Homeland Security officials in the Bush administration are considering ways to use the insurance industry as a free-market-friendly vehicle to drive chemical facilities, food companies, utilities, and other businesses to take greater precautions against terrorist attacks without heavy-handed new regulations.
The concept of using insurance to spur companies to spend on counterterrorism measures may solve a vexing homeland security problem: Despite improvements the government has made to upgrade security at public facilities since the 2001 Al Qaeda attacks, 85 percent of American infrastructure is privately owned and underprotected.
Any attack on chemical, ground transportation, banking, food, energy, or utility sectors could cause massive destruction and cripple the economy. But companies have lobbied hard to defeat legislation to force them to upgrade their security practices, finding allies among free-market Republicans in Congress.
Proponents hope the insurance proposal will be a sweeping solution to the impasse. The basic idea would be to have the government or each industry develop a minimum set of security "best practices." Then, insurers would audit companies for compliance with those standards, with the power to reduce premiums for those who comply.
The private sector has a fragmented approach to critical infrastructure preparedness in a new “all hazards” worldview. Each trade association with an interest in protecting commercial buildings, malls, hotels and other soft targets is creating policy and direction for its respective membership based on political agendas and other influences by local government and regional initiatives. Local jurisdictions are equally fragmented and looking for funding to train additional CERT (Corporate Emergency Response Team) volunteers and are still waiting for significant funding to have a real impact on their high profile properties. DHS Private Sector Office (PSO) has launched “Ready Business” and is working closely with critical infrastructure sectors to help coordinate communication between constituents and coalitions such as the National Capital Region. In the mean time, our preparedness level is not increasing at an acceptable pace due to a number of issues.
The private sector needs a rapid and more effective program to extend the DHS Ready campaign for Business into the nation’s critical infrastructures. One way to do this is to use a combination of 15,000+ “Feet on the Street” InfraGard citizen soldiers and cooperation with key industry groups and the real estate sector would provide the framework for rapid implementation of preparedness training and exercises. A smart approach is a “Train-the-Trainer” methodology to provide key incident command, emergency communications, evacuation, first aid, and shelter-in-place skills and knowledge transfer to selected InfraGard members in major metro areas. Working in concert with local officials, members of the Real Estate ISAC and InfraGard Certified Trainers, building owners, landlords and tenant businesses can be trained to handle an “All Hazards” threat scenario. Each identified soft target building or critical infrastructure facility will have a local plan that is rolled up by geographic proximity to its nearest firehouse or emergency response unit and exercised in tandem.
Frank Cilluffo, who until 2003 served as President Bush's special assistant for homeland security, said he is fascinated by the idea of offering less expensive insurance against terrorism to companies that take appropriate precautions. He said it would constitute "a business case for homeland security to ensure that the private sector is fulfilling its share of their responsibility."
The system would encourage companies to protect against limited threats, such as truck bombs or internal sabotage, and the government would guard against greater threats, such as nuclear terrorism.
"Hopefully, these steps, which will be incentivized and/or mandated, will raise the bar higher and improve our countermeasures against terrorism," said Cilluffo, now head of the Homeland Security Policy Institute at George Washington University. "This is not the panacea. This is not the solution. But it takes us a whole lot closer."
In a recent survey conducted by Robert Half Management Resources the top two areas of potential vulnerability and concern cited by CFOs are disaster recovery (37%) and the security of information systems (24%). A common theme between these exposures is the need to better identify and understand the full range of risks that companies face today and the need for all organizations to develop new ways to more effectively manage these risks. By developing cross-company approaches for addressing all areas of risk, companies will begin to move toward a systematic, enterprise risk management process that most effectively reduces risk and controls cost.
"These two top areas of vulnerability in the eyes of a Chief Financial Officer stem from the perceived weaknesses in the organizations readiness and from the constantly evolving regulatory pressures to comply with new laws," said Peter L. Higgins, Managing Director of 1SecureAudit. "Operational Risks that evolve from inadequate or failed processes, people, systems or from external events are on the CFOs mind, and this includes acts of terrorism."