“If you know your enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer defeat. If you know neither the enemy nor yourself, you will succumb in every battle” By Sun-Tzu

What impact or challenge does terrorism pose in terms of risk management? The inherent issues of managing risk are the same as they’ve ever been; it will never be an exact science due in part to volatility of the human factor in terrorism and the inalienable drive for improvement.

A natural human characteristic often presents itself. How one perceives risk has a major impact because of its subjective nature since people often base their risk perception on past experiences. To highlight this concern further, there are significant individual and group differences in risk perceptions. The term “Groupthink” has been developed to outline the likelihood of dysfunctional behavior when a group is convened to work towards a common goal and agreement; this condition can lead to a deterioration in mental efficiency and judgment as a result of group pressure.

When dealing with the management of risk people have the susceptibility to follow in a pre-determined avenue of thought. The inability to understand the term evolvement could have detrimental effects and possibly inhibit counterterrorism efforts in the future.  As Miller states, “Failure teaches leaders valuable lessons, but good results only reinforce their preconceptions and tether them more firmly to their ‘tried –and-true’ recipes”1. Bringing some relevance to the complacent phrase ‘If it ain’t broke don’t fix it’ and how personal views effect the growth of techniques used to manage risk.

In addition to the human influence there are a number of practical requirements, operational constraints and external stimulus that can adversely affect risk management. “Threat and vulnerability define the probability that specific types of damage causing attacks will occur at specific targets during specified periods. The methods used to estimate threat are qualitatively different from those used to measure vulnerability and consequence. The former relies on collection and interpretation of intelligence. The latter requires scientific and engineering expertise of attack modes and target responses to attacks2

In order to execute adequate risk management one must produce a high standard risk assessment, which invariably is lacking or not consistently applied. Risk management cannot be discussed without risk assessment. In risk assessment “Attention is paid to the threats that are perceived in the environment, the opportunities to provide targets and calculations that are made by individuals and agencies to balance risk against the demands of routine daily activities”3. Risk management conversely addresses the way in which we plan for and react to threats when keeping in mind the available resources. The major flaws in risk assessment are underestimation of the intelligence, capabilities and evolution of terrorism. It is imperative that we plan for a range of plausible incidents that may happen.

A vulnerability assessment needs to be compiled in conjunction with risk assessment, which is “The identification of weakness in physical structures, personal protection systems, processes, or other areas that may be exploited by terrorists”4.

In his article “Rethinking Terrorism and Counterterrorism since 9/11” Hoffman5 relates terrorism to the “archetypal shark” in that “It must constantly move forward to survive and indeed succeed” and therefore  “their success is dependent on overcoming the defenses and physical security barriers designed to thwart an attack”. The word ‘evolvement’ is, as it suggests, a gradual development. Terrorist organizations often change their tactics, training and procedures (TTP’S) in essence employing their own methodology for attack and manage the associated risk before executing their plans. The better-prepared, determined and sophisticated terrorist will therefore strive to combat any counterterrorism measures employed. Their dynamic and adaptive nature presents the foremost challenge for risk management.

As such risk management should be rather looked upon as a multi-dimensional instead of a one-dimensional puzzle, considering every aspect and consenting to a degree of creativity in the progress. Thinking outside the box has never been so paramount. In terms of risk management and the problems associated with combating terrorism this diametric division needs to be comprehended. Once this fact is realized then anything is possible, if the terrorist can conceive it then they can achieve it…

1 Miller, D. (1997) ‘The Icarus paradox’, in Carnall, C.A. (ed), Strategic Change, Butterworth-Heinemann

2 Willis, H.H & Morral R.A. & Kelly K.T. & Medby J.J. (2005) ‘Estimating Terrorism Risk’, RAND Center for Terrorism Risk Management Policy, 1-66

3 Kennedy, W.L. & McGarrell, F.E. (2011) Crime and Terrorism Risk, New York: Routledge

4 Department of Justice (2005) Assessing and Managing the Terrorism Threat, Bureau of Justice Assistance, 1-25

5 Hoffman, B. (2002) ‘Rethinking Terrorism and Counterterrorism Since 9/11’, Studies in Conflict & Terrorism, 25: 303-316