Planning For Every Eventuality

How many construction firms have all of their bases covered in terms of risk management? Holly Squire discovers Business continuity planning may be the prudent choice, but it may not be so for much longer. Tender documents from the public sector are increasingly asking businesses to provide evidence of a business continuity plan – and statements from the coalition government indicate that this will only become more prominent in the future.

The Conservatives had gone so far as to make pre-election statements indicating that businesses must be certified to the Business Continuity Standard in order to win Government procurement contracts – a move in response to the Pitt review into the 2007 summer floods, which devastated thousands of businesses across the country.

But then the recession hit, and business continuity was suddenly pushed to the bottom of the priority list.

So beyond fire, flood and theft, what kind of risks should construction companies be considering?

Only a few months ago we watched in horror as terrorists carried out a lethal bomb attack at the Boston Marathon. And the imprisonment earlier this year of 11 extremists from Birmingham – who planned suicide bombings in Britain on a scale larger than the 2005 attacks in London – reminded us of the continuing threat here at home.

Recent research from YouGov, commissioned by experts in counter-terrorism ACTIS, shows that around 80% of construction businesses are unprepared for potential attacks or terrorism. And with more than 300 people convicted of terrorism-related offences in British courts since 2001, including 24 in the last month alone, it’s clear that the threat of terrorism is very real.

“Construction companies pose a unique level of risk,” says Daniel Neubauer, president of ACTIS, “as they build most of the critical infrastructure in the country – which is considered to be the highest risk targets in terms of terrorist threat.”

Neuberger believes that the main reason so many firms are unprepared, is lack of awareness. “Managers are driven by budgets, budgets need to be reduced, and so constant vigilance and screening does not become high priority,” he says. “Many firms can’t be aware of the huge risk that terrorism can become, and are certainly not aware of implications for a business if an attack was to take place.”

“Another significant issue for construction firms is the hiring and screening process,” he adds. “Firms frequently have people coming from different working backgrounds and countries, and if firms aren’t conducting basic background checks on their employees, this creates a high risk of potential terrorists trying to infiltrate the workforce.”

Colonel Richard Kemp, a former commander of British forces in Afghanistan, expressed surprise that, in the current climate, so few businesses are adequately prepared and informed about the real threat of terrorism.

“I recall how, in the aftermath of the July 2005 attacks, businesses all over the UK were galvanised into action.” “However, in the face of competing demands on their attention and resources, many business leaders have lost sight of the ball,” he says.

“Corporate memories fade, but the terrorist threat does not.” Not at all. In the years since 2005, the police and security services have foiled dozens of terrorist plots in the United Kingdom.”

Kemp claims that when it comes to security, hope is not a strategy, citing AXA research that shows that more than 80% of UK businesses that face such a major incident never reopen or close within 18 months.

“A vital component of an effective security strategy and business continuity plan is the recognition that, like everything else, the terrorist threat is constantly evolving, as extremists develop new tactics and techniques to circumvent our security arrangements and hit us in ways we least expect,” he adds. Keeping up with these developments is one of the most difficult aspects of security in the twenty-first century.”

RUSI, a defence and security think tank, believes that we are not as well prepared for attacks as we should be. “Security threats are an ever-changing phenomenon that is difficult to contain,” said Professor Michael Clarke, director general of RUSI. Clarke also believes that gaps in our business leaders’ understanding of what a threat is have grown, leaving the country vulnerable to potential attacks.

“More needs to be done to give the UK industry the best possible chance of protecting themselves and their employees, as well as gaining a competitive edge in the face of terrorist challenges,” he says.

However, in addition to physical risk, construction firms must now consider the impact of cyber threats, with cyber security ranked as one of the top five risks to watch in the World Economic Forum’s latest Global Risks Report.

Construction firms are especially vulnerable because many cyber attacks aimed at businesses aim to take control of industrial systems, including networks that manage critical infrastructure such as traffic lights, power grids, water supplies, military networks, telecommunications, and financial systems.

And, as businesses become more reliant on complex IT systems, IT security has become a major concern both on and off site.

“Safe site connectivity is now a massive deal,” says Graham McLean, managing director of cloud computing provider Link-Connect. “It wasn’t long ago that it was thought unlikely that there would be any need for IT connectivity to construction sites, but now it is a requirement.”

“In fact, many projects are at risk of being delayed or failing entirely if they do not have a strong IT infrastructure and reliable communications,” McLean adds.

“Cyber attacks are a major issue for construction firms,” Neubauer says. “Think about it: they have all of the plans, blueprints, files, and technical drawings, and if they are stolen, that is a serious problem.”

Construction companies deal with highly sensitive data that must be properly safeguarded. Which it isn’t the majority of the time.”

When it comes to construction firms, ACTIS believes that more needs to be done to raise awareness and educate decision makers if businesses are to be adequately prepared and protected against such threats.

“In these uncertain times, security practitioners, business leaders, and heads of our public sector institutions cannot afford to ignore the risk posed by an increasingly unpredictable threat landscape fuelled by the rise of physical terrorism and cyber hacktivism,” Neuberger says.

So it appears that the old adage still holds true: when it comes to business continuity, preparation is key; and no matter what the risk, failing to prepare is still preparing to fail.

“This is why a company’s business continuity plan and risk management procedure can make all the difference,” Neuberger continues. “In times of crisis, they can literally mean the difference between a company’s life and death.”

Last Updated on December 28, 2021


Author: Indra Gupta

Indra is an in-house writer with a love of Newcastle United and all things sustainable.

Scroll to Top