Last week’s terrorist attacks in Jakarta and Burkina Faso followed months of similar incidents across the globe, including the coordinated shootings and bombings in Paris.
In the last 10 years alone, the number of terrorist attacks has doubled, according to the Institute for Economics and Peace. The number of casualties has also increased. And many attacks occur in public places such as shopping malls, restaurants, retail stores and hotels.
As a response, countries have stepped up security measures that include increased surveillance of suspected threats, beefed up screenings at airports and even preventive strikes against known terrorist groups.
These are strategies and interventions that are carried out by governments. But what can businesses do to help mitigate the risk and impact of an attack? Jack Zahran, president of security and investigation firm Pinkerton, said the “cost of doing nothing is increasing.” Here, Zahran discusses how and why global threats are changing, and what retailers can do to assess the risk of a terrorist attack.
WWD: From a security management perspective — and given recent terrorist attacks and threats — why is it important for global companies to have a security management plan and strategy?
Jack Zahran: International events are having a greater impact on business operations and continuity due to the increased connectivity of today’s global economy. Threats are less isolated and the magnitude of potential losses and business disruptions are on the rise. The cost of doing nothing is increasing. Therefore it is good business to put a plan in place to help mitigate against potential threats. Certainly, all threats and risks cannot be avoided. But smart companies concerned about long-term growth and sustained profits will have a plan to lessen their potential impact.
WWD: What are some of the key elements of a security management plan, and how should companies implement it?
J.Z.: We recommend a holistic approach to designing a security management plan that addresses four different risk areas: operations/physical; event and hazard; technology and information, and market and economic risk.
To make a security management plan relevant, a company should assess which mission-critical objectives must not be impacted by these risks in order to achieve business results. Implementing a “security/risk management plan” that is linked to business objectives is recommended, and should be the starting point for any implementation.
WWD: Why is it a good idea to revisit and update security strategies and plans?
J.Z.: It is a good idea to revisit and update security strategies and plans because the threat landscape is ever-changing. The top threat today did not exist two years ago and the top threat two years from now does not exist today. For example, the risks mobile devices present to companies’ operations today are far more than they were several years ago. With this dynamic environment it is a good idea to update strategies to protective your business from new threats that can impact the organizational value.
WWD: How would your company assess the current global risk for further terrorist attacks? Which countries are more susceptible right now? Which markets are vulnerable?
J.Z.: Pinkerton’s Global Risk Group assesses the threat of terrorism as evolving — and likely to increase. Motives and capabilities are changing with global technology advances and each success emboldens subsequent acts. Terrorism is a form of asymmetric warfare, most notably employed today by anti-Western ideologues, and those who feel marginalized from Western society. There is danger both from over-simplifying the subject and from mystifying it with a veil of complexity. If we agree that terrorism is violence committed to engender fear in order to further the aims of a given faction, we can deal with the facts.
Acts of terror are increasing globally. Not all are anti-Western, and not all are directly born of beliefs and stances inimical to capitalism. Globally, the use of terror as an instrument to further objectives is increasing. Understanding that many entities employ terror to achieve their aims is important to the success of any effort to prevent, prepare against and mitigate the impact of such acts.
We live in a world where the population is doubling roughly every 40 years, inexorably bringing people into closer contact and conflict. Conflict over beliefs, and the use of violence as a goal, is in its relative infancy. It is reasonable to expect that the rule of law will be sorely tested in every society as humans push closer together. In some cases, it is equally reasonable to presume it will not hold.
The world has always been a dangerous place for people. A marked difference is that people now constitute a greater threat to people than ever before.
WWD: Natural disasters such as the recent floods in the southern U.S. seem to be getting worse and more frequent. Do events such as these require response plans, too? What does that involve?
J.Z.: Response to natural disasters should be an element of any company’s emergency response plan. Retail companies that rely on just-in-time inventory methods are especially vulnerable to potential disruptions to their supply chain, which could have negative impact on company’s ability to sustain profits.
Implementing a response plan requires a holistic review of factors that could impact a company’s ability to sustain its operations during an emergency. For example, a company may operate in the mid-Western U.S. and thus, is not susceptible to hurricanes. Their data storage service provider is located along the coastal Southeast. Without a holistic risk view, seemingly unrelated issues may not make it into a risk assessment. Typically companies partner with a risk management firm to help design and implement a plan that is relevant and deals with a wide variety of factors.