- Death, injury – physical and psychological – to members of staff, including key employees
- Physical damage to buildings, vehicles, and other assets
- Loss of data and damage to information systems
- Reputation damage through poor preparation
- Loss of market position
What you can do
- You should make sure you are receiving good assessed information relevant to your business
- As an organisation, you should consider your physical vulnerability to the impact of a terrorist attack or major incident
- You should consider seeking professional advice on other areas of vulnerability
- You should consider your business profile, trading partners, connections and public profile and seek help in assessing and reducing vulnerability
- You should try to assess whether your neighbours raise your vulnerability
- You should consider with your HR department whether your pre-employment screening processes are effective
- You should ask yourself the difficult “what if” questions and be satisfied with your own answers
- You should NOT assume it won’t happen to your business
- You MUST have a crisis management plan
- You MUST have a positive security culture
All businesses have a “duty of care” to staff and to customers. The legal implications to the management team if someone is injured or killed as a result of a failure on the part of the management in the event of a critical incident can be enormous.
Changing the Security Culture
Engendering a security culture without creating a tense atmosphere of fear is a finely balanced objective.
It has to begin at the top, but still for too many senior executives security is perceived as an unwelcome cost to be born grudgingly. Good security does mean cost, but it is the thing we care about most and people who don’t have confidence in their security will not perform well.
Moving down through an organisation, specific security responsibilities need to be assigned. People need to know who to speak to about concerns. They also need to know what is expected of them. Post an incident, an often heard lament is ‘No one told me I had to challenge strangers!’ People need to be encouraged to be as concerned about their workplace as they are about their homes.
So companies need to invest in visible measures that give staff confidence. They must not be window dressing, a uniformed guard supplied by an agency patrolling reception when the threat level increases, is not an alternative to an integrated and assessed security response. It may also be a waste of money! But a monitored electronically controlled access system may be an effective answer.
Crisis Management Planning
Implementing a Crisis Management Plan and gaining the trust and co-operation from your senior management and personnel is a big task; however, by communicating the right message, to the right people, at the right time is critical to managing a major incident. Crisis Management is a disciplined, logical and consistent approach that aims to protect an organisation’s personnel and assets by reducing the potential loss before it occurs and mitigating injury, loss and damage if an incident happens.
Whether as victims of direct attacks or as result of collateral damage to widespread and indiscriminate terrorist campaigns, your organisation must consider the vulnerability to the following criminal and politically motivated acts:
- acts of terrorism
- commercial sabotage
- product contamination
- criminal damage
- kidnap, hostage, extortion and ransom
- major systems attacks and reputation assaults
To be wholly effective, an organisation’s Crisis Management Plan should anticipate the impact of:
- loss of life
- material damage
- lethal contamination
- business interruption
- low shareholder confidence
- loss of industry reputation
- clean up costs
By failing to take advantage of the first “golden hour”, those responsible for maintaining continuity can turn a serious situation into a major crisis. As a situation develops, failure to have planned an established Crisis Management mechanism will exacerbate risk, damage reputation and harm the ability of an organisation to work effectively with local Government officials and law enforcement. It is essential that comprehensive Crisis Management strategies are established, understood, rehearsed and effectively implemented.
There is an abundance of evidence that whilst a badly handled incident can cause complete organisational failure, organisations that are perceived to have handled a crisis well, will earn public respect, retain customer loyalty and become stronger in the long term.
Every business is different, run in different ways and located in different areas. These differences, combined with the real threat of terrorism, should determine whether your organisation is at immediate risk. By investing time and resources and by being prepared and responding quickly with confidence, will demonstrate your organisation’s ability to confront and deal with a major business crisis. This will allow you to mitigate adverse effects on your employees, surrounding communities and the environment, as well as helping to avoid costly losses.
Roy Ramm, Comsec Consultant