) rates for their DVR’s? I can’t think of one.

17 systems (19.1%) were interfaced to access control systems that allowed CCTV feeds to be linked to alarm events. We are strong advocates for this and believe the lack of interfacing is attributed to hardware selection in some instances and a basic lack of knowledge of what is possible in others.

Just 7 systems (7.8%) involved some level of intelligence or analytics within the CCTV system. In nearly every example, this was just basic video motion detection, nothing more. This is perhaps the most disappointing aspect of surveillance today, that we still have such a heavy reliance on people to detect what is going on. If you recall from the previous article, the largest system we reviewed involved 343 cameras. How can people be expected to monitor that many cameras? It is simply not possible. In fact, monitoring staff generally don’t even know when cameras have failed, let alone detect criminal or other behaviour of interest.

This is perhaps the most disappointing aspect of surveillance today, that we still have such a heavy reliance on people to detect what is going on.

One site did have some quite clever analytics installed that detected a variety of abnormal behaviours. However, the alarm screens would get lost amongst all the other images displayed and were mostly ignored by operators.

28 or 31.4% of all systems had some level of operator control in place. Typically operators would need to log-on to the system with unique credentials and their level of access would be limited accordingly. The systems with the best level of operator controls were generally those operated by Police or a major corporate client. They also seemed to be associated with the larger systems overall.

Just 19 or 21.3% of the systems reviewed had any sort of CCTV specific policies and procedures in place.

In closing, we thought we would include what we believe is about the worst CCTV image we have seen from a functioning CCTV camera. And yes! the darker shapes represent people.

Ineffective CCTV Example - Matryx Consulting

Matryx is proud to acknowledge the Aboriginal and Torres Strait Islander Peoples as the Traditional Custodians of the lands, and we pay our respects to Elders past, present and emerging.

© 2024 Matryx Security Consultants | All Rights Reserved