During the greek riots of May 2010, someone threw petrol bombs (a/k/a molotow cocktails) inside a bank. The bank caught fire and three people died. More info about that here. The trial took place in 2013, because of a faulty security policy.
Let’s lay down some facts. Setting banks in fire is a common place in Greece. It happened in the past, it happens now, probably it will happen in the future again and if we can’t avoid it, at least, let’s hope that there won’t be any people killed. Greek riot cops are totally useless both on protecting demonstrations and on defending against riots. Their tactics boil down to “Spray everyone with chemicals, set something on fire, beat the shit out of everyone, arrest as many as you can no matter if they didn’t demonstrate at all” and everyone knows it. Security countermeasures against fire are obligatory according to the greek law. Well, bad news everyone, although they did have a security policy, with fire fighting countermeasures, none of the fire fighting countermeasures were applied.
Bank was fined, CEO is jailed, the administrator of that branch is jailed and also the chief security officer is jailed. I found the penalties fine. You are forced by the law to have a security policy and apply all the countermeasures that are included in the policy.
I was talking with some guys, one of them was a civil engineer. He was trying to convince me that the current laws about buildings and constructions don’t force you to take countermeasures against fire bombing thus the jury’s decision is wrong. Well, when you make a security policy, regardless of the method (CRAMM, OCTAVE, whatever) there are some things that do happen often and you should take care of them. In Greece one of them is the fire bombing of banks. With that in mind, and given that the security policy is checked by the chief security officer and signed by the CEO, they are guilty. Also, the administrator of the branch is obliged to report to the chief security officer any inconsistencies in a formal way and in our case he did not thus he is guilty as well. After all of these, the civil engineer said “OK, but that costs money, and they may not have all that money”. There’s a saying that goes “Security profits, doesn’t cost”. And yes, the bank would profit if they had taken the correct countermeasures. In our case, they bleed money because they have to pay fines, they have to pay for the three dead people and everything else the law forces them to because they didn’t want to force the proper countermeasures.