It is only a matter of time before London's financial centre is attacked by terrorists, police believe.
The 1993 Bishopsgate bomb caused widespread damage
Potential targets in the Square Mile have been staked-out a number of times but no arrests made, said City of London Police Commissioner James Hart.
While the security "ring of steel" has been extended twice since 9/11, only half of firms have made contingency plans, he told the Financial Times.
Business group the CBI said "good links" have been formed with police.
"There is an ongoing dialogue," it told the BBC News website. "But more can always be done to raise awareness."
While there was no specific threat against the City, the mindset of terrorists meant that it was an "obvious target", said Mr Hart.
"If you want to hurt the government, hurt people at the same time, and you want to cause maximum disruption...where better to hit than at the financial centre?"
He added: "I think it is a matter of when, rather than if."
Mr Hart said the City of London had been a target for terror attacks for years, highlighting the number of times the area had been hit by the IRA.
In April 1992 three people were killed when a bomb exploded outside the Baltic Exchange and one person was killed in April 1993 when a bomb targeted the Bishopsgate area. Big business outside the City was targeted in 1996, when a large bomb was detonated in the Docklands.
Potential targets could now include prominent sites and business - "anywhere where the maximum damage can be inflicted on the financial systems," Mr Hart said.
The City of London police estimate that only half of City firms have made adequate provisions for a terrorist attack.
Chief executives need to take a greater role in developing security policies, Mr Hart said.
"I need to get the matter of security on to their business agendas, so it is a little bit of a call to sharpen up."
While many of the large City firms were taking the threat seriously, there was a need to "sensitise those people that are a little bit complacent about this kind of thing".
Mr Hart said the larger firms needed to put "a friendly arm around smaller businesses within their shadow" as not all companies could afford sophisticated security staff.
It is often a problem of insufficient time and money that prevents smaller firms from developing contingency plans, the Confederation of Small Businesses said.
It called for expert advice and tax breaks to be provided to the companies, many of which "have become more aware of their need to plan for emergencies and, in particular, terror attacks", since 9/11 and the London bombings.
Business lobby group London First says that 50% of companies are unprepared for a significant event, with small and medium companies particularly vulnerable.
It is estimated that 50% of firms that shut down temporarily in New York after 9/11 never reopened.
And the CBI says that only two-thirds of its members had conducted a strategic overall review of security in 2004, but it expects that after the London bombings businesses would take the threat more seriously.