With devastating attacks happening each year (see 36 attacks with more than 25 casualties in 2006 in the TRC Attack Database) and threats to Europe, in particular (see this WAR Report), at a consistently high rate, logic would dictate that companies operating in these hotspots might take action to disrupt targeting. Continuity planning for operations in bona fide danger zones (Iraq, Afghanistan, Nigeria, Sudan, Colombia, Thailand, etc) in which employees are specifically targeted should be a precondition to doing business there. According to the London Chamber of Commerce (LCC), though, this assumption is false, despite 65% of poll respondents believing that an attack is “inevitable.” In fact, fewer than half of the companies surveyed in London have taken additional security measures to prepare for a devastating attack, and just 41% even had contingency plans in place. The LCC poll results gelled with three other surveys. On a positive note, the LCC poll did find that those with continuity plans updated them more frequently than in past polls.
Contingency planning includes the following: emergency call lines, employee support services, alternative work premises, chain of command structures, redundant network systems, simulations/table top exercises, medical/emergency evacuation, etc.
While most major corporations and all financial institutions had some business continuity plan in place, smaller businesses not only had no contingency plans in place but also had inadequate insurance policies. Notably, small businesses?those likely to be “wiped out by a terrorist attack”–are typically the suppliers to the larger ones; this means that if small business ceases, the ripple effect among large corporations could sting. This lack of planning and preparation leaves London businesses?and those in any other metropolitan city?unnecessarily vulnerable and threatens the city’s supply chain.
One way to encourage those who have not drafted and practiced continuity plans is to mandate compliance in contracting and in partnerships. Another form of encouragement is via financial incentive in the form of either paying for plans to be drafted or rewarding companies that patronize those with existing plans. A third, and perhaps least appealing, method is government mandate. KPMG, among others, is leading the way, requiring suppliers to have acceptable plans in place.
The survey findings, while not stellar, do illustrate that some companies are taking appropriate steps to invest in their success. Continuity planning is a critical part of planning for and surviving even a minimal emergency, let alone the devastation caused by the likes of the al-Qaeda network. Those who chose not to plan for such events, leave their employees, their operations, and their reputations vulnerable.