Protecting your corporate infrastructure: A strategic response
- Security Risk Management
- Crisis Response
Strategic response to increasing security threats in the urban environment
High-occupancy urban infrastructure is the backbone of many corporations. In a narrow sense, this combines the physical estate, information networks, equipment and building services that allow an organisation to function. In a wider sense the mass transportation networks, the places of food and entertainment used by workers, even the home working all underpin business operations. Interruption to any of those components can cause disruption ranging from simple inconvenience to potentially existential impacts.
The density of people and buildings, the myriad of business sectors, individual companies, and nations that are represented in our high streets and financial districts continue to present an attractive target for terrorism, protest and civil disorder. They are a magnet for the expression and venting of grievances, real and perceived, with workplace violence and the ‘insider threat’ from radicalised individuals also of increasing concern at global level.
High-profile acts of terror carried out by Islamist extremists, notably the so-called Islamic State (IS), deflect attention from other ideological actors, especially right- and left-wing extremists, compounding the complex challenge of detecting and responding to radicalisation. The convergence of ideological and personal motivations in violent attacks remains among the most challenging aspects of the evolving terrorism threat environment.
Freely available data on everything from building layouts to the names and whereabouts of specific individuals increases the vulnerability of companies and their workforces in the urban environment.
Companies mindful of their duty of care are facing two main trends:
1. Diversification of violent extremism
Although Islamist extremists, ethno-nationalist insurgents and leftist guerrillas remain the main sources of lethal terrorist violence in most countries in 2018, extremist fringes of a wider range of ideological movements appear to be embracing violence. These include lone individuals accessing extremist ideology online but acting outside organised groups. Online propaganda and social media allow individuals to participate in political movements without formal organisational ties. As with homegrown Islamist extremists, this has made the threat environment less predictable.
2. Expansion of tactics
Recent ideological extremist attacks indicate an increasingly diverse portfolio of tactics, techniques and procedures. This has been extensively documented among Islamist extremists, who have adopted low-tech, low-cost tactics such as knife assaults and vehicle-ramming.
Preventing mass-casualty attacks and active shooter incidents at facilities globally continues to be a top priority for Control Risks’ clients. The shift towards low-tech attacks against public spaces has stretched traditional concepts of duty of care and operational disruption. In addition, the overlap between workplace violence incidents and threats involving radicalised employee insiders creates a more complex threat environment for companies and their employees.
Fortunately, corporate responses, including insider threat programmes and workforce active assailant training work regardless of the attackers’ motivation.
The governmental response
National and local governments strive to provide a safe and secure environment for businesses and society, from intelligence and policing through to the creation of physical or virtual ‘rings of steel’ around central business districts and transportation hubs. National agencies also provide guidance on how to:
- harden (corporate) infrastructure against attacks
- plan for the worst and respond to incidents
- develop and implement business continuity and crisis management plans
Authorities routinely disseminate information and basic intelligence regarding threat levels and appropriate precautions and countermeasures. In Europe, for example, the European Commission has funded significant research projects on urban resilience over several years. These projects have sought to bring together private and public expertise on subjects as diverse as behavioural science, artificial intelligence and machine learning, surveillance and detection systems, security and intelligence processes and procedures, and hard security engineering. However, these programmes, vital as they are, can only ever address the threats and risks in part.
To protect their business, people and assets, organisations need to understand how they fit into the ‘supply chain’ of the urban environment.
Being crisis ready: five key steps to increased resilience of your corporate infrastructure
Despite efforts by governments and other public bodies to provide secure working environments, there is an inevitable gap between this provision and the specific requirements of individual organisations. The need to meet duty-of-care obligations, the regulatory requirement to manage operational risks in line with the many applicable governance codes designed to protect stakeholder interests, together with requirements of insurers, are all factors that help shape and support corporate programmes.