Threats to reveal a company's confidential information or to contaminate its products need to be analysed carefully to decide on the best response. DLA Piper's Stuart Ponting considers the steps that should be taken.
Increasingly, businesses are facing attacks from their own employees or third parties attempting to extort financial or other advantage by making malicious threats against the company. Extortion attempts are far from unusual, but the details of surprisingly few ever make it into the public domain.
At the heart of an attempt is usually a threat to reveal an organisation's confidential or sensitive data into the public domain, an attack on the supply chain or, perhaps more concerning, a threat to contaminate a product or foodstuff either before or after it is offered for sale. Threats can come from any direction, but are often from within a business.
This article looks at how extortion or blackmail attempts often occur and what options are available to successfully manage them without detriment to the organisation.
The first key step to successfully resolve an extortion attempt is to carefully analyse the nature of the threat; only by understanding the nature of the threat can an appropriate and effective response strategy be delivered.
Threats may be made by individuals, so called "lone wolves", or they can be made by groups of individuals; the latter poses very different types of challenges for any organisation.
Having identified "who" is making the threat it is then necessary to try and identify "why". Motives for attacks can vary significantly and understanding the motive may offer a clear resolution for the organisation.
For example, an employee who feels disgruntled following recent demotion or overlooked in a recent promotion may not be making a genuine attempt at extortion, it may simply be a (very) misguided way of expressing their unhappiness. Distinguishing genuine threats from irate grumblings is vital.
The next stage of the threat analysis is to examine the potential worst-case scenario if the threat is actually executed.
Understanding the impact of the threat will provide a basis for objective assessment of the proportionality of any proposed response. For example, if a threat sounds highly concerning but its practical impact would, in fact, be very limited, the organisation's response t