Commercial extortion

Commercial extortion is on the rise in Britain. Officially it has increased threefold over the last four years, but most instances are almost certainly never reported.

There are methods of preventing extortion from taking place, but it is necessary to first understand the crime itself and the potential perpetrators and their motivations.

Extortion is essentially obtaining payments or benefits from another by the use of threats. It is a form of blackmail, namely, threatening some menace unless demands, usually for payment, are met.

Extortion takes many forms and common tactics can include the threat to contaminate a product, bring down an online trading platform, harm personnel, reveal information or release customer data, such as bank account details.

It is not normally possible to readily predict where an attack might come from or when, or what sort of organisation is particularly vulnerable. Any could be a target.

Extortionists may be extremists, an organised criminal group, a disgruntled employee seeking retribution, a competitor or an opportunist. Equally they could be a terrorist group seeking to raise funds, or perhaps a misguided individual suffering from stressful personal issues. Their motivation may be simple greed, or it could be to right some perceived injustice.

At one end of the scale is a high profile case in 2007. An individual threatened to poison food in Tesco stores unless it paid £2m. It appears the extortionist was simply financially motivated rather than having any political or ethical agenda.

After his arrest, in Thailand, the extorter admitted that what he had undertaken was misguided and that he had gone too far.

Another case in the same year, also involving Tesco, led to the closure of 14 branches in the UK. It cost an estimated £2m in lost revenue for the firm. The accused perpetrator’s motivation appears to have been idealism, he was seemingly in a ‘rant against society’ calling for the return of corporal punishment.

One easy target seems to be an organisation’s IT capabilities. There are suggestions that many organisations are already paying online extorters demands. So called cyber-extortionists, use DDoS (distributed denial-of-service) attacks to disable a website and demand money. If they are not paid, their website is taken down, leading to loss of income, and bad publicity. Quite recently, an NHS Trust suffered a variation on this form of attack by a disgruntled employee.

At the other end of the spectrum, the Police in Northern Ireland opened a telephone helpline for the public. They feared extortionists, many of them paramilitaries, were making millions of pounds a year by with menaces against the construction industry and business sector.

Similar tactics have been employed by terrorists around the globe, like the FARC rebel group in Colombia.

Unlike terrorists, most extortionists are not looking for publicity. Extortion is normally a discreet affair, until it goes wrong.

Methods of preventing extortion range from passive to reactive counter measures, such as insurance, to the expensive and complex, like employing full-time security specialists.

For firms with employees working abroad, it is unthinkable that the risks of extortion, bribery and kidnapping are not part of any multinational organisation’s crisis management planning.

Risk assessments of the relevant country, city, airport and hotel, as well as the local police and security situation should be part of new initiative planning.

Companies should review their operations, and identify those areas of activity that are vulnerable and could attract the attention of the extortionist.

The risk assessment process needs to be both diverse and extensive.

Effective law enforcement liaison is also paramount, to ensure the threat is dealt with effectively.

Paying off the extortionist is not a solution – they may return later or be encouraged to target other victims, perhaps getting bolder or more reckless in the process.

Another inevitable consideration is media management. Preparation is paramount, not only to deal with the fallout should the extortionist’s actions become public knowledge, but also to demonstrate that the organisation is in control.

The key for any organisation is planning. Planning for potential events and testing how you can deal with them is better in a pseudo environment than in a real one, where money is being lost by the minute, and the media have descended.

Paul Bell, is a partner at BTG Intelligence. BTG Intelligence (a division of the Begbies Traynor Group) specialists in the provision of high quality corporate intelligence, risk and security management, investigation services, financial crime prevention and identifying, tracing and verifying individuals and assets.

For a full write-up on the risks of corporate extortion see the December/January issue of StrategicRISK magazine.