Terrorism Risk Management For Finance and Insurance Organizations

By Kevin Coleman

Terrorism Risk Management After concluding the Executive Symposium About Expanding the Role of Location Technology in Business Conference at Wharton, it became even more evident that the insurance and financial services industries need to adopt new strategies, tactics and technologies to protect against the implications of a terrorist attacks.This article will examine terrorism risk management for finance and insurance organizations. I randomly asked a few of the attendees about current threats specifically targeting the financial and insurance communities. No one acknowledged the current threat even though it was openly disclosed by the intelligence community and published in periodicals.

No one would dispute the events of September 11th, 2001 forever changed the world. Our knowledge of terrorism has substantially increased and we have begun to take countermeasures to protect virtually all aspects of business, government and society. The economic impact of terrorist attacks often times exceed the direct costs associated with the events. While no one can truly put a price on the human losses, the financial impact can be measured and is represented in the above statement.

Example: Take for example if one bomb were to explode in one container on one ship, in one port any where in the world. The entire global trading system would be all but shut down. The economic implications would be catastrophic.

Business is accustom to managing risks.Methods, approaches and techniques used to create programs that address risks are in place in most organizations today. However, these techniques have not been modified to adapt to the risks associated with terrorism. Superficial safeguards have been put in place that addresses a few aspects of the total risks from a terrorist attack.


  1. Risk Identification - The process of examining and determining the potential sources of loss faced by the organization.
  2. Risk Analysis - The assessment of the potential impact, in terms of economic loss, that various exposures can have on the organization.
  3. Risk Mitigation - Any action taken to minimize, at the optimal cost, losses which strike the organization.
  4. Risk Finance - The acquisition of funds, at the optimal cost, to pay for the losses which strike the organization.
  5. Risk Monitoring - The implementation and monitoring of risk management policies and procedures.
RED indicates core components of a Risk Management Program.

This is a typical approach that has been used by modern management for years. However, a piece is missing. The missing piece is so critical one would have to ask if these programs can be effective without its inclusion. Everyone should now be familiar with the five major components of a Risk Management Program. Other supporting programs such as business continuity planning, disaster recovery site development and contingency planning have all been included in risk management programs by most businesses and organizations. In order to assist organizations in this undertaking the federal government conducted research and published numerous guides that assist in planning. The Federal Emergency Management Agency (FEMA) has created a series of guides for protecting buildings against terrorist attacks.

Currently Available:
FEMA 426 - Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings
FEMA 427- Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks
FEMA 428 - Primer to Design Safe School Projects in Case of Terrorist Attacks
FEMA 429 - Insurance, Finance, and Regulation Primer for Terrorism Risk Management in Buildings
E155 - Building Design for Homeland Security

Future Releases include:
FEMA 430 - Primer for Incorporating Building Security Components in Architectural Design
FEMA 452 - Methodology for Preparing Threat Assessments for Commercial Buildings
FEMA 453 - Multihazard Shelter (Safe Havens) Design
FEMA 455 - Rapid Visual Screening for Building Security
FEMA 459 - Incremental Rehabilitation to Improve Security in Buildings

This series of documents is designed to reduce physical damage to structural and nonstructural components of buildings and related infrastructure, and to reduce resultant casualties during conventional bomb attacks, as well as attacks using chemical, biological, and radiological agents. However, the impact on the economy and specifically the financial services and insurance industries is not within the scope of the mitigation strategies set forth in these documents. Most of the attention is being paid to physical damage resulting from terrorist acts. Little attention has been given to planning the other areas impacted by these horrific acts of violence.
But there are many other aspects and implications of a terrorist attack that must be evaluated and considered. In fact according to INTELOMICS, a technology research and development provider targeting the Intelligence community, this is a multidimensional problem that can be described in an nth-dimension tensor. Each classification of target has a unique set of characteristics.Each dimension measures the impact of an attack against a specifically categorized target.The notation for a tensor is similar to that of a matrix except that a tensor has a specific number of indices.INTELOMICS will not divulge the specific number nor the scoring algorithm used to assess the impact due to the sensitive nature of the information.

Figure 1. Illustrates the Transdisciplinary Intelligence Engineering tensor model.(Click for Larger Image)

Many questions exist about how the finance and insurance companies will respond to the continued threat of terrorism. Some of these questions have been answered. Disclaimers on insurance policies and higher premiums for insurance policies and government back reinsurance all are part of the response.

Incomplete Solution
All these efforts add up to an incomplete solution to the problem of terrorism risk management. In the new era of corporate risk, technology plays an even more important role. A new approach to risk management must be developed that includes private intelligence in order to reduce or mitigate an organizations exposure. Combining core technologies such as intelligence and location technology will provide the foundation necessary to achieve these goals. The component that is missing is intelligence that evaluates and monitors the threats.

The ability to identify and monitor risks is greatly diminished because the insurance and financial community does not have access to geographic based intelligence and threat data. Financial impact of business disruption and the catastrophic financial impact of insurance claims are risks that must be addressed by organizations large and small. Failure to address this gaping hole will cause undue financial harm to the economy and our financial and insurance services industries.

Geographic intelligence combined with threat assessment and threat monitoring must be combined to evaluate the risks of terrorist attacks A threat informatics repository must be constructed and advanced techniques, such as multiple hypothesis evaluation, scenario based evaluation and transdisciplinary intelligence engineering, applied to extract meaningful measurements of potential threats.There will be another terrorist attack on U.S.soil. It may be a cyber attack, a bomb or a chem/bio attack. It is a question of when, not if. This effort will require a heightened state of cooperation and collaboration within and across the financial services and insurance industries.

The Answer
What should we do? First of all we should all take the risk of terrorism more seriously. As time passes after the last attack there is a tendency to relax and lower our guard. Vigilance is of the utmost importance. It is not a question if there will be another attack it is a question of when. There are forces at work as you read this who are planning attacks that are designed to disrupt our way of life and in-flick physical, social, economic and political damage on nations of the free world. Risk management has taken on a whole new meaning after the events of September 11th, 2001. In the new era of corporate risk, technology plays an even more important role. A new approach to risk management must be developed that includes private intelligence in order to reduce or mitigate an organization's exposure or the exposure to an entire industry. Combining core technologies such as intelligence and location technology provide the foundation necessary to properly manage risks associated with terrorism. Maybe the new CIA (Central Intelligence Agency) we keep hearing about will have a twin, the Commercial Intelligence Agency (CIA).

Published Thursday, July 8th, 2004

Written by Kevin Coleman

If you liked this article subscribe to our bimonthly newsletter...stay informed on the latest geospatial technology

Sign up

© 2017 Directions Media. All Rights Reserved.