No one would dispute the events of September 11th, 2001 forever changed the world. Our knowledge of terrorism has substantially increased and we have begun to take countermeasures to protect virtually all aspects of business, government and society. The economic impact of terrorist attacks often times exceed the direct costs associated with the events. While no one can truly put a price on the human losses, the financial impact can be measured and is represented in the above statement.
Example: Take for example if one bomb were to explode in one container on one ship, in one port any where in the world. The entire global trading system would be all but shut down. The economic implications would be catastrophic.
Business is accustom to managing risks.Methods, approaches and techniques used to create programs that address risks are in place in most organizations today. However, these techniques have not been modified to adapt to the risks associated with terrorism. Superficial safeguards have been put in place that addresses a few aspects of the total risks from a terrorist attack.
PHASES OF RISK MANAGEMENT
- Risk Identification - The process of examining and determining the potential sources of loss faced by the organization.
- Risk Analysis - The assessment of the potential impact, in terms of economic loss, that various exposures can have on the organization.
- Risk Mitigation - Any action taken to minimize, at the optimal cost, losses which strike the organization.
- Risk Finance - The acquisition of funds, at the optimal cost, to pay for the losses which strike the organization.
- Risk Monitoring - The implementation and monitoring of risk management policies and procedures.
This is a typical approach that has been used by modern management for years. However, a piece is missing. The missing piece is so critical one would have to ask if these programs can be effective without its inclusion. Everyone should now be familiar with the five major components of a Risk Management Program. Other supporting programs such as business continuity planning, disaster recovery site development and contingency planning have all been included in risk management programs by most businesses and organizations. In order to assist organizations in this undertaking the federal government conducted research and published numerous guides that assist in planning. The Federal Emergency Management Agency (FEMA) has created a series of guides for protecting buildings against terrorist attacks.
Currently Available:
FEMA 426 - Reference Manual to Mitigate Potential Terrorist Attacks
Against Buildings
FEMA 427- Primer for Design of Commercial Buildings to Mitigate Terrorist
Attacks
FEMA 428 - Primer to Design Safe School Projects in Case of Terrorist
Attacks
FEMA 429 - Insurance, Finance, and Regulation Primer for Terrorism
Risk Management in Buildings
E155 - Building Design for Homeland Security
Future Releases include:
FEMA 430 - Primer for Incorporating Building Security Components in
Architectural Design
FEMA 452 - Methodology for Preparing Threat Assessments for Commercial
Buildings
FEMA 453 - Multihazard Shelter (Safe Havens) Design
FEMA 455 - Rapid Visual Screening for Building Security
FEMA 459 - Incremental Rehabilitation to Improve Security in Buildings
This series of documents is designed to reduce physical damage to structural
and nonstructural components of buildings and related infrastructure, and
to reduce resultant casualties during conventional bomb attacks, as well
as attacks using chemical, biological, and radiological agents. However,
the impact on the economy and specifically the financial services and insurance
industries is not within the scope of the mitigation strategies set forth
in these documents. Most of the attention is being paid
to physical damage resulting from terrorist acts. Little attention
has been given to planning the other areas impacted by these horrific acts
of violence.
But there are many other aspects and implications of a terrorist attack
that must be evaluated and considered. In fact according to INTELOMICS,
a technology research and development provider targeting the Intelligence
community, this is a multidimensional problem that can be described in
an nth-dimension tensor. Each classification of target has a unique
set of characteristics.Each dimension measures the impact of an attack
against a specifically categorized target.The notation for a tensor is
similar to that of a matrix except that a tensor has a specific number
of indices.INTELOMICS will not divulge the specific number nor the scoring
algorithm used to assess the impact due to the sensitive nature of the
information.
Figure 1. Illustrates the Transdisciplinary Intelligence
Engineering tensor model.(Click for Larger Image)
Many questions exist about how the finance and insurance companies will respond to the continued threat of terrorism. Some of these questions have been answered. Disclaimers on insurance policies and higher premiums for insurance policies and government back reinsurance all are part of the response.
Incomplete Solution
All these efforts add up to an incomplete solution to the problem of
terrorism risk management. In the new era of corporate risk, technology
plays an even more important role. A new approach to risk management
must be developed that includes private intelligence in order to reduce
or mitigate an organizations exposure. Combining core technologies
such as intelligence and location technology will provide the foundation
necessary to achieve these goals. The component that is missing is
intelligence that evaluates and monitors the threats.
The ability to identify and monitor risks is greatly diminished because
the insurance and financial community does not have access to geographic
based intelligence and threat data. Financial impact of business
disruption and the catastrophic financial impact of insurance claims are
risks that must be addressed by organizations large and small. Failure
to address this gaping hole will cause undue financial harm to the economy
and our financial and insurance services industries.
Geographic intelligence combined with threat assessment and threat monitoring must be combined to evaluate the risks of terrorist attacks A threat informatics repository must be constructed and advanced techniques, such as multiple hypothesis evaluation, scenario based evaluation and transdisciplinary intelligence engineering, applied to extract meaningful measurements of potential threats.There will be another terrorist attack on U.S.soil. It may be a cyber attack, a bomb or a chem/bio attack. It is a question of when, not if. This effort will require a heightened state of cooperation and collaboration within and across the financial services and insurance industries.
The Answer
What should we do? First of all we should all take the risk of
terrorism more seriously. As time passes after the last attack there
is a tendency to relax and lower our guard. Vigilance is of the utmost
importance. It is not a question if there will be another attack
it is a question of when. There are forces at work as you read this
who are planning attacks that are designed to disrupt our way of life and
in-flick physical, social, economic and political damage on nations of
the free world. Risk management has taken on a whole new meaning
after the events of September 11th, 2001. In the new era of corporate
risk, technology plays an even more important role. A new approach
to risk management must be developed that includes private intelligence
in order to reduce or mitigate an organization's exposure or the exposure
to an entire industry. Combining core technologies such as intelligence
and location technology provide the foundation necessary to properly manage
risks associated with terrorism. Maybe the new CIA (Central
Intelligence Agency) we keep hearing about will have a twin, the Commercial
Intelligence Agency (CIA).