Paul Bell asks what businesses can do to protect themselves, their staff and customers from terrorists

The terrorist attacks in Mumbai represent the latest installment in the current generation of terrorism. This has been characterised by frequent, multiple and co-ordinated attacks against mainly ‘soft’ targets with the intent of causing mass civilian casualties.

Previous terror campaigns, such as those of the 1970s, bared very different hallmarks. Usually those terrorists had a specific political or ideological message, less willingness to risks their own lives and a focus on striking government or military targets rather than civilians, with some exceptions.

Although the exact identity and motives of last week’s perpetrators have yet to be determined, both the attacks and their targets were not entirely out of the blue.

In 2006, there was a series of seven bomb blasts on the suburban railway in Mumbai. Just over 200 people lost their lives and over 700 were injured.

The recent attacks have claimed the lives of around 200 people and injured a further 300. Targets included the Chhatrapati Shivaji Terminus railway station, two five-star hotels, the Oberoi Trident and the Taj Mahal Palace, the Leopold café—a popular tourist restaurant—the Cama Hospital, the Orthodox Jewish-owned Nariman House, the Metro Adlabs movie theatre, and the Mumbai Police Headquarters, where at least three high-level officers including the chief of the Anti Terrorism Squad of Maharashtra were killed by gunfire. Additionally, there was an explosion at Mazagaon docks in Mumbai's port area.

An attack of this kind could occur almost anywhere around the globe. In August 2008, the UK government published the first National Risk Register. The terrorist threat was a key factor in the publication of that document and one of the specific risks identified was ‘Attacks on Crowded Places’.

Certain government organisations are required to have a formal plan in place to deal with such an eventuality. But other organisations should also have security and continuity plans. Two sets of figures speak for the urgency of this matter. The 1996 IRA bombing of Manchester city centre resulted in 34% of city centre businesses failing. Similarly, 54% of all UK businesses were adversely affected in some way by the attacks of 9/11.

Proper planning

What can businesses do to protect themselves, their staff and customers? From one perspective, the answer is very little. In terms of reducing the likelihood of being selected as a target, however, or insofar as reducing the impact of any attack and recovering from it, there are practical measures that can be taken.

Developing a risk profile can help identify the level of danger. A busy service establishment frequented by westerners in a region that has experienced prior attacks would conform to a high risk profile.

A review of security arrangements is another priority. This should include testing the adequacy of security arrangements. Training personnel to be alert to potential threats is also important. Modern terrorist networks are sophisticated and they usually undertake ‘hostile reconnaissance’ of an intended target. Vigilant staff should be alert to spotting the few tell-tale signs that reconnaissance is taking place.

Businesses should also ensure that adequate and appropriate insurance cover is in place for the category of risks the establishment faces.

According to local media the Taj Mahal and the Oberoi group hotel had terrorism insurance cover in place, which would make up for the material losses they incurred in this attack. The amount of cover that both the hotels had is unclear at this stage. In India, terrorism cover is offered by a pool of general insurance companies.

All staff should be vetted as another recent trend has been to place members of the network into an organisation.

Training is critical, not only in how to be proactively security aware and vigilant to possible threats, but also in terms of how they should respond in an actual crisis.

Following the attacks of July 7 2005, British police rolled out training workshops backed by the National Counter Terrorism Security Office and MI5. Project ARGUS is a multimedia terrorist attack simulation aimed specifically at the business community.

One area that is often overlooked is establishing a regular liaison with law enforcement authorities. The purpose of this is to share intelligence on potential threats. This should be a two-way process. The business may have information for the security services. Conversely, the police can alert an organisation to a period of heightened risk.

The challenges organisations face today are distinguished by the methods and techniques deployed. The security challenges to all organisations and businesses are significant, and they shouldn’t be diminished when collective memories of dramatic events fade as time passes. All organisations have a responsibility to act lawfully, ethically and with a duty of care to both their staff and their customers.

Paul Bell is a partner at BTG Intelligence. He holds a doctorate in terrorism and security studies. BTG Intelligence (a division of the Begbies Traynor Group) specialises in the provision of corporate intelligence, risk and security management, investigation services, financial crime prevention and training, as well as identifying, tracing and verifying individuals and assets.