When significant business sectors are attacked and severely damaged, this accomplishes one of the terrorist group’s strategic objectives – to inflict damage on its victims’ critical infrastructure. The business sector (defined as the sum of disparate business sectors in a country’s economy) thus constitutes one of the primary strategic targets of contemporary terrorism because attacking it can cause severe and cascading economic damages not only to the targeted businesses but other sectors in a country’s overall critical infrastructure as well. It is also important to note that each business sector has its own unique characteristics and a specific risk profile. For example, attacking a country’s hotels and restaurants will damage its tourism industry, retail businesses, and transportation industry, and it will likely affect other critical businesses, such as the insurance industry.
Inflicting cascading damages on a country’s economy is one of four objectives (alongside human fatalities/injuries, physical damage against the targeted facility, and psychological damage on a country’s population) of terrorism’s overall purpose: to damage, undermine, and extort political and other concessions from the threatened government and its economic sector. In response, as part of their governments’ overall counterterrorism measures, and, where possible, in cooperation with their government’s public safety agencies, business sectors around the world have implemented a spectrum of response measures to upgrade their security postures in order to decrease their vulnerability against different manifestations of the terrorist threat, whether physical or cyber.
To examine these issues, this article assesses the magnitude of the terrorist threat against significant business sectors that are specifically targeted, such as (although not limited to) transportation (aviation, ground, and maritime), energy, chemical, finance, tourism, and retail.
Terrorism utilizes the elements of military, economic and psychological warfare against the targeted country and its economy. In terms of psychological warfare, terrorists aim to spread fear, anxiety and panic throughout the wider society by transforming a specific terrorist incident beyond its localized setting, thereby creating a perception that every citizen and critical node in a country’s infrastructure is vulnerable to attack. Thus, when a nation is incapable of deterring or preventing the terrorist adversary from attacking its businesses, whether restaurants, shopping malls, hotels, transport, and even public venues such as movie houses and concert halls, it causes the affected government to appear inept and incapable of protecting its citizens and critical infrastructure from terrorist harm. Such was the case on March 22, 2016, when two teams of ISIS operatives conducted simultaneous attacks in Brussels at Zaventem airport (killing 11 people) and at Maelbeek metro (killing 20 people), with some 300 people injured in both attacks. 
Attacking such major nodes in the city’s transportation infrastructure made the country’s population feel highly vulnerable to being targeted by future attacks against this sector, with threat levels immediately raised in neighbouring European countries, as well.
Repeated and large-scale terrorist targeting of the business sector, moreover, has cascading effects on other critical infrastructure sectors. As explained by Campbell Harvey, a professor of international business at Duke University’s Fuqua School of Business, “This is all about vulnerability….When consumers feel less safe, it changes their spending patterns. Businesses will change their investment and employment plans. Lack of confidence negatively impacts growth.” And terrorism not only disrupts normal business activity, but also increases the costs of doing business, either directly through economic damage, reduction in tourism, or indirectly through the consequences of having to expend resources to cover increased terrorism risk insurance rates and costly security measures, including imposing tighter border crossing controls.
In the most extreme cases, countries or regions that experience frequent and large scale terrorist attacks, such as Afghanistan, Pakistan, Iraq, Syria, Yemen, and Somalia, have virtually no tourism industry, which also results in lower levels of consumer spending and minimal foreign investment. This is particularly the case in Syria, whose tourism industry had generated an estimated US$8.3 billion in 2010, but the escalating civil war since then (accompanied by large scale terrorist violence), has devastated its economy and tourism industry.
Even highly developed countries such as Canada that experience less frequent terrorist incidents can be negatively impacted economically from such attacks. The 9/11 attacks by al Qaida in New York City and Washington, DC, for example, resulted in a decrease in the visits of people between the United States and Canada due to the increased security at border crossings and entry points implemented by the two countries. Even some 12 years later, following the April 2013 bombings of the Boston Marathon, with the city of Boston locked down, land border crossings into Canada were placed on heightened alert out of concern that the perpetrators and their associates might attempt to escape and cross into Canada. The increased vigilance by the Canadian Border Service Agency (CBSA) in conducting risk assessments of peoples and commercial goods prior to their entering Canada, also led to a slowing down of commerce between the two countries.
In addition to the economic damage caused by the mass casualty attacks in Brussels in March 2016, there was significant economic impact from the ISIS-led simultaneous attacks on November 13, 2015 against business targets in Paris, France, where restaurants, the Bataclan concert theatre, and a packed sports stadium were intentionally targeted with 130 people were killed, and some 368 others injured. In this case, these mega terrorist incidents affected every sphere of the country’s economic activity, resulting in a drastic decline in foreign tourism, with hotels and restaurants experiencing substantially lower revenues. Interestingly, in what became known as the “Charlie Hebdo” (and follow-up) attacks in Paris on January 7-9, 2015, in which a total of 17 people were killed and 22 injured, these attacks resulted in less economic damage than the later November 13, 2015 attacks because the previous attacks were considered “one-off” incidents. Once these attacks were followed by the November 2015 mega mass casualty attacks, however, they cumulatively demonstrated the severity of the ISIS/al Qaida terrorist threats against France’s economy, whether by local or foreign operatives, and the government’s security forces’ inability to prevent them, thereby inflicting greater damage to the country’s economy. With the March 2016 attacks in Brussels carried out by ISIS cells with connections in France, the hunt for additional suspects also affected the cross border movement of people and goods between the two countries, .
Even ‘low level’ impact terrorist knifing attacks that might average one to three fatalities and injuries from an attack’s shooting, knifing, car ramming, or stone throwing, can lead to a country’s overall economic decline. This has been the case in Israel, where revenues at restaurants, hotels and the overall tourism industry have sharply declined, particularly in an important tourism city such as Jerusalem, which is highly dependent on a steady stream of tourists for its economic well-being. In Jerusalem, moreover, even local residents have become wary of dining at restaurants or shopping at popular outdoor markets such as Machane Yehuda. Even more seriously, Arab restaurants in Israel, whether in East Jerusalem, Nazareth, or in Jaffa’s mixed Jewish-Arab neighbourhoods, have been experiencing sharply reduced volumes of Jewish customers, resulting in severely reduced revenue and increased Arab-Jewish friction – which is one of terrorism’s strategic objectives.
Finally, in non-Western countries such as Egypt and Tunisia, tourism has been sharply reduced as a result of al Qaida/ISIS attacks in those countries, including stoppage of some airline flights into Egypt’s popular Sharm el-Sheikh resort following the attack of the Russian passenger airplane that had departed its airport on October 31, 2015.
In an example of the most significant economic disruption in the aftermath of a terrorist event, al Qaida’s simultaneous suicide airplane attacks against the World Trade Towers on September 11, 2001caused the loss of life of some 3,000 civilians, with the terrorists likely expecting thousands more fatalities. In terms of economic losses, as reported by a June 30, 2004 New York Times article, the attacks cost the city’s economy 143,000 jobs a month and $2.8 billion in lost wages in the subsequent three months. Overall, it also resulted in $40 billion in insurance losses, with the ripple effects of the attacks impacting the country’s airline industry. The attacks also resulted in additional billions of dollars in indirect consequences.
Terrorist Threats Against the Business Sector
The business community, whether its personnel, facilities, or operations, is threatened by a continuum of terrorist attacks ranging from low to high in complexity and lethality of weaponry and tactical execution.
In the recent period, in addition to bombings and shootings, terrorist groups employ other types of warfare tactics against their business adversaries. In the first development, terrorist groups and their supporters (as well as state sponsors of terrorism, such as Iran) employ cyber weapons to inflict economic damage against their adversaries, such as the cyber-attacks by pro-Hamas Palestinian hackers against the website of the Israeli stock exchange on April 7, 2015.
Canadian security services also consider cyber threats one of their top priorities. Michel Coulombe, director the Canadian Security Intelligence Service (CSIS), stated at a news conference that he views “the possibility of a cyberattack by ISIS or other extremist groups on the country’s ‘critical infrastructure’ as ‘a major threat.’”
In a second warfare development, to substantially grow and expand their funding sources, terrorist groups like ISIS that control vast amounts of territory in weak and fragile states including Iraq, Syria, and Libya, employ terror to loot and appropriate for themselves bank accounts. They sell the oil from the production and storage fields in the areas they govern, illicitly, as well as forcibly taxing the populations and businesses there.
The types of terrorist warfare against the business sector and their impact on a country’s critical infrastructure are outlined in Figure 1’s continuum.
As suggested by this notional illustration, the business sector, like the rest of society, faces a continuum of types of potential terrorist attacks, weapons, and lethality. These tactics range from relatively low impact “conventional” attacks, such as shootings and bombings to cyber attacks in the form of computer viruses, denial of service, and data breaches, to those involving chemical, biological, radiological or nuclear (CBRN) “unconventional” weapons and devices. To forecast the likely type of terrorist threat, weapons, lethality and their impact on the targeted critical infrastructure, it is necessary to consider the perpeptrator’s intent to damage particular businesses, its past attack history, local presence and support, and its capability to conduct an attack of various levels of complexity. This includes tactics and weaponry, and, especially, its ability to physically reach its targeted location, or, in the case of a cyber attack, to breach its IT defences. Assessing, scoring, and prioritizing these types of threats are operationalized in Table 2 “Probability Risk Assessment Scale Applied to a Business Facility” in this article’s second part, below.
It is also important to note that terrorist threats do not affect all businesses alike. Bigger companies, for example, especially those with extensive overseas presence, such as multinational corporations in oil and gas, automobile manufacturing, military equipment sales, hotel chains, and restaurants, may be more vulnerable to certain types of terrorist attacks than smaller and more localized companies. In addition to the different motivations by terrorist groups to target these businesses, some multinational companies, such as hotel chains and restaurants, may present much softer targets than their more hardened automobile, oil and gas, and military sales counterparts. Similarly, businesses in regions that are frequently targeted by terrorists, such as the Middle East and North Africa, face more frequent and higher lethality threat risks than those in areas that terrorists do not consider vital for attack because of their hardened defences, such as Western Europe, where terrorist attacks, as a result, are less frequent although still more ‘sought after’ because of the worldwide publicity such attacks generate for their cause.
Categories of Businesses Targeted by Terrorism
Certain business categories are of greater risk to terrorist attack than others. These include transportation (aviation, ground and maritime), energy (nuclear power, oil and gas facilities, and chemical plants), financial institutions (such as stock exchanges and banks), tourism (hotels and restaurants), and retail (department stores and shopping malls). The terrorist risks to these business sectors are discussed in this section.
Throughout the history of terrorism, the transportation sector has been among the most frequent targets of terrorist attacks, as reinforced by recent terrorist incidents, such as the bombing on November 24, 2015 by an ISIS affiliate in the Sinai Peninsula of the Russia-bound Russian airliner in mid-flight, killing all 224 people on board and the March 2016 attacks against the metro station and airport in Brussels, Belgium. Aviation transportation (airports and aircraft), ground transportation (trains, subways and buses), and maritime transportation (cruise ships and oil tankers) are iconic targets for terrorists to cause economic and psychological disruption because of the potentially high kill rate.
The aviation sector has long been targeted by terrorist groups. In the 1970s and 1980s, hijacking was a pervasive terrorist tactic. This tactic was transformed in 9/11 when the terrorist goal was not to hijack and then land the aircraft but to use planes as bombs to cause mass destruction. In response, as security has been hardened at airport terminals and aircraft (especially by automatically locking cockpits), instead of hijacking planes, terrorists have turned to other tactics such as firing shoulder-launched Stinger missiles at flying aircraft. This was demonstrated by al Qaeda’s unsuccessful attempt to down the Israeli Arkia Boeing 757 aircraft, carrying 261 passengers that had just taken off from Mombasa’s airport in Kenya in late November 2002. In another new trend that was successfully executed, ISIS operatives reportedly exploited weak Egyptian security at the Sharm al-Sheikh airport to plant a soda can that had been converted into a bomb to explode the Russian aircraft while in flight. Airlines are also highly concerned that insiders, such as radicalized pilots, might intentionally crash their aircraft in mid-flight. Although still under investigation, it is possible (although unproven) that the crash in international waters of Malaysia Flight 370, which mysteriously disappeared on March 8, 2014 while flying from Kuala Lumpur International Airport near Kuala Lumpur, Malaysia, to Beijing Capital International Airport in Beijing. China, was caused by one of the pilots. In another case, although not terrorism-related, the deliberate crashing on March 24, 2015 of Germanwings Flight 4U525 by Andreas Lubitz, its co-pilot, in the French Alps while the aircraft was en route from Barcelona to Dusseldorf, demonstrates the potential for radicalized insiders to carry out such attacks. Finally, with the insider perimeters of airports hardened by security controls, the ISIS team’s bombing on March 21, 2016 of Zaventem Airport’s less secure departure gates,once again demonstrated that the terrorist adversary is continuously attempting to exploit an airport’s vulnerable areas.
As terrorists seek to exploit new vulnerabilities in their target’s defences, those sectors that are considered soft and less fortified will be attacked. Thus, as the aviation or maritime sectors have become more secure than they were prior to Sept. 11’s aircraft hijackings, terrorists turn to less protected targets such as commuter trains, buses and subways which they attack with greater frequency. Interestingly, only one attack against the transportation sector has involved a weapon of mass destruction. This occurred on March 20, 1995, when Aum Shinrikyo’s operatives employed sarin gas to attack Tokyo’s subway system, killing 12 and injuring more than 5,000 persons. Since then, attacks against ground transportation have involved “conventional” weapons such as guns, bombs, and knives. Finally, in another major attack against the ground transportation sector, as mentioned earlier, on March 22, 2016, ISIS operatives bombed Brussel’s Maelbeek metro, killing 20 people and injuring more than 100.
The threat of maritime terrorism is particularly significant because just like ground and aviation terrorist warfare, groups that engage in maritime warfare seek to damage the overall economic well-being and sense of security of their state targets. For example, when terrorists belonging to the Egyptian Al-Gama’a al-Islamiyya (also known as Islamic Group – IG) attacked cruise ships along the Nile River on four occasions from 1992 to 1994, tourists kept away from Egypt. In the Philippines, when the Abu Sayyaf Group (ASG) attacks cargo vessels or abducts foreigners from a tourist resort (as it did in 2001), it impacts on the entire country’s trade and economy. In Somalia, when al Shabaab militiamen hijack foreign ships sailing off the country’s coastline, vessels steer away from that region.
The international cruise industry is a potential terrorist target. Moreover, today’s classes of mega cruise ships exceed 140,000 gross tons and carry upwards of 5,000 passengers and crew members—making them ‘trophy’ targets to ambitious terrorist groups. A terrorist attack against such mega ships would not only cause a catastrophic number of casualties, but threaten the entire cruise industry’s economic viability. To counteract such threats, the cruise industry has instituted security measures guided by regulations set forth by the International Maritime Organization (IMO), such as employing security officers and security watchmen aboard ships, restricting access to ships, maintaining security zones around ships, screening of passengers and luggage, and monitoring the supplies that are loaded onto ships.
The energy sector, especially the gas and oil industries on which a nation’s energy supply is so dependent, is perceived by terrorists as an important strategic target. Currently, al Qaida and its affiliates, and the Islamic State, represent the primary terrorist threats against the energy sector, although threats are also presented by other localized conflicts. The FARC’s insurgency in Colombia, for example, has targeted that country’s energy sector, but that insurgency, which is in its final phase, has been primarily localized. In Africa, separatist rebels in Nigeria have been attacking the facilities and employees of foreign oil companies, such as Royal Dutch Shell, in the oil-rich Niger Delta.
Other types of threats to the gas and oil sectors are presented by the al Qaida and ISIS insurgencies, which have become transnational and created ripples throughout every critical node in the affected countries’ economic infrastructures. The facilities and personnel of Western oil companies, for example, have been attacked by al Qaida and its affiliated terrorist groups in Algeria, Iraq, Kuwait, Pakistan, Saudi Arabia, and Yemen. In one of the most prominent of such attacks, in mid-January 2013, al Qaida linked terrorists affiliated with Mokhtar Belmokhtar’s group, took foreign workers hostage at a gas facility near Amenas, in Algeria, killing some 39 of the hostages (along with an Algerian security guard).
In another type of terrorist threat against the oil and gas sector, the ISIS group, which captured numerous oil fields in Syria, reportedly earned, according to a Financial Times report, an estimated $1.5 million a day from its black market oil sales to various customers in Syria and Turkey.
Related to the energy sector is the chemical industry – the companies that produce industrial chemicals. On June 26, 2015 an Islamist extremist attacked the American-owned Air Products & Chemicals industrial gases plant in L’Isle-d’Abeau, near Lyon, France, decapitating one person while setting up an explosion in his attempt to blow up the facility, and exposing the vulnerability of chemical plants to terrorism . In many port cities large quantities of toxic chemicals are stored and transported by vessel, rail and truck, thereby also exposing them to potential terrorist attacks. Although it was not a terrorist incident, the December 2, 1984 accident at the Union Carbide pesticide plant in Bhopal, India, in which water leaked into a storage tank containing more than 80,000 pounds of methyl isocyanate, exposed an estimated 600,000 persons to toxic elements, resulting in 15,000 deaths over the years since then. Although this was an industrial accident, it illustrates the catastrophic death and injury potential resulting from a terrorist attack that exploits the location of lethal chemicals in proximity to large population centres.
Financial institutions and banks have been directly targeted by terrorist groups for attack, as they regard this sector as extensions of Western economic power and dominance.
While no high profile terrorist attacks against the banking sector have occurred in Western countries since this earlier period, banks continue to be targeted. In a new trend, terrorist groups and their supporters have attempted in several instances to conduct cyber attacks against their adversaries’ banking institutions, such as the April 7, 2015 attacks by pro-Hamas Palestinian hackers against the website of the Israeli stock exchange.
In another type of terrorist exploitation of the banking sector, such groups and their associated business/charity fronts have reportedly used the international financial system for money laundering or to move funds from one country to another, posing another substantial risk to the financial sector.
In an especially worrisome new trend, terrorist groups, such as ISIS, use their captured territory in weak and fragile states to appropriate funds from its banking sector. A prominent example occurred in June 2014, with ISIS’s capture of Mosul, Iraq, which is one of Iraq’s main oil centres. According to a Financial Times report, it appropriated an estimated $500 million in funds from its central bank, including gold bullion. It reportedly also seized additional funds from banks across the region. The same type of bank funds’ appropriation has also likely taken place in the territory under ISIS’s control in Syria. Such massive bank thefts have elevated ISIS to the world’s best-resourced terrorist organization.
Tourism is vital to a nation’s economy because it impacts a government’s revenue, national income and employment. In many nations, tourism is a major economic sector and source of revenue, so attacking it leads to economic recession and unemployment. Thus, in such susceptible countries, terrorist groups perceive hotels (and especially Western hotel chains), restaurants and tourist resorts as major targets for attack, as demonstrated by recent incidents. In one of the most prominent examples, on June 26, 2015, an Islamist terrorist carried out a mass shooting at the tourist resort at Port El Kantaoui, killing 38 people, of whom 30 were British tourists. This followed an attack on March 18, 2015, when three al Qaeda-affiliated terrorists conducted an attack in the Bardo National Museum, in Tunis, killing 22 people, of whom 20 were foreigners.With tourism contributing an estimated 10 percent of Tunisia’s gross domestic product, as well as employing 400,000 people directly or indirectly, these terrorist attacks (as well as uncertainty over future attacks) resulted in an estimated 80 percent decline in foreign tourism, with more than 70 hotels forced to shut down.
Although the war-torn and economically poor West African country of Mali is not a tourist destination, the November 20, 2015 terrorist attack on the luxury Radisson Blu Hotel in its capital Bamako, in which 22 people were killed, was a reminder that foreigners working in economic development and humanitarian assistance programs, who constituted most of the victims, are continuous targets of terrorists who seek to undermine a country’s return to stability.
An apparent attempt to target foreign tourists, the suicide bombing by an ISIS operative on March 19, 2016 of a popular shopping and restaurant area in Istanbul, Turkey, resulted in 5 people killed and 36 injured, most of them foreign visitors.
In response to such terrorist threats, the hotel industry around the world has beefed up its security departments, implementing a range of security measures to protect guests at their properties, ranging from armed guards to concrete barriers and metal detectors.
As iconic symbols of a nation’s wealth and consumerism, the retail sector’s shopping malls are especially attractive targets to terrorists. With their open spaces and bustling shoppers, they represent “soft” targets because of their lack of controlled access and other security fortifications. Even though American shopping malls have not yet faced such attacks, there is concern that a suicide attack on a single shopping mall would cause the public to consider all malls to be unsafe. At the same time, however, although retail centres were not directly targeted, the detonation of the pressure cooker bombs by the Tsarnaev brothers on a block of Boylston Street filled with spectators and runners near the finish line of the Boston Marathon on April 15, 2013 (killing 3 people and injuring 264 others), had an economic and psychological toll on the owners and employees at the stores and offices in that area, some of which were shut down for several weeks afterwards.
Other countries, however, have experienced mass casualty terrorist attacks against their shopping malls, notably the September 21, 2013 mass shooting attack by al Shabaab gunmen at the Westgate shopping mall in Nairobi, Kenya, which resulted in an estimated 67 fatalities and more than 175 injured.
Finally, the terrorist attacks by various groups that have taken place in Paris, France (in January 2015 and again in November 2015), in Jerusalem, Israel (especially during what is termed the Third Intifada, which began in September 2015), in Istanbul, Turkey (particularly in March 2016), and in Brussels, Belgium (in March 2016) – all took place in their cities’ busy shopping and restaurant areas, and led to declines of varying levels in the income of their countries’ retail sectors.
As demonstrated by the discussion of the types of terrorist groups and modes of warfare that target the spectrum of business categories and their economic impact, for business executives, ranging from chief executive officers (CEOs) to security directors, managing and mitigating the risk from terrorism in all its manifestations is now part of their overall business decision-making process. Managing the terrorism risk is also part of their overall management of risk to a spectrum of threats, whether man-made (terrorism, active shooters, and workplace violence) to natural disasters (hurricanes or earthquakes). In the case of managing their risk to terrorism, business managers need to prioritize the types of terrorist groups and modes of warfare likely to challenge their businesses and allocate appropriate protective resources in response. Specifically, their security directors are likely aware that effective defensive and preventative responses to the challenges presented by terrorism require their enterprises to be continuously vigilant, putting in place appropriate security and risk mitigation measures and protocols and continually updating and testing their emergency response plans as these threats continue to evolve, often in unpredictable directions. They also need to ensure that their commercial property insurance policies include, if possible, terrorism risk insurance to cover losses that might be caused by a terrorist attack.
In case of a major terrorist attack, business security directors now also understand the need to implement continuity of business operations measures. As examples of such foresight, in the aftermath of 9/11, the New York Stock Exchange— a perennial potential target of terrorist attacks—was able to continue with its trading operations as it had already established an alternative trading floor outside New York City, as have other financial institutions since then to replicate their business operations outside their municipal areas in case of terrorism-caused catastrophes.
Taking on the daunting problem of how to manage the risk of terrorist attack can be systematically addressed by utilizing a risk management approach. Once the prioritized threat scenarios are identified, security directors and their corporate management can then assess the risk mitigation impact and cost of the sets of solutions they decide to implement, to enable them to then select those that might offer the best ROI. This would assure that their security resources would be directed at implementing solutions that will be most effective and cost efficient.