Physical intrusions can be dealt with by encrypting the keys, which I hope they are doing. Using a secret sharing scheme with physical tokens (e.g. smartcards) carried by chosen employees should reduce the danger of both of those attacks.