Terrorism is now a key business risk – and too many companies are insufficiently prepared
Terrorism is a threat that has clearly registered with London’s top executives. Along with fraud, regulation and reputation, it’s up there as a major risk that could damage their business and, worse, harm the public and their employees.
With the threat level currently at “severe”, we should be under no illusions: terrorists would dearly love to attack London. And, as the adage goes, terrorists only have to be successful once, but the security services need to be right all the time. The threats can come in a myriad of forms – from a “marauding terrorist firearms attack”, the jargon for what happened in Paris, where automatic weapons were let off indiscriminately, to a suicide bombing as tragically happened at Brussels airport on Tuesday.
Brussels shows that the nature of any attack can be very simple. From a terrorist’s point of view, it doesn’t matter what they use, as long as it causes fear and panic. That’s why the simple advice of the authorities to members of the public – to stay calm, vigilant and report anything suspicious – is so important.
The key to preventing these attacks is to get the right intelligence. Since the gruesome attacks on London in 2005, the intelligence community and the police have delivered strong performance. Indeed, since August 2014, London has been subject to seven attempted attacks – all foiled.
But business also has a part to play in preventing and responding to incidents. Most of London’s biggest firms have their own teams of security analysts, and plans that are ready to roll out in the event of a relevant incident. They have good links with the police – and a service called the Cross-Sector Safety and Security Communications (CSSC) hub helps them share information with the authorities.
In the aftermath of any attack, businesses with staff travelling abroad are inevitably concerned to find out if they are safe and whether they need any support. And back home, many are taking action to make their businesses more resilient to any attack. But there is still much more to be done.
New research we conducted with PwC has found that 90 per cent of businesses believe that resilience is greater when functions such as risk management, business continuity, IT disaster recovery and security are joined up. But only 37 per cent believe these are currently appropriately joined. And only 67 per cent believed their organisations are “somewhat equipped” to survive major incidents and disruptions. Just 22 per cent think they are fully equipped.
The fact that businesses are self-critical might indicate a strong intent to improve, but the survey does certainly suggest that there is room for progress. And there is always a danger that a lack of incidents on home turf will make companies complacent. Within 48 hours of the Paris attacks last year, firms were unable to recruit any more skilled security guards. With budgets for security under a constant squeeze, businesses may find that, however good their strategic vision for security is, they will not able to buy what they need if they leave it to the last minute.
The business community is doing a lot to stay resilient – but there is still some scope for improvement.