Many large organisations find themselves confronted by the threats of political violence and terrorism. From telco and infrastructure industries to media organisations and government with large spreads of people, the challenge is to understand the risk exposure and the regional trends. In Afghanistan and Nigeria, for instance, mobile phone masts offer a common and easy target for insurgents wishing to prevent information being passed to the state and to register a psychological impact on local populations. But in Western Europe also, where the threat environment is very different, telecommunications infrastructure has also been targeted. In Bristol anarchists attacked phone masts due to their importance to capitalist society.
The challenge of getting to grips with terrorism risk exposure also encompasses the governance perspective including the duty of care owed to employees. Facilitating safe travel is just one aspect of this: ensuring not only that staff is well informed about their destinations and the risks but also that the policies and procedures are in place to provide a robust basis from which an organisation can manage a crisis.
Management in a crisis calls for a change of mind set; the basis on which decisions are made is very different, decisions having to be made quickly and more intuitively, with imperfect information. With the right processes and organisational structures in place, rehearsing responses to a range of potential scenarios at management level is the best way to prepare for and hopefully avoid failures of communications, such as those suffered in recent years by Malaysian Airlines and BT in the Gulf.
Insurance, of course, also plays a role in this holistic approach to risk management, but threat and risk assessment, mitigation strategy and response including crisis management, need to be determined as well. This may be completed solely or partly in-house but external specialists can bring skill-sets to bear that may not otherwise be available; setting up procedures, providing the initial training or rehearsing scenarios allows an organisation to then subsequently better manage these risks themselves.
To borrow the words of Donald Rumsfeld – credible data is available for the ‘known knowns’ and some of the ‘known unknowns’ but the big challenge comes with getting to grips with the ’unknown unknowns.’ Tangible risks can be modelled accurately. And it is also feasible for CTM organisations to analyse less quantifiable risks – the known unknowns –by looking at risk scenarios in depth; by analysing, for instance, the impact of the youth bulge and youth unemployment on riots or the uprisings in the Middle East, it is possible to extrapolate quantifiable data which can have a significant impact on the organisation. The ‘unknown unknowns’ present a much tougher challenge. The most successful processes simply whittle away at them systematically. So, for instance, by increasing the level of data sets – looking at, say, terror attacks over the past 30 years – and cleansing the data to enable valid comparisons, it is possible to predict trends and expand the pool of quantitative data.
The range of risk modelling tools has expanded exponentially in recent years. Technology has become more sophisticated and readily available; satellite imagery analysis, GIS mapping, analytics of large data sets and open source intelligence has made the assessment of geopolitical risks far more powerful. CTM companies can map out in great detail their global assets and financial exposure and model their potential loss through terrorist risk. They can plot terrorist-target locations and historical political violence incidents coupled with their impact on insurance rates. But all models need to be in a constant state of evolution. They need to take into account the fast evolving nature and scope of terrorism together with the individual company’s ever-changing risk portfolio, in terms of people and property.
Proper judgments are based on not only seeing the risks more clearly but also on understanding the current limitations and challenges. Valuable data and insight will support informed decision-making and give CTM businesses enhanced risk quantification against risk management expenditure. But they also need to demarcate the fundamentals of risk management, including crisis management planning, with the role to be played by insurance. In this context insurance enables companies to respond and recover enhancing resilience.