One response to news of the thwarted terrorist plot against the Sears Tower is relief. Such an attack could have led to many deaths and enormous destruction. It is a relief, not only to know that an attack was prevented, but also to think that homeland security efforts have made the United States safer than it was on Sept. 11. The danger in that a sense of relief is that it might lead to complacency.
Another response to the news is to take action — to increase the security budget to do whatever it takes to protect the organization’s buildings. That was the course of action some companies followed after Sept. 11. The risk is the same now as it was then: a significant expenditure of funds on poorly conceived projects that failed to address the real threats faced by the organization.
Spending money on security isn’t the problem. It’s often difficult to get organizations to spend money on security unless something has happened to draw top management’s attention to risks. And the plot against the Sears Tower shows that risks remain. But scarce security funds must be well spent. And the way to do that is to begin with a threat assessment, then develop a plan to address vulnerabilities revealed by that audit.
Planning isn’t a very emotionally satisfying response. But in this case it’s clearly the best choice.