The Difference Between Consequence and Probability: Security in Kenya Should Be More Than Counterterrorism.

Kenyan organizations should prioritize designing their baseline security program based on the most likely events rather than the most catastrophic ones. This approach allows organizations to effectively allocate resources and address the risks that are most relevant to their specific context.

While inspecting the trunk of cars may be a necessary security measure to prevent certain types of attacks, it may do little to deter an intoxicated person from assaulting a guest or prevent a thief from robbing a pedestrian.

When conducting a risk assessment, organizations have the choice to rank risks either by probability or consequence. If the risk is ranked by likelihood, the resulting security system will primarily focus on addressing ordinary crime and nuisance hazards. On the other hand, if risk is ranked by consequence, the design basis threats will typically include terrorist attacks, political violence, and other highly consequential manmade hazards.

While it may seem beneficial to protect against the most consequential threats, it is important to consider the practicality and cost-effectiveness of implementing countermeasures. Countermeasures that are effective against terrorist threats are often expensive and may have aesthetic or operational drawbacks. This can lead to a situation where property owners are unable or unwilling to implement these measures, resulting in a security program that is ineffective and does not address the most likely threats.

To avoid this progression, organizations should regularly commission risk assessments, rather than reacting to recent events or security fads. By considering the most likely threats and hazards, organizations can design a security system that provides the desired level of protection against the highest-risk scenarios. This approach ensures that resources are allocated effectively and that the security program is based on sound analysis rather than contemporary fears.

In the context of Kenya, it is important for organizations and facilities to recognize that they are at a higher risk of facing robberies or assaults rather than terrorist attacks. Therefore, it is crucial for facility and organization management to prioritize the protection of their guests and employees against these more likely threats. Focusing solely on preventing improbable terrorist attacks may lead to neglect of other, more likely hazards and ultimately have a negative impact on overall security.

For example, while inspecting the trunk of cars may be a necessary security measure to prevent certain types of attacks, it may do little to deter an intoxicated person from assaulting a guest or prevent a thief from robbing a pedestrian. Therefore, organizations should ensure that their security measures are comprehensive and address a wide range of potential threats, rather than being solely fixated on one specific risk.

In summary, Kenyan organizations should prioritize designing their security programs based on the most likely events rather than the most catastrophic ones. Regular risk assessments, focusing on likely threats, and designing security systems accordingly will ensure that resources are allocated effectively and that the program provides the desired level of protection. By avoiding a narrow focus on improbable threats, organizations can enhance the overall security and safety of their employees and guests.

Morgan Woodruff is the CEO of Eryrx and a security consultant in Kenya. If you or your organization could benefit from a more scientific and purposefully approach to security risk assessments and system design, you can contact Morgan at m.woodruff@eryrx.com.