Roads to Resilience

and criminal activity and this was the case in a Beirut hotel a few years ago: “ A well-placed source told us they believed that terrorists in Lebanon were planning an attack on the IHG branded hotel in Beirut. We were given further details and are used to dealing with such information: we must use any intelligence we get and make decisions based on that to mitigate the threat to the hotel, its guests, staff and visitors ” (Head of Security Risk Management). So the security team was set into action immediately. The TVA was the starting point for a renewed risk analysis and two IHG security experts immediately flew to Lebanon. Both had a military background, like many in the IHG security community, and they checked for any obvious security vulnerabilities of the hotel. The pair knew that “ even with the limited intelligence provided by the source we needed to act. Our first job was to decide how the hotel might be attacked, when and by whom. Our second job was to design ‘bespoke mitigation’ – ways to prevent an attack – and get them quickly implemented ” (Head of Security Risk Management). In visiting the hotel, the two security experts observed how the hotel functioned on a typical day, with an eye for what terrorists would be looking for. Quickly, it emerged that regular deliveries meant that delivery vans were often parking close to one of the hotel towers. Immediately, this risk was mitigated by having the deliveries rescheduled and re-routed, to reduce the risk that a delivery van could be high-jacked and used in an attack. Measures were also taken to prevent other possible ways of attacking the building. The security improvements were made quickly and so it became harder for the terror cell to plan its attack. Shortly afterwards, members of the terror cell were captured by the local authorities. It emerged that their main plan had indeed been to substitute a delivery van and fill it with explosives, but because of the IHG security experts’ mitigation measures, this became unviable and the attack was delayed. At IHG security, the philosophy of the intelligence-led, threat based approach is that “ the organisation has situational awareness and is well poised and prepared to mitigate against and respond to a broad spectrum of security threats. Risk management and security mitigation in IHG is based on an informed blend of People, Procedures and Technology. At IHG we consider that all staff have a responsibility for risk management and security and are the ‘eyes and ears’ that deter and detect possible threats; security awareness training and security stakeholdership are a cornerstone of the awareness. When and if things do go wrong, IHG has a robust and well practised incident response and crisis management system in place ” (Head of Security Risk Management). Although IHG have strong formal and informal networks to address risks, the organisation is clearly self-critical and looking to constantly improve. An example of this is preventing theft. Based on his experience, a hotel security officer is calling for more vigilance in reception areas because: “ 80 per cent of the thefts happen in this area, thieves usually pretend to be speaking on a phone call because they expect staff members would not want to disturb them, wearing sunglasses or other camouflage waiting for opportunities. So this is the moment when staff need to be a little more curious, and ask a few questions: ‘Who are you waiting for sir?’ ‘Can I have a room number please?’ ‘Can I have the name?’ ‘Can I help you further?’ You don’t have to be a security professional to notice when a person gets uncomfortable ” (Hotel Security Team Leader).

120

Appendix A Case study: InterContinental Hotels Group (IHG)