Prime minister urged to help UK firms prepare for terrorist strike

Tony Blair should take personal responsibility, says the Confederation of British Industry

Tony Blair should take personal responsibility, says the Confederation of British Industry

The prime minister should take personal responsibility for persuading businesses to plan effectively to deal with the growing risk of terrorist attacks in the UK, following the train bombings in Madrid, employers said this week.

The Confederation of British Industry is calling on Tony Blair to raise the profile of business continuity planning, in particular by offering help to small and medium-sized firms that play a vital role in the UK's supply chain, said Jeremy Beale, head of the e-business unit at the CBI.

The call came amid growing concerns that a major terrorist attack could leave businesses or their suppliers without access to vital computer systems or could cause disruption to internet communications.

John Handby, chief executive of CIO Connect, the chief information officers network, said many large companies were already reviewing security in the light of growing terrorist threats.

Beale said it was vital for the government to encourage firms to review their IT business continuity plans and encourage their key suppliers to do the same, following the Madrid bombings.

"There is a need for business continuity to be enunciated at the highest level. A lot of government officials are working away trying to get companies to act, but government at the highest levels should indicate what businesses should be doing," he said.

"It has to be more than Tony Blair making an announcement - it has to be linked to a set of government actions."

John Sharp, chief executive of the Business Continuity Institute, the UK's leading authority on continuity planning, urged the prime minister to galvanise firms that were failing to take continuity planning seriously.

Research by the BCI and the Chartered Management Institute earlier this month shows that only half of all firms and one third of small businesses have contingency plans for terrorist attacks or disasters.

The chief information officer of one large business based in central London said the Madrid bombings had spurred it to rethink its emergency planning.

A terrorist incident such as a dirty bomb or a chemical attack could leave computer systems inaccessible for months or years, he told Computer Weekly. "Bombing a train in an urban environment is much closer to home than flying a plane into the twin towers: 9/11 was a wake-up call, but Madrid much more so," he said.

Although larger firms generally have well-rehearsed business continuity plans, there are concerns that smaller suppliers may be only paying lip service.

Ben Booth, IT director at polling organisation Mori, said his firm insists that its key suppliers have effective business continuity plans in place before awarding contracts.

The trend is being followed by other large firms, which are asking suppliers to show that they have plans in place and that they test them regularly, said Ray Titcombe, chairman of the IBM Computer Users Association.

Last week, David Omand, head of the joint intelligence committee, warned that Al Qaeda terrorists were already being trained in hacking and would seek to cause disruption by attacking computer networks. They will target softer economic targets as security is stepped up elsewhere.

Disaster planning

Local authorities will be required to work with local businesses to help them develop business continuity plans under the Civil Contingencies Bill, which is currently being debated by Parliament.

The Bill, which will give government agencies legal powers to take necessary action in the event of a national emergency, is part of a series of measures to meet the threat of terrorism.

The Office of the Deputy Prime Minister is funding the roll-out to a network of regional resilience teams, which will raise awareness about continuity planning.

The teams will be modelled on the London Resilience Team, which has run a series of events and conferences to raise awareness.

Read more on IT legislation and regulation