The best business advice, opinion, news and expertise in Greater Manchester and further afield.

Friday, 20 February 2015

Member Blog: Forewarned is forearmed

By Dave Buston, Chief Executive Officer of Trident Operations Ltd

Going about our daily business, we would all like to think that the threat of a terrorist attack is a distant one. Most of us have more pressing matters to deal with, targets to meet and clients to keep happy.

But the recent attacks on the Charlie Hebdo offices in Paris proved a sobering reminder of how swiftly that risk can become a reality.

The sheer range and scale of current threats means that our businesses must become more resilient, pro-actively putting in place measures to reduce the vulnerability of our people, assets, sites and critical activities.

Trident’s team of former military and police consultants have started running work shops to try and raise awareness among our fellow Manchester companies and help them prepare for any eventuality, ensure their staff are adequately protected and their business can bounce back quickly and efficiently.

Is there a threat to Greater Manchester?

The current UK threat level from international terrorism is set at severe, meaning a strike is “highly expected” and the British security services have warned of an increased likelihood of “mass casualty attacks”.

With Manchester having one of the busiest retail centres in the country, it then follows that it would be an attractive target. The outcome of a successful strike would, of course, create the high media profile ‘spectacular event’ that terrorists seek to exploit. These events have happened and unfortunately might happen again here.

Are we taking the threat seriously enough?

In my experience, some companies do a great job of managing risk well. This is often as a result of top management ownership and an effective governance and communications mechanism that is embedded throughout the organisation. However, most companies are challenged with the immediacy of improving or at least maintaining the bottom line for survival, so something has to give. Risk assessment has a subjective, perception-based component so inexperienced individuals can fail to properly determine the threat, leading to inaccurate metrics and the failure to put in place the appropriate preventative controls.

What makes a business vulnerable?

Not having effective, fit for purpose response and recovery contingency plans and procedures in place to mitigate the disruptive nature of a crisis and any adverse impact on an organisation's revenue, reputation and regulatory compliance. A lack of physical protection, security awareness and access control by staff could disrupt a company to the extent that it is unable to sustain the minimum level of operations it needs to survive. Meanwhile, failing to manage stakeholder expectations and the media will cause huge intangible damage. Furthermore, not protecting, training or briefing staff adequately could lead to non-compliance with H&S Law, the Corporate Manslaughter and Homicide Act and also the Civil Contingencies Act (the latter if a public organisation, or Critical National Infrastructure).

What is the biggest mistake most companies make?

The key error is to put in place systems that simply tick the corporate governance, risk management and compliance box, but in reality are not fit for purpose, never tested, never properly trained throughout the normal turnover of staff and, therefore, leave a business exposed during a real event. Very few anticipate the threat, assess the impact and prepare so that they can respond and recover much more quickly. Even less continuously review the framework and learn from it so that they can be much more effective in their response.

What can Manchester firms do to prevent such an attack?

Speak to Greater Manchester Police Counter Terrorism Security Advisors (CTSAs) for free and up to date advice. Engage suitably qualified professionals to independently review and test out their incident/crisis management plans to ensure they are fit for purpose. This will bridge the gap between what the police can offer and the work of an internal risk manager or business continuity manager.

Regularly conduct a thorough business impact analysis and threat assessment to identify critical business activities, how they may be affected over time during a disruption and ensure simple, coherent plans are in place, staff are trained and alternative arrangements and resources are available.

Who can help?

Trident Operations Ltd offers consultants who draw on vast experience of working in counter terrorism, business continuity planning and audit and wider enterprise risk management. We offer a variety of crisis management services from devising contingency plans right through to handling physical and mental trauma risk management in staff, conducting comprehensive security vulnerability assessments of facilities or running full scale ‘live’ scenario-based exercises involving physical security penetration testing.

For more information, visit:

1 comment: