Risk based security: What is acceptable or tolerable?

Posted: 3 April 2014 | | 5 comments

Aviation security expert, Yves Duguay, provides a fascinating insight into the reality and perception of managing the probability of an aviation security attack…

I was recently asked to speak at a conference about risk based security in an attempt to define what could be an acceptable level. The first thought that came to mind was whether or not, as a society, we are ready to accept any risk at all, when it comes to civil aviation? Maybe we should simply talk about what is tolerable. Both expressions, however, implicitly refer to measuring the value of security and that is quite a challenge for the air transportation industry.

Since the tragic events of 9/11, we have hardened the target, and flying is by far the safest mode of transportation today. However, at what cost was this accomplished? Did we trade off too much for that security1? As we are investing considerable resources in civil aviation security, we should ask ourselves whether our investments are properly aligned with the actual risk level.

When we talk about risk based security, we are looking at the reality and perception of managing a low probability and high severity catastrophic event. A matter further complicated by our neglect of probabilities. Some would say that attacks against civil aviation are unpredictable2 as it lies beyond normal expectations and as such, our resources could be better spent by focusing on resilience. Others would posit3 that outliers and statistical evidence can be used to better assess the level of risk that the industry is facing or at a minimum, to bring a sense of objectivity to the debate. The answer, as in most cases, probably lies somewhere in between.

The difficulty in measuring the risk we face is due, in part, to the complexity of the aviation system and important regional differences. To that effect, a study conducted by the University of Maryland4, demonstrated that the vast majority of terrorist attacks since 2001 have occurred in conflict and war zones. Indeed, between 2002 and 2010, 6,307 terrorist attacks took place in Iraq; 2,749 in India; 2,553 in Pakistan; 2,443 in Afghanistan and 1,458 in Thailand.

In comparison, 158 attacks were registered in the United States, two of which were linked to the aviation industry: the shooting at the Los Angeles airport in 2002, where unfortunately three people lost their lives and the ‘underwear bomber’ headed for Detroit in 2009. As for Canada, there were 17 attacks registered in the database, none directed at civil aviation.

Part of our risk assessment must include the capacity of the attackers to carry on their attacks, whether they are home-grown terrorists or would be jihadists. It is important to guard against inflating or underestimating their capacity, by providing a referential perspective. We should keep in mind that many recent attempted attacks were foiled by good intelligence and investigative work on the part of the authorities, who were able to connect the dots.

Since 9/11, the number of deaths caused by terrorism and linked to civil aviation has been estimated at less than 200 worldwide, including the 90 persons who lost their lives in terrorist attacks in Russia in August of 2004. Comparatively, each year in the United States, 600 persons die in bicycle accidents, 16,000 from shootings, 30,000 in car accidents and nearly 36,000 after contracting a flu virus5.

Statistically, we are safer in an aircraft than in our own cars. This was confirmed in a study conducted by the Max Planck Institute, which identified a substantial increase in traffic fatalities in the United States after 9/11, as passengers were substituting driving for flying6.

However, this level of security has come at a price. We are spending ten billion dollars each year7 to protect civil aviation. Is it all justified? Could some of these investments be directed elsewhere? The Copenhagen group estimates that by spending just one million dollars a year on the prevention of malaria, 1,000 lives (mostly children) could be saved8. That is an accountability factor that must be included in our decision-making process.

Thus it is important to align our actions with risk probability and subsequently to cost each security layer in our security system. Many authors and researchers have used the following equation to assess the value of security measures meant to counter the terrorist threat9:

P(A) the probability of an attack x losses x percentage reduction of risk

Let’s take a look for example at the Canadian context. The Air Traveller Security Charge (ATSC) generates revenues of CAD 700 million a year to fund security screening at Canadian airports performed by CATSA. It also finances some regulatory and oversight functions from Transport Canada and the RCMP Canadian Air Carrier Protective Program (the equivalent of the Federal Armed Marshall in the United States10).

Based on statistics from the Global Terrorism Database, the probability of an attack in Canada is considered to be very low. Losses from a downed aircraft, resulting from an explosion on board caused by an improvised explosive device, is estimated by underwriters at $2 billion to $6 billion dollars. The effectiveness of the counter measures to reduce this risk would be measured by consolidating the results of tests, controls and audits.

Considering our exposure and the costs borne, I suggest we could measure the effectiveness and efficiency of the layers in our security system, as performed in 2011 by Stewart and Mueller11.

In one such study, the value per life saved by reinforced cockpit doors was estimated at $800,000 whereas it was cost $180 for the Federal Air Marshall programme. Most insurance underwriters estimate the value of a statistical life at $2 million12.

It is certainly not my intention to downplay the impacts of terrorist attacks, and I do not wish to oversimplify such a complex issue. There are indeed a number of factors that could increase security costs, such as the interconnectivity of systems and the procurement of resources. Furthermore, this equation does not capture the deterrent value of the existing measures. However, I suggest that we should pause and assess the value of the measures in place.

We have a finite amount of resources at our disposal, so we need to make sound decisions and take into account the opportunity costs and opportunities squandered. Considering the direct relationship between wealth and health and the value of a statistical life, a cost neglect of $200 million could affect 100 lives elsewhere! This cost neglect seems to stem largely from our poor understanding of probability13. For example, when strong emotions are involved people tend to focus on the badness of the outcome rather than on the probability that the outcome will occur. This resulting probability neglect helps to explain the excessive reactions to low probability risks of catastrophe.

As psychologists have discovered14, we’re not always well equipped to assess low probability risks that are both unfamiliar and beyond our control. Indeed, we seem to be afflicted by a number of cognitive biases that affect our judgment. Furthermore, we tend to use heuristics in an attempt to simplify complex situations. This in turn creates a paradox: the more security we provide, the more security people want or expect from us.

Whether we are talking about availability heuristics, loss aversion or probability neglect the fact is that our communication strategy has not countered the fear felt and perceived by the public in general. To make matters worse, we do not seem to know how to talk about terrorism, without stoking fires or inflating the risk beyond its real level. We need reassurance, perspective and a more compelling story that will appeal to the public.

Terrorist acts create a strong political imperative to act; to address a public perception that may be disconnected from the reality and there is very little incentive for a politician to redress that perception by offering a larger perspective. For example, a politician who supports more extravagant counter terrorism measures can never be proven wrong because an absence of attacks shows that the measures have worked well. A new attack shows that we must go further still15.

This pressure to act felt by politicians is fuelled by the media coverage. An attack against an airliner grabs the first page of newspapers; the fact that 100 persons will die each day in a car accident in the United States won’t make the headlines.

The development of regulations is guided by the application of the precautionary and maximin principles, which rely mostly on possibilities rather than probabilities. Regulations need to address both the reality and the perception of risk. Security measures are usually imposed very rapidly after a terrorist event, to meet the immediacy of actions expected from the public and the media. Unfortunately, once the emergency has subsided, we seldom take time to reflect upon the costs, benefits and consequences associated to new measures that were delivered without an expiry date.

It may be appropriate at this time to review our security model, including our regulations, to better balance security and facilitation, taking into account probabilities and costs. We should develop a consistent and systematic approach to calculate the costs and benefits associated to each counter measure.

This should form the very basis of the risk based security approach we have been talking about so much in the past years. In that regard, I see a great potential in leveraging intelligence and using big data, to screen (and pre-screen) known and unknown passengers quite differently.

For a passenger differentiation programme to be successful, a large proportion of the travelling public needs to be enlisted. This is the direction that is being taken by the TSA in the United States with its Preü™ programme, and the organisation should be commended for its leadership and vision16.

Innovative technology and big data have enabled many industries to segment their clientele and to provide an individual service or experience. I can envision the day, in the near future, when known travellers programme linked to smart technologies and networked screening checkpoints will provide a similar customised experience.

The advances in technology and the automation of processes will help us to reduce costs and human errors. Human errors can be further reduced through compliance. However, for compliance to be more than a mere statement of intent, it must be measured against performance indicators such as test results, oversight data and customer service indicators such as processing time and passenger satisfaction. Measuring allows us to better manage screening operations, to report on its value and to continuously improve the delivery of the services. In that regard, CATSA, in Canada, is an example to follow for all screening authorities.

Twelve years after 9/11, why is it that people in general are more afraid to die in a terrorist incident than they are of dying17? Education and communication have been underestimated in our arsenal of counter measures; it should constitute one of the pillars of risk based security. Our communication strategy should not be limited to peak periods and emergency situations18; we need to educate the public constantly and consistently. History has shown that over time, when the public is well informed, they understand and better appreciate safety or security measures, as exemplified by our acceptance of seat belts in cars, prohibited smoking areas and our new attitude toward driving and drinking.

We also need to learn how to talk about terrorism. We should present compelling stories that could counter our cognitive biases and complement the media coverage. We can learn from our management of natural catastrophic events, such as hurricanes, and how residual risks are now considered acceptable or tolerable.

We have also learned a great deal about security from nations like Israel; they can also teach us how to better manage fear, to build a tolerance to risk through a transparent, proactive and communicative approach between authorities and the public. Hazard is part of life and there is no such thing as 100 per cent security; as one often hears when travelling in Israel.

Flying is safe and secure and we should say it more often. Although we do not wish for further attacks on the industry, flying will remain the safest and most secure mode of transportation, even after the next attack. However that state of security came at a high cost. Before spending more money on an already very secure industry, let’s assess the value provided by each layer of our security model and find ways, through innovative approaches like passenger differentiation, to be more effective and efficient. Finally, let’s address head on, the irrational fear that is tainting the security reputation of our industry, through a more robust and focused communication strategy.


  1. Schneier, Bruce (2003). Beyond Fear, N.Y., Copernicus Books
  2. Taleb, Nassim Nicholas (2007). The Black Swan, N.Y.,Random House
  3. Sornette D. and Ouillon G. (2012). Dragon-kings: mechanisms, statistical methods and empirical evidence, The European Physical Journal, Springer
  4. University of Maryland (2011), Background report: 9/11, ten years later, START
  5. US Census; Rand Corporation, Air Travel Security since 9/11, (2011);
  6. Gaissmaier W. and Gigerenzer G. (2012), 9/11 Act II: A fine-grained analysis of regional variations in traffic fatalities in the aftermath of the terrorist attacks, Association for Psychologial Science, Sage, Berlin
  7. Stewart M. and Mueller J. (2011),Terror, security and money: Balancing the risks, benefits and costs of Homeland Security, Homeland Security Affairs, Volume 7, Article 16
  8. Copenhagen consensus group,, 2012 report
  9. Stewart M. and Mueller J., (2011), Terror Security and Money, Oxford, Oxford university press
  10. (2013)
  11. Stewart M. and Mueller J., (2011), Terror Security and Money, Oxford, Oxford university press
  12. Stewart M. and Mueller J., (2008), A risk and cost-benefit assessment of United States aviation security measures, Springer
  13. Sunstein, Cass (2003), Terrorism and Probability neglect, Journal of risk and uncertainty
  14. Kahneman, Daniel (2011), Thinking fast and slow, Random House
  15. Steward M. and Mueller J. (2011),Terror, security and money: Balancing the risks benefits and costs of Homeland Security, Homeland Security Affairs, Volume 7, Article 16
  16. TSA,–-north-america-tsa-administrator-john-s-pistole
  17. Kahneman, Daniel (2013) Seminars about long term thinking,
  18. Mileti, Dennis (2006), Evidence-based guidance for public risk communication and education, University of Maryland, START

About the author

Yves Duguay is the President and founder of security consultancy company HCiWorld. Yves previously served as Senior Vice-President of Operations and Customer Experience at CATSA. Among his accomplishments in that position he is credited for having developed and implemented the concept of outcome-based screening driving by performance indicators, including that of customer service. Yves holds an Executive MBA for McGill University and the HEC (Montreal) and is a graduate of the Institute of Corporate Directors. Yves currently serves on the Board of Directors of the CAisse Desjardinas in Montreal and of Aviation Security magazine. He is a member of the ACI, IATA and the Canadian Association of the Chiefs of Police.

5 responses to “Risk based security: What is acceptable or tolerable?”

  1. Pierre Goupil says:

    Great article, lots of solid research and right on target. There is no doubt in my mind that risk based security is the way to move forward and that ” education” is presently our weakest pillar in managing the fear that surrounds terrorism in aviation.

    Pierre Goupil

    • tks Pierre, much appreciated; what I could add to what we find in this paper is that in the future, we should invest in Resilience! For authorities, this will translate into building social and political resilience.

  2. Ilan Biton says:

    Hi Yves,

    Thank you for the article.

    As someone who is managing risk based security everyday in Israel I just wanted to highlight one thing – to my opinion there is no direct link between risk based security and the cost of security.

    using this methods allows one to use his resources better by investing one’s energy to the “suspect” / “irregular” on behalf of other areas where risk is low or doesn’t exists at all. it takes courage and a big change in decision making process to understand that once there is no risk there is no need to check (as oppose to 100% screening as a method).

    the question how much it will cost is not relevant – risk based security can be very costly. To my opinion first it is up to the authorities to decide how much they want to spend and than find the best way to act on that (risk based security),

    Best Regards,

    • Ilan, thank you very much for your comments. The purpose of the paper was to examine if we are indeed spending our limited security resources efficiently and at the right place. I agree with you that it does not necessarily mean that it could cost less, but we should challenge our governments to demonstrate that the investments are indeed both effective and efficient.

      • ilan biton says:

        Yves, I agree – there is much that can be done yet with allocation of resources at Avsec. I hope that more regulators will be brave enough to challenge the conventional way of thinking for new and improved processes.

        again – thank you for the article and for sharing your thoughts.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Send this to a friend