Most U.K. businesses unprepared for terrorism threats: study

The majority of British businesses may not be implementing basic security practices, leaving them unprepared for potential terrorist attacks, suggests a recent analysis of survey results.

More than half (54%) of businesses included in a survey by research firm YouGov said that their organization doesn’t regularly check leaking of sensitive company information such as building plans, financial records or evacuation plans.

The results from the online survey of 600 British business leaders were analyzed by ACTIS (Applied Counter-Terrorism, Terrorism, Intelligence & Security Studies), a research and consultancy branch of SMC University.

ACTIS experts say that about 80% of those surveyed would fail a counter-terrorism preparedness test, possibly leaving them vulnerable to that risk.

The preparedness test has eight questions regarding security policies implemented within a business, which are then analysed by ACTIS and given a score from seven to zero with a possible total score of 56. A score of 28 or lower would be a fail in terms of preparedness.

There have been more than 600 terrorist events in the United Kingdom since 1970, and that more than 80% of businesses that experienced a major incident never re-opened or closed within 18 months, according to ACTIS.

Still, more than 40% of those surveyed have never prepared a list of potential risks to their business, according to ACTIS. That rose to 62% for the retail sector and 41% in the construction industry.

In the manufacturing sector, 56% of those surveyed said they have never checked or haven’t checked in the past year whether critical information (such as building plans) has been made openly available to the public (versus 54% of businesses overall), ACTIS noted.

“In 2009 more than 10,000 confidential client memos sent through Bloomberg’s private messaging system were published online by a former employee,” the firm added.

“The sensitive conversations, including messages from traders at more than a dozen of the world’s largest banks, remained openly available through a simple Google search until earlier this year.”

About a third (34%) also said their companies don’t enforce any kind of computer password policy, ACTIS said. In the retail industry, that rose to 42%.

As an example of the consequences of a lack of policy, the firm points to a March 2012 incident in which Medicaid information for 780,000 individuals was stolen through a breach at the Utah Department of Technology Services, possibly because of weak passwords.