Wednesday, June 3, 2009

Don't plan for terror, get sued?

IANAL, but via email from Scott (who is a lawyer), comes this:
Organizations that ignore the threat of terrorism and do not plan for the possibility could face lengthy and expensive litigation in the aftermath of an event, according to an executive at Aon.

The comments of Craig Preston, executive director at Aon out of London, came as Aon unveiled its 2009 Terrorism Threat Map showing a shift in Islamic terrorist activity in the Middle East and Southern Asia, most notably in Pakistan, India, Afghanistan, Thailand and Nepal.

[snip]

“Organizations are now much more conscious of their duty of care and corporate governance responsibilities,” said Mr. Preston. “As a society becomes more litigious, those with risk management responsibility need to be seen to be doing all that is reasonable to protect their brand, assets and people against a terrorist attack.”

He added that after the most high-profile events in New York and India, a terrorist attack could be viewed as a “foreseeable event” by litigants. Those who have not addressed the issue “could open themselves to very lengthy and damaging litigation charges” in the aftermath of an attack.
I have several thoughts on this:

1. I thought we weren't supposed to call it "terrorism" any more in the new enlightened age. It's "man-caused disaster".

2. Aon sells insurance (and presumably terrorism insurance), so take this with a grain of salt. Note that just because they have a stake in the outcome, it doesn't mean that they don't know anything about risk. I work at Small Internet Security Startup; we'll make money if your company buys our products. However, just because we stand to make money doesn't mean I don't know anything about security. And have all you XP users updated your security? It's important. Really.

3. We're witnessing the collapse of the nation-state. The modern nation-state emerged in Europe starting in the late 16th Century, as central governments consolidated their power against the landed nobility. A key objective of the state was elimination of organized groups which could exercise violent power. This year, we've seen the Somali pirates double down on their (ahem) aggressive entrepreneurial activities, the leader of the free world say in so many words that they wouldn't treat terrorism as, well, organized terror (see item #1 above), and now the private world saying that everyone needs to take care of their own. Not take care against the random petty criminal, but against organized actors on the world political stage.

4. IANAL. Your mileage may vary, void where prohibited, do not remove tag under penalty of law. However, this is a test case that could put a company out of business, as is - increasingly - failure to address Internet Security. As I told Scott, if I wore a younger man's shoes, I'd go to law school. The Next Big Thing (Billion dollar judgements: think silicone breast implants, tobacco settlement, etc) in the Tort community very well might be suits over lack of due dilligence in security. The right guy - who knew the right embarassing questions at a deposition - could stand to make some coin.

1 comment:

TOTWTYTR said...

AON is an insurance company and what insurance companies do is manage risk. The more risk they manage, the better their profit margin.

Since insurance is really a form of gambling, you betting that you'll need it and the company betting you'll pay but not collect, they are pretty good at assessing the risk of any situation they insure against occurring.

Plus it's in their best interest to get their insured to take risk management seriously since that effects the bottom line.

All of which means that the probably have a pretty good analysis of the potential threats out there.

Maybe we should contract out the CIA to the AON?

Which I own stock in, so I want them to do well.