Media>News | Risk

9/11 and Foreseeability: What Have We Learned in 20 Years?

By Michael J. Martin | September 10, 2021 | 5 min read
9 11 art

Back in the summer of 2001, Gustave Lipman and Michael Martin were sitting around a table at the Guardsmark Administrative Headquarters conference room with a group of experts: recently retired FBI counterintelligence agents, career military officers, law enforcement personnel, academics including infectious disease expert Dr. Michael Olsterholm who had recently written a book on bioterrorism, investigative reporters who’d worked on stories about Middle Eastern terrorism, and security experts. Lipman and Martin, then executives at Guardsmark, the fourth largest private security company at the time, were hearing something alarming from the experts around the table: an attack was being planned — something big.

One expert heard that terrorists were planning to hit a U.S. building, possibly an embassy in Africa. A reporter disagreed: Middle Eastern terrorists were interested in an attack on U.S. soil, possibly Manhattan. Olsterholm — who later correctly predicted the current pandemic – thought terrorists might release a biological or chemical agent, such as sarin gas.

Then, a few months later, the 9/11 attacks happened in New York, followed by the anthrax attacks— and even though at least two people in the room saw each attack coming, Lipman and Martin both noticed that many people said the attacks were “unforeseeable.”

Probability vs Foreseeability: Why Security Professionals Need to Know the Difference

A look at September 11, 2001

Lipman, now Chairman of Circadian Risk, was in New York City during the 9/11 attacks. Guardsmark had just moved to its new headquarters in Midtown Manhattan the day before, so the day was hectic before the attacks even started. Martin, now Chief Executive Officer of Circadian Risk, was getting set to travel within his region and was at the Detroit Metropolitan airport awaiting a 930 a.m. flight. Then 8:46 a.m. rolled around.

“The morning unfolded with the news of the first plane striking,” says Lipman. “After the first plane strike, we had a safety situation. We had clients in the area, as well as clients and employees in the World Trade Center.”

Lipman was on the phone with a former FBI senior executive, planning an incident response when the second plane hit the South Tower 17 minutes later. They both immediately understood that this wasn’t an accident — it was a coordinated attack — and the plan changed.

“At that point we were concerned about secondary and copycat attacks,” said Lipman. “I was on the phone with the CEO, we were looking to harden all targets in the New York area and make sure we knew where all our team members were.”

“In a lot of these situations, we were evacuating clients’ employees, but our officers were also asked to remain in the buildings and do their jobs,” said Martin. The company moved to bring in additional resources from unaffected areas to help their clients and employees in New York, Washington D.C and Pennsylvania.

In those days before access cards could tell an officer who was in what part of a site, officers had to go room to room, evacuating clients. That was a lesson learned that day, says Martin. “Our priority was to account for every officer that may have been impacted by the attack,” he said.

Ask the Expert: What Should We Think About After an Incident to get Back to Normal?

Security post-9/11

From 1999 through 2001, several security-related incidents occurred. Just after the 9/11 attacks, anthrax was sent through the mail by a then-unknown suspect, killing five people, sickening many more and creating a culture of fear and concern. Two years before, the nation had been taken by surprise when two students-turned-gunmen killed 13 people at Columbine High School in Colorado.

The public, including businesses, had been shaken out of complacency by these events, and Martin hoped that would change the public’s view of the private security industry. Overseas, security is taken very seriously. In the U.S, however, private security had often been seen as a cost center rather than an important expense by clients. In many cases, clients would state that they didn’t want to document their risk related security problems because they felt that if they weren’t advised of a risk, they couldn’t be held liable for it.

In the few months after 9/11, that seemed to change.

“Six months after 9/11 we saw customers increase their security greatly and were more receptive to risk analysis and gauging their preparedness,” said Martin.

It didn’t last, unfortunately. “18 months afterward many clients were below 9/11 levels of security. We saw more and more security programs get taken over by exercises in procurement — with some customers even making security related decisions with the same methods with which they purchased catering, landscaping and janitorial services.”

The slide back into complacency felt shocking; Lipman and Martin knew the threats were still out there.

“There were some organizations that devoured the lessons of 9/11 and there were others rolling the dice,” said Lipman. “ You really have to make security and preparedness a priority and it has to be something that is committed to, day to day and minute to minute.”

Ask the Expert: How Can My Company Prepare for an Active Shooter?

How is security different now, 20 years later?

Martin points out that we hardly ever hear “it can’t happen here” about almost any threat the way we did before the Columbine shootings and 9/11. Often, when it comes to threats like active shooters, we now instead hear phrases like “We knew it was only a matter of time before it happens here.”

That doesn’t mean, however, that we are clearly foreseeing threats that may be probable. He remembers that room in June 2001, when experts were predicting the attacks that would happen in the following months, even if that particular group was unable to stop them. The reason they could foresee the event? They weren’t siloed – a talented group of experts from different disciplines was able to sit down and discuss the possibilities based on intelligence and information that was available.

That level of work should be done more often, he says.

“There needs to be a greater imagination when it comes to things going wrong,” said Lipman.

Martin never wants to see the U.S. return to the “it can’t happen here” mentality.

“There needs to be a continued focus and a resistance to complacency when it comes to the threats that are out there,” he said. “We can’t be swayed by public opinion or political rhetoric. We have to trust what the data is telling us about staying vigilant and always knowing that as improbable as something can be, it can happen.”


Do you have a security project you need help with? Schedule your personalized demo today.

Are you ready to improve your organization’s risk resiliency?

Book a Demo to See Circadian Risk In Action.
Request a Demo