High-occupancy urban infrastructure is the backbone of many corporations. In a narrow sense, this combines the physical estate, information networks, equipment and building services that allow an organisation to function. In a wider sense the mass transportation networks, the places of food and entertainment used by workers, even the home working all underpin business operations. Interruption to any of those components can cause disruption ranging from simple inconvenience to potentially existential impacts.
The density of people and buildings, the myriad of business sectors, individual companies, and nations that are represented in our high streets and financial districts continue to present an attractive target for terrorism, protest and civil disorder. They are a magnet for the expression and venting of grievances, real and perceived, with workplace violence and the ‘insider threat’ from radicalised individuals also of increasing concern at global level.
High-profile acts of terror carried out by Islamist extremists, notably the so-called Islamic State (IS), deflect attention from other ideological actors, especially right- and left-wing extremists, compounding the complex challenge of detecting and responding to radicalisation. The convergence of ideological and personal motivations in violent attacks remains among the most challenging aspects of the evolving terrorism threat environment.
Freely available data on everything from building layouts to the names and whereabouts of specific individuals increases the vulnerability of companies and their workforces in the urban environment.
Companies mindful of their duty of care are facing two main trends:
1. Diversification of violent extremism
Although Islamist extremists, ethno-nationalist insurgents and leftist guerrillas remain the main sources of lethal terrorist violence in most countries in 2018, extremist fringes of a wider range of ideological movements appear to be embracing violence. These include lone individuals accessing extremist ideology online but acting outside organised groups. Online propaganda and social media allow individuals to participate in political movements without formal organisational ties. As with homegrown Islamist extremists, this has made the threat environment less predictable.
2. Expansion of tactics
Recent ideological extremist attacks indicate an increasingly diverse portfolio of tactics, techniques and procedures. This has been extensively documented among Islamist extremists, who have adopted low-tech, low-cost tactics such as knife assaults and vehicle-ramming.
Preventing mass-casualty attacks and active shooter incidents at facilities globally continues to be a top priority for Control Risks’ clients. The shift towards low-tech attacks against public spaces has stretched traditional concepts of duty of care and operational disruption. In addition, the overlap between workplace violence incidents and threats involving radicalised employee insiders creates a more complex threat environment for companies and their employees.
Fortunately, corporate responses, including insider threat programmes and workforce active assailant training work regardless of the attackers’ motivation.
“Companies often underestimate the impact of individual elements in the ‘supply chain of urban infrastructure’.
In a large corporate headquarters to which several thousand people commute every day through relatively few major transport nodes, an event such as a terrorist attack can have a devastating impact on staff and operations.
In the aftermath of the attacks near London Bridge in June 2017, more than 120 businesses were within the police post-incident cordon for over five days during which they were denied access.”
The governmental response
National and local governments strive to provide a safe and secure environment for businesses and society, from intelligence and policing through to the creation of physical or virtual ‘rings of steel’ around central business districts and transportation hubs. National agencies also provide guidance on how to:
- harden (corporate) infrastructure against attacks
- plan for the worst and respond to incidents
- develop and implement business continuity and crisis management plans
Authorities routinely disseminate information and basic intelligence regarding threat levels and appropriate precautions and countermeasures. In Europe, for example, the European Commission has funded significant research projects on urban resilience over several years. These projects have sought to bring together private and public expertise on subjects as diverse as behavioural science, artificial intelligence and machine learning, surveillance and detection systems, security and intelligence processes and procedures, and hard security engineering. However, these programmes, vital as they are, can only ever address the threats and risks in part.
To protect their business, people and assets, organisations need to understand how they fit into the ‘supply chain’ of the urban environment.
Being crisis ready: five key steps to increased resilience of your corporate infrastructure
Despite efforts by governments and other public bodies to provide secure working environments, there is an inevitable gap between this provision and the specific requirements of individual organisations. The need to meet duty-of-care obligations, the regulatory requirement to manage operational risks in line with the many applicable governance codes designed to protect stakeholder interests, together with requirements of insurers, are all factors that help shape and support corporate programmes.
Five key steps for crisis readiness and effective response:
1. Assess your threats and risks – and do so regularly
Understanding what you are most likely to face is crucial to be able to design and implement commensurate risk mitigation strategies. In order to generate the required executive buy-in and funding, it can be beneficial to link this threat and risk domain to the organisation’s overall risk or enterprise resilience management strategy.
2. Design protection into the business environment
Physical enhancement of reception areas and up-skilling of security guards and receptionists to help mitigate the risk of marauding attacks or protesters can be carried out relatively easily. It is a measure that many have put in place in the aftermath of the Charlie Hebdo attack in Paris in 2015. Physical hardening of real estate, such as blast-resistant glazing and surveillance systems supported by intelligent video analytics can be undertaken, although this can be an expensive option where retrofitting is required.
3. Educate your staff, train often
Education and training programmes for your workforce cannot only help reduce the potential impact of incidents, but can also help instil confidence among employees. These programmes range from simple team briefings to online learning tools that can alert staff (without alarming them) to the threats inherent in the urban environment, through to more detailed instruction on actions around specific events, such as an active shooter.
4. Have a ‘nerve centre’ and communicate
More and more businesses are establishing Global Security Operations Centres (GSOCs). It is increasingly seen as the only way to actively understand and manage complex and rapidly evolving threats and risks. GSOCs continually monitor threats and risks, analyse patterns and trends and provide tracking of staff. The use of advanced technologies such as big data, AI and predictive analysis is becoming indispensable for these nerve centres to effectively deal with the almost insurmountable amounts of threat and risk data. They communicate with and disseminate information to a globally distributed workforce and other key stakeholders in the resilient supply chain, such as public security organisations and other businesses. This infrastructure is excellently placed to support the response to incidents and crises with coordination, information and communication. Their 24/7 monitoring role allows them to rapidly assess where people and assets are. To be able to perform this role, these nerve centres require highly available and secure workflow and mass and emergency communication platforms, such as Crisis Resilience Online.
5. Be ready to respond and communicate
Should the worst occur, directly or indirectly, the nature of the initial response will have a significant bearing on how quickly an organisation can recover and adapt to the changed environment. Well-structured plans that have been rehearsed and widely disseminated, together with the right support tools such as highly available and secure workflow and mass and emergency communication platforms, will pay dividends.