The sentencing of Anders Breivik last week to 21 years in prison and the court finding him sane, reminds us that not all terrorists are linked to al-Qaeda and that right wing terrorism can be just as deadly. Breivik killed 77 people when he bombed central Oslo and then opened fire at an island youth camp. I was reading an Economist article on domestic terrorists in the United States, which discussed the numbers of people killed by right wing or domestic terrorists compared with Islamic and al-Qaeda inspired terrorists.

The figures from the National Consortium for the Study of Terrorism and Responses to Terrorism showed that between 1990 and 2010 right wing extremists carried out 145 murderous attacks resulting in 348 deaths, 168 resulted from the Oklahoma City Bombing. During that same time period Muslim extremists committed around 25 attacks, which killed over 3,000 people; but 9/11 accounted for 2,977 of these. So if you take off 9/11 and see this as a one-off event, then right wing domestic terrorists have killed 325 more people than Islamic inspired extremists, and the ratio of right wing to Islamic inspired terrorist deaths is roughly 14-1.

All terrorists are looking for spectacular attacks which will highlight their cause but I have noticed that often right wing terrorist attacks are less spectacular and are aimed at institutions or people who they feel aggrieved at or they see as their enemy. Both sets of terrorists are usually looking for soft targets which give them the best chance of carrying out their attack. They are less likely to attack a well defended building or person, as they stand a greater chance of failing in their attack.

What do these facts mean to business continuity people and what can we do about this. Yes there is the random chance that you can be in the wrong place at the wrong time, such as those who were killed or injured in 9/11 or 7/7 in London, but there is actually a lot the business continuity manager can do to protect their organisation, customers and staff. As with crime, it is sometimes sufficient to deter an attack on your organisation or staff by making it a ‘hardened’ or an unattractive target, which causes the terrorist to go and attack another organisation, whose security is not as good.

What measures can we take to deter, prevent or mitigate the effects of terrorist attack?

1. For all staff to be nosey and vigilant. Staff should be encouraged to report suspicious behaviour, vehicles parked in the wrong place and suspicious packages and bags. If all staff have been regularly briefed to be vigilant you have the entire organisations staff as your first line of defense. 
2. Terrorists will often carry out ‘dry runs’ or rehearsals for their attacks. There is an opportunity for well-trained security personnel to identify people acting suspiciously and to pass their details on to the Police. Good alert security personnel could also dissuade the terrorist from attacking you and look for a softer target. I have seen companies providing training for security guards in recognising hostile surveillance.
3. Recognise parcel bombs. We often think of terrorists setting of large spectacular explosions but often they will send parcel bombs. This can range from the very sophisticated bomb as seen in printer cartridges sent by courier from Yemen, to simple incendiary devices or glass and needles sent by post. If you think you are likely to be a target then you should x-ray your post otherwise you should ensure your mail room staff or those who open the post have training recognising mail bombs.
4. Have a specific bomb threat and evacuation (or invacuation) plans in place and make sure that they are regularly communicated to staff and that they are rehearsed.
5. If all fails, you have to rely on your business continuity plan (which we have all done) to manage the consequences of an attack.

If anyone has got some other ideas of preventing terrorist attacks I would be happy to add them to this list.