At a glance
- From cyber-attacks to the crude inflicting of mass casualties, the nature of modern terrorism is continually evolving and adapting
- Terrorism is a difficult threat for organisations to manage, and the range of guidance and advice can make preparation a daunting prospect
- We explore the shifting threats posed by terrorism and signpost organisations to some of the main sources of guidance and advice
The threat of modern terrorism covers a wide range of attacks, from disrupting business or infrastructure, to cyber-attacks, to the deliberate causing of death and injury in random acts.
Terrorism is a difficult threat for organisations of all types, because it is not specifically created by work activities. The risk is a deliberate one, but not one created by the insured.
Recent attacks in public places, often with the use of hire vehicles, are not necessarily linked to the owner or operator of that site or asset; they are a means to an end. However, for some businesses, the threat is foreseeable, and insurers will expect it to be assessed and reasonable mitigation put in place, monitored and reviewed over time.
In the UK, there has been a shift towards soft targets for terrorism and much of the information from our security services is aimed at making those targets harder for terrorists.
We explore this changing nature of modern terrorism, and signpost businesses and organisations to some of the main sources of guidance and advice on counter-terrorism.
Shifting targets and changing risk assessments
The National Consortium for the Study of Terrorism and Responses to Terrorism (START) produces and manages the Global Terrorism Database, a comprehensive record of global terrorist attacks from 1970 to the present day.
START shows that the overall number of attacks in the UK generally decreased from the mid-1990s until 2007, followed by a steady increase over the past decade. The methods used by terrorists are also changing, with important implications.
With the increase in “low technology” attacks – with blades or motor vehicles, for instance – intended human targets have changed from specific individuals to random members of the public. In addition, overall rates of attack against UK infrastructure are higher now than in the 1970s.
In terms of targets, the vast majority are private citizens (32%) followed by businesses, the military and the police. This is different than in many world regions, where attacks are most prevalent against the security services.
These changing threats make it even more important that organisations are equipped with appropriate resources and guidance related to counter-terrorism and risk prevention.
Guidance on threat levels and counter-terrorism measures
Using national and international security service intelligence and a range of other data and projections, MI5 monitors the UK’s terrorist threat level and generates a current terrorism threat level from Low (an attack is unlikely) to Critical (an attack is expected imminently).
While this data and information is fairly generic, businesses can use it to help develop counter-terrorism risk assessments, and as an indication for when to be more on guard.
The data can also provide additional insight into whether a site is vulnerable because of its infrastructure role, whether it provides a concentration of people in one place, what type of attack is most likely and what weapons may be used. It can also help inform the development of risk management and control and response strategies, based on the most relevant guidance for any particular situation.
Beyond MI5, The Centre for the Protection of National Infrastructure (CPNI) – which aims to reduce the vulnerability of the national infrastructure to terrorism and other threats – can provide actionable advice and information. Importantly, the CPNI works closely with the National Cyber Security Centre, which as the name suggests, provides advice on cyber security that may be terrorist in nature.
The National Counter-Terrorism Security Office (NACTSO) is the most comprehensive single source of advice on counter-terrorism for most business sectors and organisations.
NACTSO produces sector-specific guidance, plus counter-terrorism advice on people and property risk management and security. In addition to guidance, it provides checklists to assist organisations in reviewing their current security measures and determine what else they can do.
Adopting a risk management plan
As with many low likelihood / high severity risks, adopting a risk management plan for the event of a terrorist attack is often not top of the list of priorities. However, good practice in conventional risk management is appropriate for counter-terrorism, and all organisations will benefit from adopting a risk management approach and counter terrorism plan that covers:
- Policy – clear statement of what you want to achieve through planning, preparedness, response and recovery.
- Systems – processes you need to deliver the policy, including risk assessment.
- Physical measures – hardware to provide protection, response and recovery.
- Human measures – procedures to provide safe, competent and motivated workers and suppliers.
- Validation – checks, including drills, inspections and reporting, on the performance of your plan.
- Partnerships – liaison with stakeholders to obtain advice and provide mutual support.
- Communication – communication means and messages for internal and external audience.
- Adaptability – regular reviews leading to adaptation and improvement of the counter-terrorism plan.
Assessing and managing potential terrorist threats may seem a daunting task for some organisations. However, by staying abreast of expert recommendations and making use of the available resources, it is possible to develop good practice and appropriate risk management.
For more information, please get in touch with your local Zurich contact.
NaCTSO Crowded Places Guidance – provides information on security risk management (threat assessment, communications, attack types, physical security, personnel security, etc.)
NaCTSO Guidance to improve your Security Stance – advice to security managers of crowded places to escalate their site’s security stance during a rise in the threat level to ‘Critical’.
The Resilient Design Toolkit for Counter Terrorism – an interactive guide taking readers through the construction design process so they can effectively integrate counter-terrorism measures into the building design process.
Protecting Crowded Places: Design and Technical Issues – advice about counter-terrorism protective security design to anyone involved in the planning, design and development of the built environment.
CitizenAID – a charity partnership between Queen Elizabeth Hospital Birmingham Charity, NaCTSO and other organisations, which produces a range of on and offline resources for individuals across any level of an organisation.
Project ARGUS – a NaCTSO counter terrorism and exercising initiative, provides training targeting primarily at senior managers.
Project Revise – a multi-media package which aims to highlight the potential misuse of hazardous materials to those who legitimately and routinely use them, in particular the academic community.
CPNI produced Security Awareness Campaigns – covering subjects including Employee Vigilance, Observing and Reporting Suspicious Behaviours, Personal Digital Footprints and Workplace Security Behaviours.