Terrorism in risk management: a distorted focus
Terrorism is at the heart of the security debate. Indiscriminate attacks on the streets of London, Berlin and Paris have ensured terrorism is never out of the public eye, as civilians are faced with the spectre of an attack. In Western Europe, the discussion is dominated by Islamist terrorism. Concern is rising about the return of fighters from Iraq and Syria, while Islamic State sympathisers, domestically radicalised through online propaganda, have organised and executed independent attacks. In the US, terrorism driven by other motivations, such as far-right extremism and a shadowy online community named ‘incelism’, an ideology based on male-dominated perceptions of sexual marginalisation, have been thrust into the limelight by recent incidents.
Is the focus on terrorism in risk management leading to a counterproductive approach?
Many businesses have been quick to install counter-terrorism measures at the heart of their risk management programs. Attempting to mitigate the risk to both personnel and facilities is a daunting task, and in many cases, can distort holistic risk management. Being involved in a significant terrorist attack would have a serious impact upon an employee, but in reality, the likelihood of being impacted by a terrorist incident in Western Europe or the US is minimal.
Using the UK as a case study, the number of people killed in terrorist incidents per year since 9/11 is fewer than the number killed throughout the 1980s and 1990s, when Irish separatist terrorism was at its peak. In England, there have been only four years in which a fatal terror attack has been recorded since 2001, the most notable years being 2005, when the 7/7 attacks occurred, killing 52 and 2017, when 36 people were killed during three attacks at Westminster Bridge, Manchester Arena and London Bridge. The increase in attacks during 2017 led to fears that the collapse of the Islamic State’s self-proclaimed caliphate in Iraq and Syria was acting as a catalyst for further attacks, but the trend did not continue into 2018.
Studies show that due to the current levels of terror-related fatalities in the UK, citizens are fourteen times more likely to be killed by hot water than a terror attack and 400 times more likely to be killed using a mobile device while operating a vehicle. The statistics behind terrorism are rarely discussed, despite the quantitative data displaying the slim chance of being killed in an attack. The broader impact of terrorism beyond the initial attack makes it important at a state level, owing to secondary impacts upon the economy, infrastructure and short-term resources, but incidents rarely have an effect on corporate entities.
Concurrent to this is the distorted focus on terrorism in risk management programs. In reality, attempting to mitigate the risk of terrorism is better when built into a more holistic program. When training employees on the risks posed by terrorism, the focus is largely placed upon heightened situational awareness in public spaces, recognising unusual or suspicious behaviour, or identifying exit routes from facilities. While this advice is pertinent, it is not just true for terrorism. Employees should be advised to follow this advice to mitigate the risks posed by criminality, unrest and many other risk factors. Creating a travel risk policy which focuses on ensuring that employees are advised on how to monitor for all risks, rather than just terrorism, allows employees to identify risks which are less high impact but more likely to occur, such as opportunistic criminality.
Risk assessments of facilities should also consider a wider array of potential risks rather than terrorism alone
Risk assessments of facilities should also consider a wider array of potential risks rather than terrorism alone. During the initial assessment of a site, potentially at-risk areas such as entrances, car parks and areas with limited security measures are better evaluated through a holistic analysis. An intruder entering a site without being challenged or holding the right credentials is highly unlikely to be a terrorist, but businesses should consider ensuring all persons entering a facility are processed through basic security measures, such as a signing-in policy or being provided with a temporary pass. Built into an all-encompassing risk assessment, the risk of terrorism is largely mitigated by basic security protocols.
The issue of terrorism is likely to remain pertinent for many years and businesses have a responsibility to ensure their assets worldwide are protected against terrorist incidents. The recent trend of indiscriminate attacks utilising unsophisticated weaponry means that, although highly unlikely, employees could be impacted by terrorism when going out to get lunch or travelling home from work. Integrating training, assessment and education of terrorist risks into a comprehensive risk management plan allows employers to mitigate the minimal threat posed by terrorist actors to corporate entities.
