CASE STUDY — OPERATIONS & EXECUTION / OPSSEC
The $1.25M Problem That Cost 14,000 CHF to Fix. How one of the world’s top Swiss watchmakers discovered their biggest security threat
wasn’t sophisticated. It was structural.
Fraud Prevention
Switzerland
Operational Security
Process Design
Security Systems
Blind Spots
$1.25m
In losses before we came in
$395k
Wire fraud intercepted — live
$18k
Total cost to fix everything
The Engagement
Our client is one of the most respected names in Swiss watchmaking. Close to a billion dollars in annual sales. A founder with an impeccable reputation. A workforce that genuinely loved where they worked. By every measure that shows up in an annual report, this was a well-run company.
And they were hemorrhaging watches, money, and trust — without fully understanding why.
They came to us after losing 50 watches in a single month. At an average of $25,000 per piece, that’s $1.25 million gone. On top of that, there were multiple attempts to breach their banking systems. They thought they had a fraud problem. They’d already paid a Big 3 accounting firm to tell them so.
What they actually had was a security system’s problem. And those are not the same thing.
“We have a fraud problem. We need an enterprise-grade security overhaul.”
Three operational gaps with no process controls around them — each one independently exploitable, collectively catastrophic. The Big 3 report wasn’t wrong. It just wasn’t built for this company.
Field Note — Day 1: We walked into the accounting department and watched two employees split a $395,000 wire transfer into two smaller wires to honor what they believed was the owner's request — because the limit was $200K without written approval. They were trying to do the right thing. The system gave them no way to verify who they were actually talking to. The wire had already left the bank before we could stop it. We caught it at the correspondent bank. It came back in 10 days. It almost didn't come back at all.
Most clients come in thinking they have one problem. They almost always have more.
The accounting team wasn’t negligent. They were operating exactly as the culture trained them to: prioritize the owner’s requests, move fast, keep things running. The problem wasn’t the people. The problem was that a company approaching a billion dollars in revenue had no secure communication channel between the owner and the people authorized to move money. A fraudster with a voice-modulation device and access to the family’s social media — the owner’s children had posted that he was away skiing — had everything they needed.
That was problem one.
We toured the shipping and receiving department, expecting something hardened. What we found was a large garage door, a stack of unmarked brown boxes — watches sitting alongside inbound parts and outbound promotional materials, indistinguishable from each other — and a dumpster right next to the loading area.
The company had switched to plain brown boxes after branded packaging telegraphed the contents and triggered theft. A reasonable call, made in isolation. But it traded one risk for another: the watches are almost certainly left in their boxes, but mistaken for other boxes with different contents, with no system to catch them.
That was problem two.
The Big 3 report addressed the company’s controls as if it were a large public corporation. Technically sound. Completely wrong for the culture, the size, and the way this founder actually ran his business.
That was problem three.
Field Note — Shipping & Receiving: A DHL courier arrived while we were observing. The door opened. There was confusion about which boxes were outbound. Nobody was being careless — there was simply no physical separation between receiving, storage, and shipping. In an environment like that, $1.25 million in watches can disappear without a single bad actor inside the building.
We didn’t hand them a binder. We fixed the actual problems.
On the communication vulnerability: We established a private fax line — numbers that appeared on no outbound communications — used exclusively between the owner and the five people authorized to move money. Each of those five received a burner phone with no stored contacts and no traceable link to the business. Any significant financial decision requires verification through that channel. Total cost: under 1,000 CHF (~$1,270 USD).
On the shipping exposure: We recommended cyclone fencing with two-handed gates to create hard physical separation between receiving, shipping, and storage. Not complicated. Not expensive. A time-proven operational control that the company had simply never implemented as it scaled. We also moved the dumpster, put a lock on it, and required a two-person sign-off before anything was discarded — no unopened packages, ever. Total cost: 13,000 CHF (~$16,500 USD).
On the consulting mismatch: We set aside the Big 3 report entirely and built recommendations around how this business actually operated. The owner wanted simplicity. His employees wanted to do right by him. Every fix we made worked with that culture instead of against it.
A business solution should not fit the customer like a straitjacket. It should fit like a fine tailor’s suit.
Field Note — The Presentation: The owner's first response when we walked him through our recommendations was: "Why did I waste 60,000 CHF (~$76,200 USD) on that accounting firm?" The answer is that the firm wasn't wrong — they just built for a different company. The recommendations the owner and his team actually implemented were the ones that fit the way they worked. That's not a detail. That's the whole thing.
The headline number is $1.25 million in annual exposure stopped. Not recovered — the watches that were already gone were gone. What we stopped was the bleeding. The $395,000 wire we caught mid-transfer came back. The structural vulnerabilities that made both possible were closed.
The number we’re most proud of is this: three years later, the owner sent us a note. Several more attempts had been made against the business and against him personally. None succeeded. The burner phones were held. The fencing held. Not a single watch had gone missing since our visit.
14,000 CHF (~$18,000 USD) fixed what 60,000 CHF (~$76,200 USD) couldn’t — because the 60,000 CHF solution wasn’t built for this company.
We want to be clear about something. We built the systems. The owner and his team ran them. They were a well-run business before we arrived. What they needed wasn’t a transformation. They needed someone to find the gaps that growth had quietly opened up — and close them.
The three years of clean operation are theirs.
Sound familiar? Operational security failures don't start in IT. They start in the gaps of your processes — in the places your business has grown past the systems designed to protect it.
No pitch. No pressure. Just an honest conversation.