Cable theft. Arson. Vandalism.
Rapidly documented, weather and airspace permitting.
After the worst has happened — rapid aerial capture, structured incident reporting and an OSINT indicator review (open-source intelligence — structured review of public signals: forums, marketplaces, leaked credentials, social channels) looking for indicators consistent with targeting, opportunistic activity or wider cluster activity. Broker- and insurer-facing evidence, on a fixed-price quote.
If your site has just been hit and you need a pilot on the ground — call. Initial triage is normally same-day during working hours.
Six deliverables. One incident.
Post-incident drone capture combined with OSINT-led intelligence on indicators consistent with targeting, opportunistic activity or wider cluster activity — packaged as evidence your insurer, broker and asset owner can review inside the claim window.
On-site drone deployment as soon as airspace, weather and access allow — usually within 48–96 hours of the call. Full-site capture, damaged-area close-ups and access-route documentation.
Annotated orthomosaic, marked-up imagery showing extent and pattern of damage, and where applicable an updated 3D model so the post-incident state can be compared cleanly against any prior capture.
The differentiator: a structured sweep of dark-web mentions, Telegram channels, marketplace activity and forum chatter for indicators that may correlate with the incident — site or kit references, credential exposure, signs of activity around nearby sites. Findings are graded for source reliability and reported with their evidential weight, not as proof.
Structured for the insurance claim: timeline, scope of damage, evidence trail, OSINT findings, control-review areas for client consideration. Same intelligence-discipline rigour as the flagship Assessment — dual-graded and source-cited.
90-day OSINT monitoring on the site, the parent organisation and the surrounding cluster. Repeat hits and serial targeting are the norm in renewables-site theft, not the exception — the watch period catches second-attempt signals.
Standalone single-page extract for broker and underwriter handover — aggregate risk rating, headline incident facts, evidence references and operator-owned control-review pathway. Built for inclusion in the claim file.
Loss adjusters assess the claim. We add aerial evidence and intelligence indicators that help frame whether the activity appears more consistent with targeted, opportunistic or cluster-linked activity.
Cable theft, copper theft and arson at unmanned renewables sites are not always random. Some sites appear to be scoped in advance, including by groups who post asset types and locations on closed channels; others are opportunistic. The same intelligence sources that may surface pre-incident signals can also be used, after one, to look for indicators that the site or nearby assets may have appeared in hostile or opportunistic planning material. The output is reported with source and confidence grading, not as a verdict.
That changes the conversation with your insurer, your broker and your board. A documented incident with a structured indicator review sits very differently in a claim file than a "we got hit, here’s the damage" email. It also informs the question your underwriter will ask before renewal: how likely is this site to be hit again?
This is the same OSINT-and-aerial methodology that underpins the flagship Site Security Vulnerability Assessment, applied with a different trigger: instead of preventing the hit, we’re documenting it and surfacing what was publicly or semi-publicly discoverable about the site before the incident.
Four phases, one engagement.
The clock starts when you call. Most engagements deliver the full pack inside 7–10 working days; urgent claim deadlines can be accommodated with same-week reporting where airspace and weather cooperate.
Initial phone scoping — site location, incident type, what’s already been documented, claim deadlines, access constraints. Fixed-price quote within the same call where possible.
Desk-based intelligence can normally begin before site deployment: dark-web mentions, marketplace listings of stolen kit, Telegram channel chatter, social signals. Runs in parallel with deployment planning.
Pilot on-site as soon as access, weather and airspace permit. Aerial capture, walkdown of damage, geotagged photographs, updated 3D model where relevant. Coordinated with police if a crime scene is active.
Broker- and insurer-facing incident report, broker one-pager, OSINT findings register, operator-owned control-review pathway. 90-day repeat-targeting watch starts on the day the pack is delivered.
Five incident types we cover.
- Document damage and access patterns from the air
- Run an OSINT indicator review for targeting, opportunistic or cluster-linked indicators
- Build an evidence pack that can support the claim file
- Watch for repeat-targeting signals for 90 days
- Replace police forensics or interfere with an active crime scene
- Make insurance determinations or adjust claims (that’s your loss adjuster)
- Recover stolen property or pursue offenders
- Contact, name or attempt to identify suspects from OSINT findings
Where police are at the site, we coordinate with the senior officer before flight. We don’t fly over an active crime scene without their agreement.
Quote-led, fixed-price per incident.
Incident response is scoped per site and per incident. The quote depends on site size, complexity, travel, claim-deadline urgency and the depth of OSINT work required. We’ll come back with a fixed price during the initial scoping call — and the quote is what you pay.
Existing flagship Assessment or Managed Capture clients get incident response at preferential rates and faster deployment, because the baseline data is already on file.
- All six deliverables included
- 90-day repeat-targeting OSINT watch
- Standard travel within mainland UK included
Sign onto a flagship Assessment or Managed Capture programme within 30 days of the incident pack delivery and a discount is applied to the programme fee.
First hits are common. Repeat targeting is a recognised risk pattern.
Sites that have been hit once are at elevated risk of being hit again. The OSINT signal can point at why — if kit appears on shopping channels, if access details are circulating, if response timings are now public. The 90-day watch flags emerging signals; the next step is closing the gaps that made the site attractive in the first place.
The flagship one-day engagement — full physical walkdown, OSINT indicator review, dual-graded findings register, broker-ready pack. Built to surface the gaps that made the incident possible. Discounted for clients moving from incident response within 30 days.
See the AssessmentRecurring drone visits on a fixed-cadence retainer, building an evidence baseline that future incidents can be compared against. Useful for sites that have been hit and need ongoing eyes on them while operator review and follow-up roll out.
See Managed CaptureWhat buyers ask in the first five minutes.
If your site is still smoking, skip this and dial the number below. If you’re comparing options or talking to your broker, these are the questions we get asked most.
Will the data hold up in an insurance claim?
How fast can you actually get on site?
What if days or weeks have passed already?
What is the OSINT indicator review actually looking for?
Can the report support an investigation or claim file?
If your site has been hit — call now.
Initial triage is normally same-day during working hours. If we can deploy, we agree a fixed price on the call and the OSINT indicator review can normally begin before site deployment. If we can’t deploy fast enough for your claim deadline, we’ll tell you on the call.