The image of a silhouetted second plane flying into the south tower of the World Trade Center will haunt our collective memory for years to come. In the aftermath of September 11th, commentators were quick to assert that the world would never be the same again, and although the threats we face post-September 11th are technically no different from those we faced before, in the course of a few hours a significant change did occur. Firstly, there is now widespread appreciation of the urgent need to tackle the terrorist threat head-on, and secondly the nature of the threats and the shift in targets from diplomatic staff to the business community and general public, is now understood beyond specialist circles. As a result, counter-terrorism policymakers have gained the support they need to construct new and effective policies for improving security at home and abroad. But the threat to companies is not limited to terrorism. In fact, it is often the lower-impact but higher frequency threats, such as petty street crime and medical problems, whose cumulative effects have more serious long-term consequences for business. The policy community must now make the most of the heightened general interest in security issues, whilst avoiding the pressure to focus on terrorism to the exclusion of all other security threats.
The Nature of the Threat
Figures from the US State Department’s Patterns in Global Terrorism 1999 show that the business community is now the primary target for international terrorists. In 1999 it accounted for 58% of US targets as opposed to 18% for government or diplomatic staff. This shift in targets is a logical strategy for terrorists to employ, as the private sector is now, in many ways, a more effective target than governments for bringing a country to its knees. National infrastructure and resources – from transport to water and energy supply – are now often owned or operated by private companies. In addition, the prevalence of so-called ‘just-in-time’ production and distribution methods, means that vital supplies like medicines and food can run out quickly. This was illustrated in 2000, when a small group of fuel protesters brought the country to a standstill in 72 hours. With more capacity, determination and weaponry, terrorists are capable of much more. Finally, the middle- to long-term impacts of such attacks on national and global economic confidence are considerable. As Tony Blair commented recently, “Confidence is, by its very nature, directly affected by political events. Those that promote stability increase confidence. Those that tend to instability diminish it. And it can show up, quite quickly, in the jobs, investment and hence living standards of communities in countries like Britain, far from the original source of instability.” By targeting companies and their civilian employees, terrorists spread fear among the public who feel closer to the danger when the targets are offices rather than embassies.
A Public Policy Response to the Terrorist Threat to Business
Many companies have revised their security strategies in the last few months. While there is much that individual organizations can do to reduce the risks and limit the impact when terrorists do strike, it is also vital that companies and the government work together to produce a co-ordinated strategy. Businesses must implement preventative measures to make themselves harder targets for terrorists, by making it more difficult for unauthorized personnel to enter their buildings, by modifying computer systems to limit the possibilities of cyber-terrorism, and by advising their staff on ways of avoiding potential threats in and around the workplace, and when on assignments abroad. The recent Turnbull Report underlined the responsibility company boards have to implement effective risk management plans, and although it could have gone further, it is useful in promoting such disciplines within companies. Terrorism is not a new threat and it is not one that is going to go away. Studies have shown that about 80% of companies without
a workable recovery plan will fail within one year of suffering a major attack, so it is crucial for companies to take business continuity seriously. The fact that the final death toll in the World Trade Center was considerably lower than initial estimates, is in no small part due to the fact that the building had been bombed in 1993 and companies had subsequently carried out training for evacuations and fires. September 11th also highlighted the partnership needed between companies and the public services. Both preventative and impact reduction strategies are dependent on relevant, accurate and up-to-date intelligence, and it is vital to revisit debates about what levels of access British businesses should have to government sources. While all companies have access to information in the public domain, some individuals obtain more detailed briefings on an informal basis through personal or professional contacts, resulting in an uneven distribution of information. Security intelligence is also distributed by a wide range of government departments, from the Home Office, Cabinet Office and DTI, to the Department of Health and the FCO, making it harder for companies to know who to approach. The UK policy community would do well to examine initiatives like the Overseas Security Advisory Council (OSAC), set up by the US State Department in 1984. The OSAC is dedicated to communicating with US businesses who face security threats in their operations overseas, and welcomes requests and inquiries for information from individual companies, and the business community as a whole. The Regional Security Officer (RSO) within US embassies performs a similar function in each region. The OSAC model may not be a blueprint for the UK, but it could offer useful ideas to be explored further by the UK policy community.
Widening the Focus – A public policy for corporate personnel security
While different security mechanisms are needed to counter different types of threat, a number of generic systems, such as global communication networks, need to be put in place. There must also be common and clear rules about the parameters of corporate responsibility and when individuals’ common sense must kick in. Without such rules, undue pressure is put on corporations and individuals alike. A generic agenda for responsibility should be at the heart of an effective safety policy, and such a policy must also anticipate new challenges, rather than react to immediate concerns. Strategies set up with a single threat in mind will eventually require modification – particularly as terrorists and criminals shift their activities with greater speed and ease than ever before. Governments must demonstrate that they understand the challenges faced by the business community, who in return must take the necessary precautions to limit the damage terrorism and other threats pose to their collateral and personnel.
The Way Forward
The tragic events of September 11th reinforced the UK policy community’s commitment to creating an effective policy for keeping Britons and British interests safe both at home and abroad. The government and British companies have a tremendous responsibility to seize this momentum, and their task is made easier by the fact that there is greater understanding among the general public of the extent of the risks, and renewed support for change. But this new support also puts pressure on policymakers to provide quick fix solutions for the immediate concerns about terrorism. While the terrorist threat is a real and important one, it is vital that any new policy addresses the full range of threats faced by businesses. Not only will this create a better policy now, it will also have a much longer shelf life.