Al-Qaida terrorists will target UK businesses who are unprepared for any attack, according to a former commander of British forces in Afghanistan.
Col Richard Kemp, who served in the Royal Anglian Regiment from 1977-2006, issued the bleak warning as research by pollster YouGov shows that 82% of British businesses would fail basic counter-terrorism tests.
"Al-Qaida has a primary objective of trying to cause economic damage to the West as part of their overall campaign of bringing down the West and restoring their caliphate," Kemp told IBTimes UK.
"They've tried to target businesses in the UK.
"It's not a threat that has gone away. It's a continuing threat. Only last month, our courts in Britain convicted 24 people of terrorist offences. So it's a very real threat."
The survey of more than 600 businesses, commissioned by counter-terrorism consultancy Actis, found that 54% had not recently, if ever, checked whether sensitive information about their organisation - such as financial records and evacuation procedures - is in the public domain.
Another 40% said they had never once drafted a list of potential risks to their business.
Despite an increasingly computer-literate world, 34% said they did not enforce a password policy, leaving them exposed to attack because of weak passwords.
There are numerous examples highlighting the vulnerability of some firms to big attacks.
Over 10,000 private client memos sent through Bloomberg's private messaging system were published online by a former employee in 2009, leaving sensitive and confidential information searchable through Google until it was removed - in 2013.
In another incident a financial services provider was attacked by hackers through a weak part of its website. Phishing emails were sent out to the firm's staff and the issue caused days' worth of disruption.
"There are two ways to deal with an attack or a threat. Either you can do it in preparing yourself by trying to prevent, or at least mitigate the results of, the attack. Or you just deal with it after it has occurred," said Daniel Nuebauer, president of Actis, which has launched a counter-terrorism online training programme for business.
"It affects their businesses and they need to prepare themselves, to analyse the specific risks, and take measures in advance in order to prevent or at least mitigate the results of an attack."
Nuebauer added that businesses must prepare for attacks that are not directly aimed at them, but at things they rely on, such as suppliers or the local transport infrastructure.
Kemp said preparedness for a terror attack should be seen as an "insurance policy".
"We hope there's not going to be a terrorist attack, but hope cannot be a strategy so we have to be ready for it," he said.