Skip Navigation Links.
Collapse IRMI OnlineIRMI Online
Expand How To Use IRMI OnlineHow To Use IRMI Online
My Paid Publications
Expand What's NewWhat's New
Expand DashboardsDashboards
Expand Commercial Liability InformationCommercial Liability Information
Expand Commercial Property InformationCommercial Property Information
Expand Commercial Auto InformationCommercial Auto Information
Expand D&O, PL, E&O, EPLI InformationD&O, PL, E&O, EPLI Information
Expand Workers Compensation InformationWorkers Compensation Information
Classifications and Cross-References
Collapse Risk Mgt. and Multiline InformationRisk Mgt. and Multiline Information
Expand Risk Management -- Why and HowRisk Management -- Why and How
Collapse Free Expert CommentaryFree Expert Commentary
Expand Brand Equity and Product RecallBrand Equity and Product Recall
Collapse Catastrophe Risk ManagementCatastrophe Risk Management
Facility Damage Evaluation Following Major Disasters (May 2008)
Defining the Characteristics of a PML Study (March 2007)
Design Team Communication Helps Minimize Natural Hazard Loss (April 2006)
The Impact on Lifelines of the Estimation of Natural Hazard Loss (July 2005)
Understanding the Vulnerability of Hospitals to Natural Disasters (December 2004)
Managing Terrorism Risk (July 2004)
Managing Extreme Wind (Hurricane) Losses (March 2004)
Will Adoption of the International Building Code Reduce Seismic Risk? (January 2004)
Performance Based Seismic Design (October 2003)
Understanding the Language of Seismic Risk Analysis (July 2003)
Quantifying the Risk for Progressive Collapse in New and Existing Buildings (March 2003)
Earthquake Performance of Nonstructural Components (January 2003)
Estimating Earthquake Loss in the Midwest (September 2002)
Optimizing the Management of Natural Disaster Exposure (June 2002)
Managing Earthquake Risk (March 2002)
Expand Claims ManagementClaims Management
Expand Construction Case StudiesConstruction Case Studies
Expand Construction QualityConstruction Quality
Expand Construction SafetyConstruction Safety
Expand Corporate AviationCorporate Aviation
Expand Corporate Fraud PreventionCorporate Fraud Prevention
Expand Courts and CoverageCourts and Coverage
Expand Cyber InsuranceCyber Insurance
Expand Drafting and Interpreting Insurance PoliciesDrafting and Interpreting Insurance Policies
Expand Enterprise Risk ManagementEnterprise Risk Management
Expand Environmental Risk ManagementEnvironmental Risk Management
Expand EthicsEthics
Expand Global ImpactGlobal Impact
Expand Insurance ArchaeologyInsurance Archaeology
Expand InternalControlInternalControl
Expand Litigation ManagementLitigation Management
Expand MaritimeLawMaritimeLaw
Expand MediationMediation
Expand Political RiskPolitical Risk
Expand Privacy IssuesPrivacy Issues
Expand ReinsuranceReinsurance
Expand Risk Management TechnologyRisk Management Technology
Expand SecuritySecurity
Expand Terrorism Risk Management & InsuranceTerrorism Risk Management & Insurance
Expand IRMI InsightsIRMI Insights
Expand IRMI Update Newsletter ArchivesIRMI Update Newsletter Archives
Expand Risk Finance InformationRisk Finance Information
Expand Construction InformationConstruction Information
Expand Personal Lines InformationPersonal Lines Information
Expand Insurance IndustryInsurance Industry
Expand Glossary of Insurance & Risk Management TermsGlossary of Insurance & Risk Management Terms
Expand SearchSearch
Terms of Use
Privacy Statement
System Requirements
Support

Managing Terrorism Risk

July 2004

With the increased threat of terrorism, public, private, and governmental agencies face an increased need to understand and manage the risk to their employees and organizational assets. A three-tiered terrorism risk management plan, which includes initial and detailed assessments and a variety of risk management techniques, can effectively reduce the terrorism risk.

by Nathan C. Gould, D.Sc., P.E., S.E.
ABS Consulting

Over the past decade, the changing political landscape has dictated that public, private, and governmental organizations not only understand terrorism risk, but also develop a proactive plan to assess and/or manage this risk. As demonstrated by the attack on the Alfred P. Murrah Federal Building in Oklahoma City in 1995, simply being located in a less populous city or region does not guarantee safety. In fact, it is the lower profile targets with lower levels of security awareness that may appear to be the "softer" target to a potential terrorist.

In addition to the terrible loss of life, the events in 2001 also highlighted the financial costs of terrorism. As with other natural and man-made hazards, financial coverage may not be available and or affordable to protect the financial assets of an organization when faced with a terrorism threat.

Developing a Terrorism Risk Management Program

Managing risk associated with the threat of terrorism can be a daunting task for companies. Some of the most common questions include how to begin a terrorism risk management program, what assets should be protected, and what are the most effective mitigation solutions. Similar to managing the risk from other hazards, a terrorism risk management program should provide a logical and systematic framework for identifying and dealing with potential terrorism threats. A three-phase terrorist risk management program, detailed in the following figure, can be used as a framework for establishing a terrorism risk management program.

Figure 1

Phase I—Threat Identification and Initial Site Assessment

Understanding the type, source, and probability associated with different threats is an important element in the program. The key elements of the threat identification phase include the following.

  • Threat Recognition and Identification
  • Threat Potential
  • Site Security Assessment

While many organizations have some knowledge of the various threats facing their facilities and employees, many do not recognize how vulnerable their sites actually are until a detailed assessment is performed.

As shown in the figure, one of the products that may result from the site security assessment is a detailed site survey that includes the determination of the effective standoff distance at all exposed sides of the building perimeter. Even for sites that are considered "secure," existing security measures are often found to be insufficient to deter a well-planned terrorist attack.

Phase II—Detailed Risk Assessment

The information gathered in the Phase I assessment can then be used to focus organizational resources to determine the impact of a particular terrorist event on the facility. Analyses that may form part of the detailed risk assessment include the following.

  • Blast and Explosion Analysis
  • Progressive Collapse (Structural Stability) Analysis
  • Chemical, Biological, and Radiological Threat Assessment

The Blast, Progressive Collapse, and Chemical/Biological analyses can provide a detailed assessment of the threat to the structures, nonstructural elements, and the employees. Examples of these analyses are shown in Figure 1: Three-Phase Terrorism Risk-Management Program. The graphic adjacent to the Phase II Assessment box depicts the varying pressure contours on the face of a building that result from an explosive charge placed at the location of the minimum defended perimeter. Software tools are available to estimate the impact and dispersion of toxic releases and produce similar types of contours as a result of a biological or chemical terrorist attack.

Phase III—Risk Management

Once the risks have been identified and assessed, putting a comprehensive risk management plan in place for terrorism risk is similar in many respects to understanding and managing the risks due to other hazards, such as extreme wind or earthquakes. Often, emergency planning and disaster recovery preparations that are in place for other types of hazards can be extended to prepare for and/or protect against terrorist attacks.

A comprehensive terrorism risk management plan should, at a minimum, include the following components.

  • Protection of the Facility and Its Occupants
  • Emergency Planning and Disaster Recovery
  • Reduction of Financial Risk

Protection of the building occupants through the implementation of physical or electronic security measures, the application of window film to reduce glazing hazards, and increased employee awareness is often a first step in many terrorism risk management plans. Reducing the financial risk associated with a terrorism event may be a more challenging issue. As with other natural and man-made hazards, the cost of insurance for losses associated with a terrorism event, if available, may have risen to a level that is no longer affordable. The financial exposure may need to be addressed though a combination of risk mitigation measures, alternate or back-up facilities, and insurance.

The risk management plan should have a capability for determining changes in risk due to threat information or changes to security operations and building protection. The regimented procedure will maintain a focus on effectiveness and prevent fragmented decision making for risk reduction.

Summary

With the increased threat of terrorism, both in the United States and abroad, public, private, and governmental agencies face an increased need to understand and manage the risk to their employees and organizational assets due to the terrorism risk. A three-tiered terrorism risk management plan, which includes initial and detailed assessments and a variety of risk management techniques, can be implemented to effectively reduce the risk from a terrorist attack.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

More Risk Management Information from IRMI
Books, Manuals, Newsletters IRMI
Online 		SilverPlume
Sage
Practical Risk Management IRMI Online SilverPlume Sage
The Risk Report IRMI Online SilverPlume Sage
Construction Risk Management IRMI Online SilverPlume Sage
Contractual Risk Transfer IRMI Online SilverPlume Sage
Risk Financing IRMI Online SilverPlume Sage
Exposure Survey Questionnaire IRMI Online SilverPlume Sage
Guidelines for Insurance Specifications IRMI Online SilverPlume Sage
How To Draft and Interpret Insurance Policies
IRMI Insurance Checklists IRMI Online SilverPlume Sage
RMIS Review IRMI Online
Free Risk Management Articles in IRMI.com
25 Risk-Conquering Ideas
Risk Management
Effective Contractual Risk Transfer in Construction
Risk Management - Why and How
Insurance Continuing Education Courses from IRMI
Litigation Management (CE)
Contractual Risk Transfer in Construction (CRIS CE)
Check It Out
Save 36% with the IRMI Professional Library
© 2000-2009 International Risk Management Institute, Inc. (IRMI). All rights reserved.