Terrorism in 2017: A fragmented threat

Companies face a more fragmented, less predictable global terrorism threat in 2017. Alongside persistent threats from left-wing, right-wing and ethno-national militant groups, the Islamist extremist threat continues to evolve. Bill Udell and Jonathan Wood of Control Risks argue that fulfilling basic duty of care obligations is become increasingly challenging for businesses.

Territorial collapse

The collapse of so-called Islamic State (IS) territory in Syria and Iraq will transform terrorism threats in 2017 and beyond. IS will lose much of its financial and military resource base, its safe haven for training militants and producing propaganda, as well as a convenient platform for launching transnational attacks. Crucially, it will also lose the geographic pillar of its ideological influence.

But IS will not be eliminated as a threat. As it loses territorial control, we expect core elements to retreat back into an asymmetric, guerrilla insurgency in Iraq and Syria, feeding on lingering Sunni grievances. IS thrives in political and security vacuums, and Syria and Iraq will provide plenty of both in the coming years.

Fragmenting terrorism risk

IS and its successors – though depleted – will certainly live to fight another day. The following dynamics are likely to drive the evolution of the global Islamist extremist threat in 2017:

• The collapse of IS territory is likely to prompt a global exodus of foreign fighters. IS specifically – and Syrian militant groups generally – has benefited from an unprecedented influx of foreign fighters. The trickle of foreign fighters returning home, especially to Western Europe, could become a flood, imbuing local extremist networks with experience and capability.

• IS is likely to shift further towards transnational terrorism. In Western Europe, a series of IS cells have been disrupted since the March 2016 attacks in Brussels, while ‘virtual’ IS controllers operating via encrypted chat apps have been linked to several small-scale ‘homegrown’ attacks. IS is also believed to have relatively dense networks in Turkey, a major target.

• A dense library of high-quality, vernacular jihadist propaganda will persist indefinitely online, serving as a source of inspiration and incitement for jihadist sympathisers and other threat actors.
• Extremist methods will continue to colour violent acts by disaffected, attention-seeking, aggrieved or mentally disturbed individuals. Motivations in many violent acts are more likely to be ambiguous and potentially more precipitous, defying easy categorisation or apprehension.

• Sources of threat will emerge within large populations of refugees and displaced people – especially in Europe but also in the Middle East. The small but rising number of incidents linked to recent migrants in 2016 underscores the nascent threat. Over time, whether through alienation from host societies or dedicated outreach by Islamist extremists, these populations are likely to become more susceptible to recruitment or amenable to facilitation.

The corporate challenge

The fragmenting terrorism threat is transforming – perhaps permanently – the challenge for those whose role it is to mitigate terrorism risk within companies. At a basic level, this increases and complicates a company’s basic duty of care obligation. In fulfilling duty of care, the litmus test consists of identifying risks to employees that are ‘reasonably foreseeable’ and putting programmes in place to mitigate such risks.

The changing threat environment radically expands the scope of a ‘reasonably foreseeable’ risk. Whether working at home or travelling abroad, employees face a more diverse array of threat scenarios against a wider set of venues while performing a broader range of activities. Put simply, companies now have a larger share of responsibility for a problem that is also harder to define.

How to respond?

Companies have started to tackle threat intelligence as a ‘big data’ problem. The types of information sources available and the volume of potentially relevant threat data – especially via social media – have exploded in recent years, prompting companies to adjust both threat assessments and monitoring programmes.

The most robust efforts go well beyond aggregating raw information feeds: companies are increasingly bringing on analytical capability to prioritise, operationalise and act on information in real time based on their footprint, personnel and business context. Technology is helping to substantially automate and optimise this process, particularly via the spread of the virtual global security operations centres (GSOCs) model, as well as the application of machine learning to threat intelligence.

Based on a more specific understanding of the evolving threat, companies are assessing whether their overall security and risk management programmes are fit for purpose and often finding that they need to take action in the following areas:

• Companies are taking a fresh look at insider threat and workplace violence programmes, particularly by incorporating self-radicalised violent actor threat scenarios.

• Companies are selectively beefing up physical security precautions for personnel and assets. The new threat environment has imposed new training requirements on security managers, both in terms of new jurisdictions and new threat scenarios, such as active shooters.

• Companies are recalibrating impact mitigation planning to reflect the changing threat environment. Crisis and incident management programmes have been adjusted to reflect diffuse terrorism risks and involve relevant intelligence and law enforcement stakeholders.
• Companies are finding value in information-sharing among peer organisations and conducting formal third-party benchmarking against those peers.

Success in 2017 means recognising and adapting to a prolonged period of strategic uncertainty. With the risk of terrorism coming closer to home, businesses should ensure they apply the same mitigation methodologies as they do in traditionally ‘risky’ locations across the board.

Bill Udell is a senior partner and Jonathan Wood is a director, both at Control Risks. For more information on global risks in 2017, visit Control Risks’ Riskmap2017

Bill Udell - Senior partner, Control Risks