Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherland
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Hong Kong
New Zealand
India
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Bahrain
Israel
Morocco
Oman
UAE
Saudi Arabia
Tanzania
Is security on your business agenda?
Written by Alison Waters.
All businesses have individuals appointed to take ownership and responsibility for a number of key areas. Health and safety, recruitment, facilities, and IT are all of such importance to an organisation that they tend to have their own departments, often with multiple staff depending on the size of the company.
Whilst an argument could be made as to which is the most important amongst these teams, there is one topic that could fall to each of these, but which often has no overall leadership or control within any organisation. And that is security.
Which of these departments should take overall responsibility for the security of your organisation?
It’s worth considering whether your company has a security culture amongst the leadership team and staff. How often in your monthly leadership teams does security feature on your agenda? I recently attended a conference where this very question was asked of the 300-or-so people in the room. Only four or five of those attending raised their hand.
In a world where we hear daily about criminal activity – both carried out in person and by cyber threat actors – it’s alarming that such an important topic barely gets a mention in an average company’s key risks, nor does it typically have its own overall leadership.
The threat level for terrorism in the UK remains substantial, yet how often have you seen people walking around your buildings unchallenged, just assuming they are there for legitimate purposes? Putting aside companies and sites which are either high risk or critical to our infrastructure, the average business may not even have a security officer, let alone a security department.
But the reality is that right now, it’s never been more important to have a focus on security. The threats to our daily life are not just from physical acts but also from the ever-present cyber landscape, where attacks are becoming more and more sophisticated. We also know that terror attacks have changed significantly from the 1980s and 1990s, and rather than organised groups it’s far more common for low sophistication, lone wolf style attacks where a knife or a vehicle might be used to cause chaos and injury. But where do these things fall in your organisation and who, if anyone, should take overall responsibility?
Your IT department will naturally play a significant role in protecting your business from online and cyber threats, ensuring your network is protected and data is managed appropriately. Most businesses are well aware of the cyber landscape, and this will be a focus to avoid a potential disaster resulting from a loss of your systems and data.
Many businesses, however, could not name who manages the physical security of their building and who takes ownership of access control, including areas accessible to the public. Regardless of the size of your business, staff need to be vetted and visitors need to be checked. The same could be said for checking site contractors and those carrying out maintenance work. How security-conscious are your staff, and do they have a policy of challenging those who’re on site that they do not recognise, or will they simply let them go about their business without question?
With all that in mind, how do you as a business protect your staff and visitors to whom you owe a duty of care?
You may be aware of the new proposed legislation commonly known as Martyn’s Law, which is likely to become the new Terrorism (Protection of Premises) Act at some point in 2025.
If your premises is open to the public and has a capacity of upwards of 200 people (including your employees) then you’ll need to comply with specific requirements relating to ensuring the security of the public in the event of a terror attack. Your staff will need to know what to do and who is responsible for coordinating a response. You’ll need a preparedness plan and a risk assessment, and your staff will need to have specific training. In what will be known as the ‘Enhanced tier’ for larger venues, if you have a capacity of 800 or more, then these measures will go even further to ensure the safety and protection of visitors to your premises.
There is help and support for companies, with a wealth of free resources dedicated to protecting your property and increasing security. The National Protective Security Authority (NPSA) has a website here (Personnel and People Security | NPSA) which can help across a range of topics from hostile vehicle mitigation to insider risk, building and infrastructure to incident management.
This also contains a resource called the Passport to Good Security for Senior Executives | NPSA which was published specifically to help organisations improve their physical security.
Additionally, ProtectUK | Home has resources to assist in understanding terrorism risk and what you can do to protect your premises.
So, let’s look back at those departments in your business: Health & Safety, Recruitment, Facilities, and IT. The fact is every one of those has a responsibility for security, and this is exactly the reason why it should be one of the highest priorities on your organisation’s agenda – whatever industry you’re in.
If you’d like to speak to a specialist who understands your risks in this area, contact us via the buttons below.