Risk | Threat/Hazard

Probability vs Foreseeability: Why Security Professionals Need to Know the Difference

February 17, 2020 | 3 min read

If something can and might happen, how do you describe it? My guess is, you say that thing is “probable.” But that might not be the case. Consider a tornado drill in a school. How likely is a tornado to actually hit that elementary school? The probability is fairly low, but because a tornado hitting a school is a foreseeable event with a devastating impact, schools require drills. But schools aren’t willing to spend time or resources on drills for other low-probability, foreseeable events with less impact — an aggressive animal on school grounds for example. That’s because foreseeability and probability aren’t the same. While it’s fine to use both words interchangeably in everyday conversation, they should not be treated as interchangeable in the security industry. Ask the expert: How can my company prepare for an active shooter?

Foreseeability vs. probability

Foreseeability, is simply the acknowledgement that an incident can happen. Basically, if you can reasonably imagine something happening, it’s foreseeable. For example, a wild animal attack can happen on a school playground — animals have attacked humans before, after all. Will it happen, however? That’s where probability comes in. Probability is the likelihood of an incident actually happening. In the security industry probability often determined by taking several variables into account, including foreseeability:

Foreseeability: Can you reasonably foresee an incident happening?
Historical context: Has it happened before?
Visibility: Is the site controversial or in the public eye for some reason?
Proximity: Is the site in a high-risk area?
Active threats: Have threats been made?
Critical assets: Does the site have assets someone might want to destroy or steal?

Not all the variables will apply to all situations. In the case of the wild animal on school grounds, you might look at historical context (have wild animals approached this site before), proximity (are you in an area with a large population of bears, alligators, or other dangerous animals), and active threats (have local authorities seen several cases of rabies or other diseases). Different variables will apply to different incidents and sites. Criminals share information, and so should we. Read more about our security community.

Why is it important to use foreseeability and probability properly?

You might be wondering at this point why the terminology is important. After all, what’s wrong with using “probable” when an issue is foreseeable? In the security industry we need to be crystal clear about a client’s risk. Foreseeability is important when you’re evaluating new trends, like drone technology, but probability is a key unit of risk measurement. If a security consultant tells a client that a foreseeable is highly probable, that client may spend time, money, and other resources on security measures they don’t need, instead of focusing on measures that may be more important for their security. It’s important to understand both what is foreseeable and what is probable. To do that, you have to start using both words correctly.

Which variables do you use to assess probability?

Criminals are constantly collaborating, communicating and working together in order to beat our security measures. Unfortunately, security professionals don’t collaborate or share information nearly as much. Take risk probability: every security professional uses a different set of variables to determine the probability of risk. Because we’re committed to helping security professionals work together, we want to create a standard list of best practice variables that will help all security professionals accurately assess risk probability. But to create that resource, we need your help. What variables do you use to determine the probability of risk? Contact us and share your variables, and when our resource has been created, you’ll be the first to get a copy.