Jed Mercurio’s gripping, if at times hysterical, BBC drama Bodyguard raised a storm of discussion about the likelihood – or not – of police and security service bodyguards engaging in physical and emotional relationships with the people they are protecting.
While not disputing that this is an important issue (though elevated for richly dramatic purposes) the programme’s narrative backdrop actually raises a number of more pressing issues for society and organisations. Namely the risk of insider threats, the links between terrorism and organised crime and public perceptions of terrorists.
My colleagues and I have conducted research into the role of human resource management in identifying, preventing and reducing threats from within. An “insider threat” is someone whose position in an organisation gives them access to resources or information that can cause serious damage if used inappropriately. They could be security guards or IT administrators with unique access to data and physical resources. Or it could be a CEO or head of finance.
HR management professionals generally don’t see dealing with insider threats as part of their role. However, we have found examples of organisations where HR work holistically with colleagues in risk, security, finance, IT and operations to minimise insider threats. As a consequence, we are exploring ways of educating HR professionals in this critical area.
Links between terrorism and crime
In Bodyguard, the initial stages of the investigation very much focus on terrorists being the likely perpetrators of the attack on the home secretary, Julia Montague, whereas as the series unfolds the realisation grows of the potential, and then actual, internal police link with organised crime.
This reflects the complex environment in which police and security services have to deal with: the blurring of the boundaries between terrorism and organised crime. The latter provides income or resources – weapons, for example – through criminal activities such as extortion, blackmail, violent thefts, drugs and human trafficking which can then be used to facilitate terrorist activities or threats.
This link between terrorism and criminality can also be seen in places where the original “cause” is no longer significant, and while the bulk of the activists are reintegrated into society, a criminal rump remains, as seen in Northern Ireland.
A 2015 Garda report into the Provisional IRA (Irish Republican Army) found that while numbers were declining, some former members had turned to organised crime to such an extent it had recovered €28m in assets from 50 people “who had connections or associations to the IRA in the past”. These are often young men who have only known violence and for whom violent activities form their skills set.
Perceptions of threats
Regarding Bodyguard and the spectre of the “insider”, it is not uncommon for organisations to perceive most threats coming from outside their organisation, rather than within, a view often exacerbated by a news media keen to identify terrorist attacks.
Actually, the reverse is more likely. A recent report from Canada found that two thirds of organisations now consider attacks or accidental breaches, particularly in cybersecurity, to be more likely internal than external, and likely to be more damaging.
Yet many organisations still believe “it couldn’t happen here”. In Mercurio’s drama the initial focus is on external perpetrators, but there is a gradual realisation that an insider is leaking information about the home secretary. The challenge is to identify where the leak came from, which creates dramatic (and real-life) tension as there can be a range of suspects, mostly innocent. But who to trust?
While insider threats may be more likely than external threats, there is still a relatively low risk. But consequences can be severe, from loss of data to loss of life, and all risk a potential loss of reputation. Insider threats can also come from a wider pool than direct employees, extending to consultants, sub-contractors (such as former US National Security Agency computer programmer Edward Snowden who leaked top secret security information about surveillance activities), interns and partner agencies.
What can be done?
Of course dramas like Bodyguard are somewhat alarmist, and it’s important not to create an environment of paranoia that could suffocate creativity and effective working. Organisations need to ensure there is an awareness among all staff about the risk of insider threats, what to look out for and how to ensure their own behaviour does not present a risk, such as leaving a work memory stick on public transport or discussing sensitive issues in public.
Human Resource Management managers need to work closely with colleagues in risk, security, finance and IT as well as managers to ensure the organisation has the right culture, strategy, practices and role risk assessments in place to identify, prevent and reduce the potential for insider threats.
Mercurio’s use of female leads in prominent roles also provides scope for discussion around stereotyping. In Bodyguard, as with police corruption drama Line of Duty, women play significant roles in the final storylines. But in these dramas, as in real life, there is still a tendency to see women as unthreatening, as the character Nadia is easily believed to have been coerced into wearing a suicide vest, for example – a fact we later find out is far from the truth. There is a danger here in stereotyping which can lead to genuine threats being missed or not taken seriously.
Dramas such as the Bodyguard are useful in drawing our attention to serious and pressing issues that are becoming more prevalent in big organisations. But the central subject of this drama is becoming all too real. Human resources departments and their employees must be vigilant.