Exposure to geopolitical risks and terrorism are growing concerns for many organisations whether large or small. In many regions of the world, established local security threats show little sign of abating and are often extending their geographic reach. Fermenting these established threats are so-called emerging perils (for example, food, migration, fuel, climate change) which threaten to destabilise particular regions of the globe. At the same time, if businesses choose to expand the geographical sphere of their operations, they will increasingly bring themselves into contact with previously unencountered threats.
While the likelihood of an enterprise’s operations being targeted or directly affected by terrorist violence or any other geopolitical factor constitutes a key consideration for a resilient business, it does not form the limit of that organisation’s exposure to such events. The organisation’s external relationships and dependencies also play a crucial role in defining these risks.
In order to be able to identify and exploit potential opportunities, as well as ensure security and resilience, a business must understand all three components of risk: threat, vulnerability and consequence. It is only after these elements have been assessed that an effective and efficient method for managing risk can be developed.
While numerous terrorist threats exist throughout the world, most of which are capable of having an international reach, it is perhaps the emergence of Salafi terrorism as a global phenomenon that represents the greatest threat in terms of geographical breadth. Consequently there are few countries not exposed to a threat from terrorism and fewer businesses immune from its effects.
Inasmuch as globalisation has allowed businesses to exploit the opportunities of trading and investing in foreign climes, so it has also changed the threat context in which they operate. Indeed many of the stable economies and polities which historically generated the best profits can now show significant signs of political instability and exploitation by terrorists who also have business brains.
Furthermore, in some cases this expansion and migration into new areas of geographic operation has itself been a catalyst fermenting extremism and facilitating the growth of terrorism, for example among susceptible Muslim communities as well as political activist groups opposed to the consequences of globalisation.
Non-governmental organisations operating at home and abroad have become attractive targets for terrorism. The Arup Terrorism Database records a large increase in the percentage of terrorist attacks that have targeted commercial operations since the 1970s. As companies become symbols of foreign economic and cultural hegemony and as western governments seek to protect their critical national infrastructure and key assets ever more robustly, the private sector is increasingly seen as the ‘easy hit’ for terrorists.
While being exposed to a greater threat from terrorism, the consequences for businesses are becoming increasingly severe. Broadly, these can be divided into direct and indirect impacts, with direct impacts ranging from the deaths of employees, through the destruction of physical assets, to the loss of information communication technologies.
The indirect effects of terrorism and geopolitical risk can be much more difficult to quantify but the diminishing importance of national borders to commercial markets and the resulting interdependencies between businesses, means they can be just as devastating for an organisation. For example, the operations of a business not directly affected by a terrorist attack may be disrupted by an attack targeting a company one, two or even three levels removed in its supply chain. Similarly, an incident directly affecting a major customer may lead to disruption in the settlement of invoices, resulting in cash flow challenges.
Consequently, an organisation’s relationship with risk must be tightly managed to ensure that exposures do not exceed tolerable levels. The first step in the risk management process for any organisation is to understand the risk landscape in which it operates. To determine this, businesses must also analyse their vulnerabilities to the direct and indirect consequences of terrorism. By combining a robust threat profile with the value (strategic and fiscal) of assets, people and services, an assessment of terrorist risk exposure can be achieved.
Additionally, there are vast sources of research and information available that can assist businesses in making this assessment, yet filtering the huge quantity of available data and determining its reliability, presents numerous challenges. Ultimately, the most reliable and efficient approach for an organisation looking to be fully informed is to use intelligence relative to the individual locations in which it operates, use experts ‘on the ground’ to validate this data, and verify all of this against global data sets, such as the Arup Terrorism Database.
The next step is to link this data to information regarding an organisation’s operations and dependencies worldwide. This can be done analytical tools to supplement the ‘softer’ assessments and intelligence reporting. For example, through geographic information systems technology organisations can map their assets, people, supply network and operations using their real world location, which makes analysis and decision-making easier and more robust. This provides organisations, large or small, national or international with a clearer picture of the risk landscape, allowing them to proceed to take appropriate measures to become more resilient and mitigate these risks.
Terrorism database
The Arup Terrorism Database (ATD) represents a response the growing need for comprehensive, straightforward and reliable data concerning past terrorist incidents.
While detailed prediction of terrorist events is difficult, trends can be
seen in the plethora of
past incidents. Supplemented with global intelligence and in-house analysis,
these trends
can often be projected into the future, enabling more accurate assessments of
current and
future risk exposure.
The ATD currently holds incidents from 1973 onwards and is updated daily. For each incident the ATD records information concerning the target type and sector, the event's consequences (casualties, physical damage, operational disruption and immediate financial costs), the attack method and geo-referencing data.
Alongside this, each record reports the assailant group and references this to a database of terrorist organisations that details ideology, motivation, objectives, targeting preferences, areas of operation and key personnel. A full description of the event is also recorded and updated as more information becomes available. The ATD is able to exploit Arup's worldwide presence to ensure that local knowledge is captured and available for analysis throughout the world. Combining the ATD with our in-house GIS tools and local expertise allows client portfolios to be mapped into the same domain as the terrorist incidents and to be analysed together with global metrics of geopolitical contexts. Thus allowing for a more complete understanding of the exposure to geopolitical risk and terrorism.
Dr Nick Pope is a principal consultant at Arup Security Consulting
All Practice Management
del.icio.us
Digg this
reddit!
