Creating the Terrorism Management Program

by Marc Botes

Developing a comprehensive and fully integrated terrorism management program in an organization that doesn’t have one may seem straightforward, but nothing could be further from the truth. Just adding a couple of templates and protocols to your existing crisis management plan is not nearly sufficient. In the rest of the paper, we will look at some of the challenges to developing such a program, along with potential solutions to these challenges. I will focus on a typical humanitarian aid organization in the aid delivery sector.

One of the greatest obstacles to implementing a Terrorism Management System is the commonly held belief that a terrorist incident is so unlikely that it is a waste of time, energy, and resources (e.g. finances, manpower, etc.) to establish such a program. They point to statistics (or the lack thereof) to substantiate their claim. According to Nassim Taleb, author of “The Black Swan: The Impact of the Highly Improbable” (Taleb, 2010), the human mind is influenced by three conditions when confronted with history:

  1. The Illusion of Understanding – We think we understand what’s happening in the world which is exponentially more complicated and random than we could ever imagine.
  2. The Retrospective Distortian – This points to our tendency to only assess matters after the fact. To illustrate the point, Taleb mentions that history always seems more organized and clearer in history books than in reality.
  3. The Overvaluation of Factual Information – Black swan logic states that what one doesn’t know is far more relevant than what one does know.

To be fair, with the increase in media coverage of terrorist attacks, coupled with the fact that humanitarian aid sector personnel have become legitimate targets, most humanitarian actors agree that such an attack is possible, just not to them. Such an attack, although relatively rare, yet in a way predictable – predominantly to the ones prepared for them and who have the programs to manage them, are referred to as near-black swans.

We need to keep in mind that our habits, and the habits of our employees, make up between 40-95% of what we do on a daily basis. So getting our staff to a place where they are, habitually, aware of their surroundings and territory, and implementing security management processes as needed, may be more challenging than expected. Terrorism awareness is an integral role for everyone involved in an organization. This will often involve a changing of individual and organisational habits.

A basic understanding of how habits are formed or changed is beneficial. According to Charles Duhigg (Duhigg, 2012), before a habit is formed, it has to go through three steps – the habit loop: a cue, a routine, and a reward. I believe the success of any Terrorism Management Program will depend on the successful incorporation of these not-so-simple steps. Now consider the following: the attacker/terrorist is increasingly more vulnerable to detection the further along the Target Selection Process they are. Teaching staff what to look for (i.e. warning signs, body language, stress telltale signs) will act as the cue.

The cue pushes the brain into autopilot, and then often decides which habit to use at the time (e.g. gathering as much information as is safe to do so, reporting their suspicion via the correct channels, etc. – the list is endless). The routine can be physical, mental, or emotional. The final step is the reward. The reward determines whether an action will become a habit or not. In other words, no reward, no new habit.

“The brain responds faster to a trigger only when it deems it worthwhile.”

Duhigg goes on to say that the cue can be literally anything in the person’s environment (including suspicious behaviour). The routine can be either complicated or not. I believe it’s probably better to keep the routine as simple as possible, as the cue will probably be accompanied by some internal stress, which will inhibit memory recall in the phase leading up to the routine becoming a habit.

Keeping in mind that an effective Terrorism Management Program is based on a coalition of Stakeholders, both internal and external. This is due to the far-reaching fallout of a successful terrorist attack. The challenges to this, however, are numerous and complex. Considering the internal challenge first means that such a program needs to be embedded in the operating culture of the organization. Having the buy-in of all staff is absolutely essential. As an organization, we’ve had to:

  • Make sure that our Organizational Culture incorporates a Risk Management Culture, i.e. all staff have a role to play in identifying and managing the risk of e.g. a terror attack.
  • As part of our Risk Management Culture, we’ve taken into account that our staff will generally weigh their options and make the choice they think will benefit them the most. We’ve had to put in place some sort of incentive to encourage our employees to be more aware of their surroundings, and coupled this with comprehensive training regarding how to do this. The incentive was geared toward corporate recognition, not monetary gain.
  • We’ve had to put in place robust Security Management Processes, as well as upgrade our Defense in Depth structures and principles. Coupled with this, we have started making use of Scenario Planning to help prepare for a terror attack.
  • In a very insightful report titled Risk Management & Decision Making Under Uncertainty, (Olympiou, 2022), the authors warned about some of the challenges you could encounter when conducting and implementing scenario planning. We encountered resistance to improbable scenarios because of the belief that we cannot consider all possible scenarios, or be prepared for all different consequences. Another challenge, and one we’re still navigating, comes from the finding and implementation of an expansive scenario planning exercise.

As I’m sure is becoming increasingly clear, creating a Terrorism Management Program comes with significant challenges, and thus far we’ve only looked at this from an agency perspective. When we consider that a proper program will necessitate the creation of a coalition of stakeholders, each faced with similar challenges, the true scope of such a project becomes clear. I believe that exceptional leadership and vision are required, both organizationally and in the broader context, if the creation of such a program has any chance of success.

Another tool that is freely available that may ease the formation of such a coalition of stakeholders necessary for a terrorism management program is the JESIP – The Interoperability Framework. With joint training and exercises, this framework goes a long way in forming the necessary working partnerships. Their overarching aim when responding to an emergency (including a terror attack) states the following: “Working together, Saving lives, Reducing harm” can be utilized as a “rallying call” – both organizationally and inter-agency. I think it’s worth closing with El Al’s Model of Security, which together with the rallying call above could be used as the foundation for the formation of the Terrorism Management Program:

  • Total Ownership of Your Territory – Staff should be made aware of which area they are responsible for. There should be no ambiguity in this regard.
  • Everyone is involved with/responsible for Security Management – this is ultimately what we’re aiming for in the formation of a Terrorism Management Program.
  • Individual, Team, Organizational Commitment – “Not today, Not on my shift, Not in my territory!”


  • Duhigg, C., 2012. The Power of Habit. s.l.:Random House Trade.
  • Olympiou, A. C. &. P., 2022. Risk Management & Decision Making Under Uncertainty During The Afghanistan Crisis 2021, s.l.: s.n.
  • Taleb, N. N., 2010. In: The Black Swan: The Impact of the Highly Improbable 2nd Edition. s.l.:Random House, p. 678.