Return to site


By RL Expert Leesa Soulodre

There is no amount of preplanning that will ever completely mitigate the threats of terrorism or criminal activity.

Terrorism today comes in many forms:

  1. Extremist terrorist attacks on Western targets
  2. Insurgencies seeking to undermine a Government, and
  3. Political or criminal gangs that are driven by profit motives

In the last 3 months, the world has seen its fair share of terror. It is a devastating day in Paris for the families of the 12 journalists and police officers lost in the heartless terrorism attack on Charles Hebdo. Australia is still reeling from the hostage situation and senseless siege on the public in Central Sydney by a lone crazed gunman. Sony is still tackling its worst cyberattack in the company's history. Malaysian Airlines and the 298 families onboard MH17 are still recovering from the incident in Ukraine.

Boards, CEO's and Chief Risk Officers are now faced with an immense challenge – how to secure their global businesses from the threat and impact of terrorism and how to mitigate the related risks to their corporate reputation.

Given their often unlimited personal liability in a limited liability company, Directors and their CxO's have the opportunity, incentive, and the corporate and social responsibility, to reinvent their approach to risk management and play a key role in their organisations "winning" the war on terror, ensuring their organisations not only survive, but also thrive in the event of a terrorist incident.

To build on the company's risk management strengths and to shape their Company’s future, Boards and CxO's supporting companies, sectors and countries must transform their ERM practices to include both reputation and risk management.

By focusing on relevant risk mitigation and reputation risk management strategies, Leaders can move their organizations from reactive to proactive, protecting both their legal and regulatory license to operate and social license to operate.

Leaders have 2 responsibilities

  • Reducing a terrorists’ incentives to attack the Company, this includes managing the Company's own reputation with terrorist organizations. This requires ongoing and rigorous consideration of what activities the company is undertaking that might provoke a terrorist attack or might make the company or its employees/partners a symbol/target.
  • Minimising both the reputation and financial costs/impact to the company once a terrorist attack has occurred. This includes managing the organisation’s reputation with victims and/or opponents of the terrorists. This requires consideration of how the company's behaviour, including preparedness and response will be judged, after the company is attacked.

There are 5 core strategies that a company's Board and Leadership teams should consider as part of its reputation and risk management approach.

1. Reduce incentives to attack the company

Empirical research has established that terrorists opt for the actions that are going to have the highest benefit–cost ratio (Enders & Sandler, 2006; Frey, 2004). If the Authorities and your Company are able to make a terrorist act more difficult to execute effectively, terrorists are known to quickly change their tactics to a different attack mode. Therefore, it is necessary to consider the benefit–cost relationships of the various strategies from the point of view of the terrorists.

Dr Peter Sandman, RL Expert in Risk and Outrage Management states, "Sometimes there’s no way to avoid being iconic and therefore attractive to terrorists. But every company that is attacked is the “winner” of a competition it didn’t realise it was in and should have wanted to lose."

Company leaders should consider all strategies that can either help the Company to lower or increase the benefit–cost ratio in order to reduce incentives for Terrorists to attack. This should include:

  • assessing the Company's actions in the market and its visibility as a prospective target,
  • examining the company's political, customer and partner association risks,
  • assessing the company's accessibility (both physical and cyber security)
  • ensuring diversification of the power base in the company (physical and functional diversification of leadership i.e. separate CEO and Chairman function and an up to date succession plan). 

2. Engage stakeholders early and take a strategic review

Terrorism is usually deeply rooted from local issues. Therefore, a strong understanding of local risks, cultures and customs is essential to ensure that the company operates with the support of local Authorities working against terrorism.

Companies also often have a very strong tone at the top related to terrorism and security risk mitigation but lack the music in the middle. Early engagement on the topics of terrorism and security with employees, governments, the wider business community, media and local residents residing around your critical operations can pay significant dividends to risk mitigation and containment. Boards and CxO’s can also help to mitigate internal and threats by taking a more strategic view on both data sharing, its local and community investments and domestic employment policies.

3. Embed intelligence for informed decision making

Companies should actively build relationships and lines of communication with Experts and Business Intelligence Providers across the regions, who have intimate knowledge of terrorist, political, legal, technology and social threats, particularly in the context of specific regions and local groups. The information sourced can then be factored into both the horizon scanning process, threat and vulnerability assessment and short-term risk analysis. These sources should also be available on demand during any incident or crisis response. Access to such experts on a regular basis will also keep your organisation in touch with the changing dynamics in your region so that you can adapt your risk register and risk appetite/risk tolerance accordingly.

4. Protect the Company's value chain

A major objective of the majority of terrorist and/or criminals is to disrupt the Company’s value chain and inflict as much physical and economic damage as they can. Whilst a company can never completely mitigate all risks of a terrorist attack, through understanding the risks in your supply chain and building resilience into the framework, a company can mitigate some of the impacts.

Supply chain resilience can be developed through working with trading partners and sharing data in order to develop joint contingency plans and build diversification of suppliers/sourcing locations into the Company's supply chain operations.

5. Build a risk aware Company culture

The Board of Directors is responsible for ensuring that an appropriate risk appetite and risk tolerance is articulated for security and factored into the business’s strategic operational planning. Has this been completed? Operationally, terrorism as a risk should also be factored into consideration in the Incident Response, Crisis Management, Business Continuity and Disaster Recovery plan. These plans should be simulated on a regular basis, tested and updated frequently.

Other practical steps that can be taken should include:

  • considering the company's physical locations - know your proximity to terrorist/criminal targets,
  • knowing your employees (including all contractors and suppliers) and implementing appropriate access controls,
  • knowing which critical systems and infrastructure can be accessed and controlled physically and by computer,
  • understanding your counter-party risks,
  • educating, engaging and training your teams on risk and security measures taken by the company
  • regularly executing and reviewing your drills for emergency evacuation
  • ensuring you have a “safe house/location” for all staff and critical decision makers to evacuate to in the event of an attack.

Many of these strategies may already be best practice resilience strategies that are present in some shape or form within your Company. The purpose is simply to highlight key actions that are often missing from operational risk and reputation risk management plans, given a typical "inside out" only perspective.

In summary, there are 5 core strategies that companies should consider in tackling terrorism:

  1. Reducing incentives to attack the company
  2. Engaging Stakeholders early and taking a strategic view
  3. Embedding intelligence for informed decision making
  4. Protecting the value chain
  5. Building a risk aware culture.

Boards and Chief Risk Officers now play a critical role in securing their organisations against the risks of terrorism. Through effective reputation risk management and developing organisational resilience through proactive enterprise risk management, value protection and creation can be achieved.


Enders, W., & Sandler, T. (2006). The political economy of terrorism. Cambridge, UK: Cambridge University Press.

Frey, B. S. (2004). Dealing with terrorism—stick or carrot? Cheltenham, UK, and Northampton, MA: Edward Elgar.


I appreciate that you are reading my post. If you enjoyed reading this post, please click the thumbs up icon above and let me know.

Here, and at LinkedIn, I write about board related issues - corporate strategy, reputation risk, technology, corporate governance and risk management trends. If you would like to read my regular posts then please click 'Follow' (at the top of the page) and send me a LinkedIN invite. And, of course, feel free to also connect via Twitter and Facebook and check out our blog here:

For more on these topics, check out my other recent LinkedIn Influencer posts:

About RL EXPERT Leesa Soulodre:

Managing Partner and Founder of RL Expert Group. A Member of the Global Advisory Council of NY Investment Advisory Firm, Cornerstone Capital; an Innovation Advisor to the University of Illinois Urbana Champaign Advanced Digital Science Centre, Singapore and Board Advisor to Belgian PR Software firm, Prezly and US Sports Analytics firm, Autoscout.

An Adjunct in Corporate Communications at Singapore Management University, lecturing part time on "Risk Issues and Crisis Management "and "Content Strategy" at the Lee Kong Chian School of Business. Prior to moving to Asia, spent 7 years part time in European Academia, lecturing on the Luxury MBA programs in Marketing, Communications and Reputation Management at two french business schools, Ecole Superieur de Gestion and Mod'Art International.

Connect: Leesa Soulodre, Managing Partner, RL Expert Group -

All Posts

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!