Posted by

Paul Bassett, Managing Director of Crisis Management at insurance broker Arthur J. Gallagher

29 Aug 2017

The terror threat in the UK is at an all-time high and the nature of terrorism is changing. Attacks have shifted from sophisticated, large-scale vehicle bombs designed to cause maximum property damage to indiscriminate, lone-wolf-style attacks which threaten lives and livelihoods. The devastating events in Europe over the last few months have shown that all organisations, regardless of sector or size, could be adversely impacted by terrorism, either directly or indirectly. In every eventuality, businesses must ensure they have measures in place to respond.

Crisis resilience research from Arthur J. Gallagher and YouGov has revealed the threat is growing, and businesses are aware of this. 8% of large UK company respondents have experienced a terrorism threat in the last two years, and 22% expect to in the next 12 to 18 months. But businesses remain largely underprepared to respond to crisis situations. Two in five large UK companies surveyed have not modelled their exposures and only half have tested their crisis-response systems in the last six months.

Among the UK’s SMEs, which are arguably more vulnerable to the effects of terrorism, Gallagher found an even more worrying state of preparedness. Almost half (44%) of those surveyed expect to face a security threat in the next 12 to 18 months, but fewer than one in five (17%) has assessed their exposure to the risks they face. More alarmingly, 43% admitted to having no business continuity, disaster recovery or crisis management plans in place at all.

In sharp contrast, three quarters (76%) of large businesses and more than two thirds (68%) of SMEs claim to feel ‘resilient’ to crises, suggesting a false sense of security based on companies’ current level of planning versus their actual ability to respond effectively . Not only does this indicate a ‘box-ticking’ exercise for many, but that SMEs in particular are sheltering under the misconception they are too small to be targeted. The reality is that firms’ greatest exposure to terrorism today is through non-damage business interruption (BI), such as denial of access to premises after being caught inside a large security cordon, ‘loss of attraction’ or unplanned evacuations due to heightened threat levels.

In planning for the aftermath of a terrorist attack, businesses must consider the significant costs of lost revenue through such ‘non-damage’ BI. Security cordons can be in place for days, bringing business to a standstill. But organisations must also be aware of their duty of care to their people who get caught up in a terrorist attack and need help either immediately or afterwards, such as post-traumatic stress counselling. Unless specifically stated, standard insurance policies will not cover any of these non-damage BI costs in the wake of an act of terrorism.

However, there are steps businesses can take to build a culture of crisis resilience and strengthen their ability to respond effectively to the threats they face: to anticipate, prevent, respond and recover.

To be effective, however, cross-functional collaboration is critical and the agreed strategy needs to be clear to everyone across the company. It’s vital to involve not only risk management specialists, but also those responsible for HR, security, IT, communications, finance, facilities and legal issues. Building a culture of crisis resilience requires much more than insurance; it takes time, effort and the right stakeholders rather than big budgets.