Risk | Threat/Hazard
Probability vs Foreseeability: Why Security Professionals Need to Know the Difference
If something can and might happen, how do you describe it? My guess is, you say that thing is “probable.”
But that might not be the case. Consider a tornado drill in a school. How likely is a tornado to actually hit that elementary school? The probability is fairly low, but because a tornado hitting a school is a foreseeable event with a devastating impact, schools require drills. But schools aren’t willing to spend time or resources on drills for other low-probability, foreseeable events with less impact — an aggressive animal on school grounds for example.
That’s because foreseeability and probability aren’t the same. While it’s fine to use both words interchangeably in everyday conversation, they should not be treated as interchangeable in the security industry.
Ask the expert: How can my company prepare for an active shooter?
Foreseeability vs. probability
Foreseeability, is simply the acknowledgement that an incident can happen. Basically, if you can reasonably imagine something happening, it’s foreseeable. For example, a wild animal attack can happen on a school playground — animals have attacked humans before, after all. Will it happen, however? That’s where probability comes in. Probability is the likelihood of an incident actually happening. In the security industry probability often determined by taking several variables into account, including foreseeability:- Foreseeability: Can you reasonably foresee an incident happening?
- Historical context: Has it happened before?
- Visibility: Is the site controversial or in the public eye for some reason?
- Proximity: Is the site in a high-risk area?
- Active threats: Have threats been made?
- Critical assets: Does the site have assets someone might want to destroy or steal?