6 Golden Rules for Redefining Your Counterterrorism Priorities

Because business disruptions and their nuances vary widely in today’s landscape, security executives must be familiar with the specific risks facing their organization. This knowledge is the first step toward developing resilient strategies. Each threat to organizational operations requires specific responses, and businesses must have strategies in place to ensure sustained organizational resilience, especially in the face of extremism.

Terrorism or terrorist attacks can quickly escalate into crises that require professional prudence to contain.

The economic impact of terrorism is enormous. According to Statista, the global cost of terrorism peaked at $115.8 billion in 2014. The figure has fluctuated since then, but the effects from attacks on private businesses can reverberate through whole nations, regions, and economies.

Terrorists have successfully launched attacks on a variety of targets across the globe, including United Nations assets, embassies, hotels, airlines, and even asset sites that represent the might of nations, such as the World Trade Center during the 9/11 attacks. Sadly, these events did not occur due to a lack of security measures—they occurred as a result of exploited vulnerabilities.

Managing the threat of terrorism can be especially challenging because terrorism is a situational crisis, so it is unexpected and hard to predict. While it is essential to keep this reality in mind, it is also important to note that security executives can help ensure that there are measures in place to minimize the impact of such attacks.

Implementing effective strategies to combat terrorist attacks in organizations requires security professionals and their leaders to adhere to six rules, which together serve as the blueprint to guide organizations in preventing and responding to attacks. By following these rules, organizations can ensure that their strategies are comprehensive, effective, and sustainable.

Rule 1: Overstudy Terror Groups without Underestimating Their Capabilities

With a clear understanding of the terrorist groups operating within your areas of responsibility, you can develop a crisis mitigation and response plan accordingly.

Regardless of their motivations or ideological beliefs, terrorists usually employ the same strategies and weapons. However, their perspectives play a significant role in determining their targets and objectives. Therefore, a systematic in-depth understanding of these groups can help you better prepare and respond to potential threats.

A notable example is the Boko Haram Islamist sect in Nigeria, which gained notoriety after a series of rebellious attacks against the Nigerian government in 2009. The sect targeted schools, churches, and other Western-linked sites, aiming to establish a regime based on Islamic law.

Despite the destruction caused by the uprising in Nigeria, the group was underestimated until it attacked a high-profile Western interest: the UN headquarters in Abuja on 26 August 2011. U.S. officials admitted in 2011 that, before the attack, Western intelligence services never considered Boko Haram a potential threat to international assets.  

For security-conscious organizations, this experience highlights the importance of continually conducting vulnerability, threat, and terrorism risk assessments.

Terrorists’ perspectives play a significant role in determining their targets and objectives.

Rule 2: Develop Mitigation and Response Plans Early

U.S. President John F. Kennedy once said, “The time to repair the roof is when the sun is shining.” This quote speaks to the importance of preparing for a crisis.

Waiting until a crisis manifests itself can lead to devastating consequences. Therefore, it’s essential to develop response and contingency plans. This allows you to identify potential triggers, analyze various scenarios, and prepare with a clear head for any unforeseen circumstances.

As a security professional or executive, you need to study and understand the motivations of terrorist groups. Identify whether they are left- or right-wing, political, religious, or single-issue extremists. This knowledge can help you prioritize these groups based on factors such as the number of attacks they have carried out over time, the targets they choose, the lethality of their attacks, the types of weapons and technology they deploy, their willingness to carry out suicide attacks, and the estimated number of casualties resulting from their attacks.

By thoroughly understanding these elements, you can factor them into your planning and better protect your organization or business against potential threats.

Lastly, be specific about the triggers and scenarios that require action, who should take what actions, how they should do so, and when those actions need to be taken. Providing detailed and straightforward instructions can help avoid confusion and ensure that everyone is on the same page.

Rule 3: Communicate Your Plan

Effective communication is crucial when implementing a terrorism response plan. The first step is to inform your leadership team of the plan, providing justifications such as legal and regulatory requirements, the need for minimal disruptions to business processes, and competitive advantages. This conversation is necessary because the leadership team is responsible for providing the needed resources and support for a successful implementation.

Disseminate the plan through your organization’s designated channels so that internal stakeholders can understand their responsibilities and know when to activate it. Be sure to involve government security agencies in your plan, explaining their roles and specifying the support you require from them during terrorist emergencies. That is one important lesson learned from the 2013 Westgate attack by the al Shabaab militant group in Kenya: include those agencies that are tasked with providing specific support. One of the failures in the four-day siege was the rivalry between the police and the military, which resulted in a chaotic response.

In your work with security agencies, promoting comradeship can help reduce unhealthy rivalries. Some factors that contribute to unhealthy rivalries may be outside your control, but you can still play a significant role by promoting cooperation and collaboration whenever there is an opportunity for such a conversation.

Providing detailed and straightforward instructions can help avoid confusion and ensure everyone is on the same page.

Rule 4: Invest in Training, Awareness, and Sensitization

Develop an awareness program to educate staff members and members of your operating community about security risks, with a particular focus on the risk of terrorism. You may consider training on firearms and explosives recognition, counterterrorism simulation exercises, threat recognition training, and emergency response training. 

Staff and civilian awareness and involvement can save lives. In a 2019 terrorist attack against the DusitD2 hotel and office complex in Nairobi, Kenya, armed men killed 21 people and injured 30 others in an attack that lasted for hours. Although surveillance footage captured the attackers entering the hotel’s premises, no proactive measures were taken to deter them before the attacks were launched.

To effectively implement your response plan, it’s important to raise awareness among your command center or control room operatives on how to proactively report suspicions rather than simply observing and recording for investigations after the fact.

Ignorance is excused when there is no obligation to know, and this too can lead to higher risks.

Rule 5: Form Alliances with Credible Intelligence Agencies to Monitor Potential Terrorist Threats and Share Information

Intelligence supports your preventive strategies, and intelligence failures can have catastrophic consequences.

An example of an intelligence failure is the 7 October 2023 surprise attack carried out by Hamas on Israel, which is known for having one of the best military and intelligence operations in the world. The attack was significant not only because the planning remained virtually undetected for several months, but also because of the high number of casualties. If the Israeli secret service, Mossad, had picked up information about the attack, did it consider the intelligence plausible enough to issue specific, actionable warnings rather than generalizations? This question is a puzzle that may never be solved.

Leveraging intelligence capabilities at the corporate level will necessitate backing with data from signal intelligence (SIGINT), imagery intelligence (IMINT), measurement and signature intelligence (MASINT), or human intelligence (HUMINT), which requires synergy with intelligence agencies like the U.S. Central Intelligence Agency (CIA), the UK’s MI6, Russia’s Federal Security Service (FSB), and Nigeria’s Defense Intelligence Agency.

It’s important to note that while HUMINT is exempt, the other types of intelligence are subject to regulation by policies and statutes, which vary depending on the jurisdiction. (See Executive Order 12333 on U.S. intelligence activities for an example.) Therefore, it’s crucial to collaborate effectively with relevant agencies, particularly when there are indications that your assets may be targeted for terrorist attacks.

If you are responsible for the security of a Western-owned company or business, you have the advantage of being able to rely on the intelligence capabilities of originating countries—such as the Overseas Security Advisory Council (OSAC) through the U.S State Department—to shield your business in a crisis.

Rule 6: Ensure the Right Preventive Technologies Are in Place to Safeguard Your Organization's Assets

Ensuring physical security is an aspect of your preventive measures that must be given top priority. The components of your physical security architecture serve as the first line of defense against potential threats. To make sure your facilities are well protected, consider using modernized access control systems. These systems may include remote-controlled vehicle barricades and bollards, motion detection systems, fob-controlled entryways, and intelligent video capture (IVC). IVC uses smart heat and motion detection cameras to detect anything suspicious that the guard force may have missed.

These measures support the fundamental essence of physical security: deter, detect, delay, and respond. This approach promotes defense in depth, which leverages multiple security measures in asset protection. Since most terrorist attacks are unpredictable and thus seem to happen spontaneously, these preventive measures can reduce their impact by buying time to respond.

In conclusion, organizations must make the terrorism response plan a part of their broader incident preparedness program and clearly articulate their overall security objectives. While the likelihood of terrorist attacks may vary depending on geography and history, one thing is certain: these attacks are often disastrous, and organizations must be prepared to act quickly and efficiently to minimize their impact.

Victoria Ogbuehi, CPP, PCI, is a Nigerian security expert with more than 16 years of combined public and corporate experience. Her expertise spans security operations including intelligence, risk management, incident management, crisis response, and violent extremism. She is one of the most recognized security professionals of African origin, having won four Outstanding Security Performance Awards (OSPAs), the ASIS Karen Marques Award for Women in Security, and several other international awards.