To be frank, I thought the book was a bit alarmist at the time and the decade or so following didn't materialize the type of threats which I felt warranted the concerns expressed in the book. To be sure there were some attacks around the globe, but not the volume of attacks that, for me, warranted additional concern. Historically, terror attacks happen to soft-targets on an infrequent, but regular basis. In the end, if you run a small business, the cost-benefit of preparing for the risk of a terrorist attack simply wasn't there.
So, from time-to-time since 2004, I've viewed terrorist attacks or riots or natural disasters and thought, "Maybe Dean was right." But, in so doing, I further reflected that the structural conditions hadn't changed all that much. So, while Alexander had been "right" the need for small businesses to be prepared just wasn't there.
Now, in 2015, I view the structural conditions having undergone a dramatic change. Recent events in Paris at Charlie Hebdo and Tunis museum attack, and the destruction of cultural heritage sites and artifacts in Iraq, Syria, and Afghanistan, along side the structural property damage in Ferguson, Missouri, combined with the aftermaths of major natural disasters and weather related disruptions, I can only conclude that Dean was RIGHT. Having said that, at the same time, his also singular focus on terrorism undercut the real dangers that businesses face from the very society in which they operate and the environmental conditions unique to there geography.
All businesses, both great and small, need to think critically about preparedness, be it from natural disasters or terrorists. There are just too many points of risk. Fundamentally, I believe there has been a structural shift in the nature of terrorism whereby it is acceptable and preferable to target small and soft-targets. When society combines a loosing of moral indignation to soft-target attacks with maximum media coverage the likely result will be more not fewer attacks on soft-targets. And, since we have entered the full-on digital age, cyber-attacks have also emerged as non-violent, but severe disruptions to business operations, financial losses, and consumer confidence. Now, combine those issues further with with occasional local social unrest, and more disruptive weather patterns and businesses really are facing some critical threats.
Now, I'm more optimistic that the terrorist and social threats are short-term, nevertheless, there will always be weather related events that raise some serious issues for businesses, regardless of actual business, to address. Here are some questions businesses should be asking:
1) What are the major external threats to business operations? Where are the most likely areas to produce operational disruptions?
- Weather or Natural Disaster
- Social Unrest
- Disturbed Individual
- Disgruntled Employees
- Illicit Employee Activities
2) How might our location or operations impact our status as a "target?"
- Are we in a known protest zone?
- Do we have or work with items of significant social or cultural value?
- What is our local, national, international, cultural, social, or digital footprint?
- Who do we serve, and are they likely to be a "target" for terrorism or social unrest?
3) What might the media reaction be to our businesses being targeted or to major disruptions in our operations?
- Do we have a media plan?
- Do we have a plan for collecting and distributing information to the media, law enforcement, our employees, and/or the public?
- What types of media response might be most likely, Local, State, or National?
4) What is our current security and disaster planning?
- Do you have a plans written down that are knowable to all employees or is there just a "intuition" about what would happen?
- What types of infrastructure is in place to handle business disruptions, regardless of cause?
- Do you have redundant systems in place?
- Do you have mitigating systems in place?
- Do you have defensive or offensive procedures in place? And, does everyone know what these are? And, does everyone understand their role?
5) What is our current training for security and disasters?
- What are the exceptions of employees and do they understand what is expected?
- Are there clear chains-of-command, or is there always a known decision-maker at hand?
- Is there regular "training" or information shared with employees about security threats or disasters?
- Is there a communication plan for employees?
If your business hasn't discussed these issues, now is the time. These are just some of the most basic questions that any business should consider, and in so doing, will revel where your organization's threats derive. Then, you can start the complex task of planning and budgeting for your response(s). Not all businesses will be able to address every issue, and, not every business will be able to ensure they will be fully protected when disruptions happen. The point is to have the discussion. It's too important, in these troubling times, not to have ideas about to handle the various difficulties that could arise from natural disasters or man-made calamities.
If you want more information, or some help discussing these issues with your organization drop us line. We'd be glad to help you and your organization be better prepared.