Close

We use cookies to give you the best possible online experience. If you continue, we'll assume you are happy for your web browser to receive all cookies from our website. See our cookie policy for more information on cookies and how to manage them.

Knowledge store

Knowledge store general enquiry form
Submit enquiry

Contact us

Call our customer services team on:

0345 366 6666

Email - riskadvice@aviva.com

Terrorism - Planning Issues for Financial Service Organisations [Hardfacts]

Introduction

Though the likelihood of terrorism affecting a business is lower than the risk of fire or flood it is an increasing threat that cannot be ignored, especially as the consequences of an attack can be catastrophic. The reliance on the electronic data and control of information, particularly in the Financial Services sector, can magnify the consequences of such an event.

Losses are calculated not just in damage to property and short-term loss of business and profits, but also in less tangible longer term factors, such as a drop in client and public confidence, which days or weeks of in operation would generate. In financial organisations particularly, every second ‘down' could cost millions of pounds.

The Potential Terrorist Threat in the Finance Sector

"The threat from terrorism is real and serious and you need to consider security planning" - Centre for Protection of National Infrastructure.

The Current Threat level from International Terrorism (in the UK) is Severe - Home Office January 2016.

Until relatively recently, the terrorist threat in Great Britain was perceived to arise from the activities of the Provisional IRA (PIRA) but they signed the Good Friday Agreement in April 1998. Although a threat still exists from dissident groups such as the "new" IRA, ONH and Continuity IRA (CIRA), together with IS and Al Qaida and associated networks, other terrorist groups who are willing to pursue their own local or nationalist agendas anywhere they feel they can have an influence and gain international media coverage are also a potential threat.

Additionally, similar threats to organisations could arise from other parties including animal rights activists, disaffected individuals and people wanting to cause harm or disruption to an organisation.

Key Action Steps

  • Method of Attack
  • Managing the Risks
  • Step 1 - Identify the threats
  • Step 2 - Establish what you wish to protect
  • Step 3 - Identify risk reduction measures
  • Step 4 - Review and rehearse

Methods of Attack

Bombs are a popular terrorist weapon but most are improvised and delivered by a variety of methods. The most relevant to businesses are vehicle, letter or hand-carried. Bombs can be explosive, incendiary, chemical or biological and although the risk of such being sent to most companies is extremely low, the threat posed by telephone bomb threats and suspect mail should be taken very seriously. Another growing threat is electronic attack by hacking, insertion of malicious software or hardware and denial of service. Finally, some external threats often rely entirely upon the co-operation of an ‘insider' permanent, temporary, contract or agency staff.

Managing the Risks

The best way for you to manage the risks is to begin by identifying any vulnerability. This will allow security improvements to be made and what type of security plans require to be developed. A simple 4-step process will enable you to do this.

For most businesses there will be no concern and simple good practice combined with vigilance and some consideration of contingency arrangements will be required.

STEP 1 - Identify the Threats

You may need to consider the following:

  • The current national/international picture of recent terrorist activities
  • Anything specific about your building or activities which would attract a terrorist attack
  • Do you have a special relationship with a high profile organisation?
  • Are you located in an area with high risk neighbours and thus have potential to suffer collateral damage?

STEP 2 - Establish What You Wish to Protect

You will probably have 4 main areas you wish to protect:

  • People - staff, visitors, contractors
  • Property - the building and its contents
  • Information - electronic and other data
  • Processes - critical procedures etc
  • People will normally be your first priority the importance of the remainder will depend upon the nature of your business.

STEP 3 - Identify Risk Reduction Measures

Aim to reduce it to an acceptable level by introducing measures appropriate to your business. These will normally fall under 3 headings:

1. Physical Security

Most businesses have introduced various security measures to deter criminals including good quality locks to doors and windows, grilles or shutters, intruder alarm protection which signals to an Alarm Receiving Centre, CCTV, security guarding and security lighting amongst others and these can be just as effective against terrorist activity. Therefore before introducing additional security measures, review those you already have; ensure they are properly used and maintained. Other measures which you could take include:

  • Set up bomb threat and evacuation procedures and rehearse them regularly
  • Protect against flying glass - anti shatter film, bomb blast net curtains and blast resistant glass are all available
  • Identify designated safe areas where evacuation can take place should this be the best solution; preferably the area should have access to drinking water, toilets and be located away from windows and glazed areas; a battery operated radio will enable staff to keep up to date with events should there be a power failure and disrupted communications
  • Process incoming mail in 1 location only and ensure staff are properly briefed and trained as to how to open post with the minimum of risk
  • Operate good housekeeping practices with effective staff, visitor and vehicle access control. Additionally, regular searches of the premises are advisable if there is a specific threat or increased level of alert in the area.

2. Information Security

  • Ensure company networks are equipped with appropriate protection against unauthorised access especially when connected to the internet. Regularly review the level of protection and consider a penetration test
  • Always ensure that your information is regularly backed up and preferably securely stored at another location
  • Consider encryption for particularly sensitive information
  • Arrange for the secure disposal of confidential waste by shredding, incineration or similar

3a. Own Staff

  • Establish the true identity of new staff - ask for full name, address, date of birth and supporting document such as a passport plus a recent utility bill
  • Take up references and proof of qualification from previous employers, colleges etc and check with the authors that they are genuine
  • Ask for details of unspent convictions where allowed under the Rehabilitation of Offenders Act, 1974 (as amended in 2012)
  • Where relevant seek proof of the right to work in the UK
  • Operate a security awareness programme
  • Install physical access controls to sensitive areas

3b. Contract and Agency Staff

  • Use only contractors who are accredited to a professional body within their industry
  • As part of your contract with them ensure that contractors validate the identities of their staff; monitor their compliance
  • Provide passes with photographs to contract staff with the pass to be worn at all times
  • Ensure they are supervised, particularly when in sensitive areas

STEP 4 - Review and Rehearse

Regularly review and rehearse your plans to ensure they remain appropriate for the current threat level and are workable in the light of changes which will occur to your business whether involving the structure, personnel, equipment or processes. It is also important that your staff accept the need for security measures and understand that security must now be part of everyone's responsibilities.

Further Information Sources

Various websites offer further general guidance and advice including the following:

UK Security Service www.mi5.gov.uk

Centre for Protection of National Infrastructure www.cpni.gov.uk

UK Resilience Cabinet Office www.cabinetoffice.gov.uk/ukresilience

The Counter Terrorist Security Advisor at your local police force

Next Steps

  • Source discounted products, available to Aviva insured customers and brokers, via our Preferred Supplier Scheme - click here to find out more about the savings you could make
  • Call our Risk Helpline on 0345 366 66 66
  • Email us at riskadvice@aviva.com
  • View our Tools and Templates

Please Note
This document contains general information and guidance and is not and should not be relied on as specific advice. The document may not cover every risk, exposure or hazard that may arise and Aviva recommend that you obtain specific advice relevant to the circumstances. AVIVA accepts no responsibility or liability towards any person who may rely upon this document.

Rate this entry

Was this helpful to you?