For tips, tools and guidance on all things risk management, just search for a topic you’re interested in or use the below pods.
Though the likelihood of terrorism affecting a business is lower than the risk of fire or flood it is an increasing threat that cannot be ignored, especially as the consequences of an attack can be catastrophic. The reliance on the electronic data and control of information, particularly in the Financial Services sector, can magnify the consequences of such an event.
Losses are calculated not just in damage to property and short-term loss of business and profits, but also in less tangible longer term factors, such as a drop in client and public confidence, which days or weeks of in operation would generate. In financial organisations particularly, every second ‘down' could cost millions of pounds.
The Potential Terrorist Threat in the Finance Sector
"The threat from terrorism is real and serious and you need to consider security planning" - Centre for Protection of National Infrastructure.
The Current Threat level from International Terrorism (in the UK) is Severe - Home Office January 2016.
Until relatively recently, the terrorist threat in Great Britain was perceived to arise from the activities of the Provisional IRA (PIRA) but they signed the Good Friday Agreement in April 1998. Although a threat still exists from dissident groups such as the "new" IRA, ONH and Continuity IRA (CIRA), together with IS and Al Qaida and associated networks, other terrorist groups who are willing to pursue their own local or nationalist agendas anywhere they feel they can have an influence and gain international media coverage are also a potential threat.
Additionally, similar threats to organisations could arise from other parties including animal rights activists, disaffected individuals and people wanting to cause harm or disruption to an organisation.
Key Action Steps
Methods of Attack
Bombs are a popular terrorist weapon but most are improvised and delivered by a variety of methods. The most relevant to businesses are vehicle, letter or hand-carried. Bombs can be explosive, incendiary, chemical or biological and although the risk of such being sent to most companies is extremely low, the threat posed by telephone bomb threats and suspect mail should be taken very seriously. Another growing threat is electronic attack by hacking, insertion of malicious software or hardware and denial of service. Finally, some external threats often rely entirely upon the co-operation of an ‘insider' permanent, temporary, contract or agency staff.
Managing the Risks
The best way for you to manage the risks is to begin by identifying any vulnerability. This will allow security improvements to be made and what type of security plans require to be developed. A simple 4-step process will enable you to do this.
For most businesses there will be no concern and simple good practice combined with vigilance and some consideration of contingency arrangements will be required.
STEP 1 - Identify the Threats
You may need to consider the following:
STEP 2 - Establish What You Wish to Protect
You will probably have 4 main areas you wish to protect:
STEP 3 - Identify Risk Reduction Measures
Aim to reduce it to an acceptable level by introducing measures appropriate to your business. These will normally fall under 3 headings:
1. Physical Security
Most businesses have introduced various security measures to deter criminals including good quality locks to doors and windows, grilles or shutters, intruder alarm protection which signals to an Alarm Receiving Centre, CCTV, security guarding and security lighting amongst others and these can be just as effective against terrorist activity. Therefore before introducing additional security measures, review those you already have; ensure they are properly used and maintained. Other measures which you could take include:
2. Information Security
3a. Own Staff
3b. Contract and Agency Staff
STEP 4 - Review and Rehearse
Regularly review and rehearse your plans to ensure they remain appropriate for the current threat level and are workable in the light of changes which will occur to your business whether involving the structure, personnel, equipment or processes. It is also important that your staff accept the need for security measures and understand that security must now be part of everyone's responsibilities.
Further Information Sources
Various websites offer further general guidance and advice including the following:
UK Security Service www.mi5.gov.uk
Centre for Protection of National Infrastructure www.cpni.gov.uk
UK Resilience Cabinet Office www.cabinetoffice.gov.uk/ukresilience
The Counter Terrorist Security Advisor at your local police force
This document contains general information and guidance and is not and should not be relied on as specific advice. The document may not cover every risk, exposure or hazard that may arise and Aviva recommend that you obtain specific advice relevant to the circumstances. AVIVA accepts no responsibility or liability towards any person who may rely upon this document.
Was this helpful to you?
Call 0345 366 6666 to speak to our qualified advisers for help and advice.