|
 David Honour explores the business
continuity measures that can be put in place to protect companies
from activist attacks.
She enters her office. It’s 9.30am Monday
8th September, just two years since she become managing director
of the supermarket chain. She settles down at her desk with a large
cup of coffee and the morning’s post. Working through the
pile of envelopes she comes to a plain brown envelope. Slitting
open the letter she is struck immediately by the plainness of the
paper – no letterhead; no glossy printed inserts; just a simple
printed sheet of text. Intrigued she starts to read…
“A communiqué from the Environmental
Action Front.
We warned you that if you proceeded with
developing new stores in environmentally sensitive areas then the
EAF would take action against your company.
You ignored our warnings and as a result
we have opened a new front in the war against the desecrators of
the earth.
On Wednesday 3rd April five EAF freedom
fighters broke into the meat processing plant of Animal Derivatives
Ltd. A batch of processed chicken packaged with your company’s
brand was injected with strychnine. This should now be on your shelves
ready for sale.
Don’t imagine that this is an idle
threat. Truth will out with the first death, and the blood will
be on your hands as violators and despoilers of our beautiful world.”
This is a fantasy scenario but for many executives
over the past few years, this type of experience has been a reality.
Activism has been growing steadily, as protestors the world over
turn to direct action as a means to an end.
Weapons in the activist’s armoury
include:
* Reputation attacks – dragging a company’s
name and brands through the mud. Real life examples of this have
been the concerted attempts to accuse various prominent US-based
sports goods manufacturers of the exploitation of workers in the
third world.
* Financial attacks – causing direct and indirect financial
losses. Direct losses can be engendered through such things as product
contamination, as in our supermarket scenario above, and damage
to equipment and plant. Indirect losses can be caused through reduced
share price through lack of willing investors; difficulties in attracting
corporate finance and insurance; and supply chain problems as suppliers
back-off in favour of less risky customers.
* Physical attacks – on personnel, buildings, homes of top
executives etc. For example, in early 2002 the managing director
of Huntingdon Life Sciences was beaten up by masked animal liberation
activists and the main US office of Stephens Inc, one of the company’s
main investors, was damaged. Both attacks were linked to Huntingdon’s
involvement in animal testing.
* Internet-based attacks - website hacking, virus distribution and
e-mail campaigns have all been used by activists as a means of getting
their message across and causing inconvenience and financial losses.
Again, Huntingdon was the target of such an attack, with the Animal
Liberation Front encouraging supporters to access the Huntingdon
website at a particular time on a particular date in an effort to
crash the site. The ALF also sent activists lists of Huntingdon
employees’ work and personal e-mail addresses so that staff
could be bombarded with threatening messages.
Various business continuity measures can be
taken to help counter the threat of activism and the remainder of
this article will use the above scenario to explore these.
All business continuity plans consist of two
main elements: preventative measures and reactive responses. The
former are the steps that can be taken to mitigate risks, the latter
are post-crisis contingencies.
FIRST
STEPS
Before any business continuity measures can be put in place it is
vital that the company understands the scope and extent of the risks
that it faces. For this reason business continuity planning activity
should always commence with a risk assessment and business impact
analysis. Basically, these techniques help identify all operational
risks and then make an assessment of the likelihood of the risk
event happening and the subsequent damage that would be caused to
the business. High risk, high likelihood risks should be top priority
for mitigation. In terms of our scenario, the supermarket should
have identified product contamination as a potentially severe risk
with a strong likelihood that it would happen one day. As such the
company should have put both preventative and reactive measures
in place.
PREVENTATIVE MEASURES
There are various things that the supermarket in question could
have done to reduce the likelihood of a product contamination attack.
Policy statements
Firstly it should have a defined ethical policy in place that includes
statements on areas of concern to activists. The company must be
seen to promote its ideals and to live up to them. For retailers
the main areas include:
* Ethical purchasing – this policy would state the types of
companies and countries that retail supplies will be sourced from.
In addition it should include statements on what is expected from
suppliers in terms of the way staff are treated; care for the environment
and business behaviour.
* Environmental policy - this would clearly outline the company’s
policy towards the environment. It should show how the business
focuses on minimising the use of scarce and environmentally sensitive
raw materials and how any waste materials are handled and disposed
of. The company’s approach to new developments should be outlined,
especially the policy with regard to the use and development of
green-field sites. The supermarket chain in our scenario could have
avoided its current problem by imposing a ‘brown field’
only development policy – ensuring that new stores were only
built on sites of previous development or on industrialised land.
* Ethical investment – companies can be targeted by activists
not because of their everyday business activities but because of
the investments made on their behalf. To avoid issues with activists
companies should use ethically managed pension and investment funds
and should avoid direct investments in companies involved in any
ethically ‘grey’ area.
Local awareness
Multi-national companies sometimes run the risk of behaving like
a steam-roller when it comes to local issues. Many activist attacks
come about because of poorly handled local issues which could have
been avoided through consulting with local people, listening to
their views and opinions. If the supermarket in question had realised
the extreme sensitivity of the site of its new store in the eyes
of local activists before commencing construction, it might have
been able to nip the problem in the bud either by relocating the
new store to a less sensitive location or by promising concessions
and taking suitable environmental protection measures.
Security
Many retailers spend large amounts on security measures to prevent ‘shrinkage’ i.e theft through shop-lifting or by employees;
however security issues do not stop at the perimeter of the store.
In the case of product contamination, products are often more vulnerable
in the supplier’s warehouse than they are on the shelves of
the store. Food retailers should make sure that all suppliers conduct
their handling, processing and packaging operations in as secure
an environment as possible. Retailers would also be wise to routinely
conduct security checks and audits on suppliers to ensure that security
standards are being maintained at satisfactory levels. In extreme
cases, penetration testing could also be carried out to test security
systems and highlight any vulnerable areas.
REACTIVE MEASURES
If she has been wise, the managing director of our scenario supermarket
will have a number of elements in place to help her respond quickly
and decisively to the threat.
Product recall
Her first response is to initiate a product recall. The retail business
continuity plan includes detailed steps to be taken in the event
of a recall. Most recall plans will have a dedicated coordinator
whose role is to coordinate the recall and keep all appropriate
agencies informed about progress. The recall coordinator will normally
be supported by a team and must have the authority to make executive
decisions.
The recall plan should include detailed information on the following
areas:
* Identification of recall personnel – including 24 hour contact
details;
* Procedures – details of the specific procedures that the
recall team will work within. Governmental recall advice will include
specific measures to take depending on the type and severity of
the recall and the retailer’s business continuity plans should
include the latest version of such information;
* Liaison information – details and contact information for
the law enforcement and governmental agencies that will need to
be informed plus decision trees to enable the recall team to know
when to make contact with such outside agencies.
Crisis communications
Once our fantasy managing director has initiated the product recall
then the next step is to put crisis communication plans into action.
One of the major roles of the business continuity team will be to
coordinate communications with the media, the general public and
other stakeholders. The golden rules of crisis communications are:
* Be professional – don’t use inexperienced people to
handle your communications. Whatever group you are communicating
with it is vital that your information is presented in the most
professional manner possible. This inspires confidence in the message
being given and ensures that the release of information is as controlled
and positive as possible. Staff who will be involved in crisis communications
should be identified during the business continuity planning stage
and must be given full training. There are many specialist crisis
communications companies available to help and advise at any stage
in the process.
* Be proactive. Attack is the best form of defence as far as crisis
communications is involved. In our scenario, the supermarket should,
if possible, brief appropriate media with details of the threat
and the company’s response before the activists’ do.
The company should state that a product recall is taking place and
give clear, concise and specific information about the recall. The
message must strongly imply that the situation is under control
and that the company is handling the crisis efficiently and professionally.
* Be honest. In a crisis communications scenario, honesty is definitely
the best policy. Don’t try to avoid difficult questions, address
them head-on. In this way you will build up trust in stake-holder
groups and will ensure that there is no ‘hidden agenda’ that the media can use against you.
* Be responsive. React quickly and accurately to any information
requests.
Insurance
As a retailer it is vital that business insurance
covers such areas as product recalls. The financial costs of the
recall and the cost of stock replacement can be covered. It is important
that the policy is reviewed periodically to ensure that it does
not over or under-protect the business as circumstances change.
CONCLUSION
The above scenario focuses on a retail environment, however activism
is an issue which is relevant to all organisations. September 11th
and the subsequent war on terrorism has resulted in some of the
more extreme activist groups ‘keeping their heads down’
but don’t equate quiescence with a reduction in the risk.
There is a real threat that needs to be assessed by each and every
business.
David Honour is editor of www.continuitycentral.com This article was first published in ‘Enterprise
Risk’ magazine.
•Date:
5th September 2003 •Region: Worldwide •Type:
Article •Topic: BC
general
•Rate this article
or make a comment - click
here
|
