• James Cameron

Insurance - Protecting Against Active Shooter


In my experience organizations assume that insurance will cover any costs associated with these types of tragic events. I have also recognized that there is a critical disconnect among insurance companies and security professionals. Security professional could help advise insurance companies on what mitigating factors should be established and in place to minimize exposures to loss.


There is a strong relationship between SHRM[1] (Society of Human Resource Management) and ASIS[2] (American Society of Industrial Security) regarding recommendations for policies on all issues as they relate to Human Resources and Security. However, what appears to be missing, even with organizations such as RIMS[3] (the Risk Management Society) is informing and relaying how those recommendations can help the insurance providers.


Before Active Shooter or Terrorism policies are issued, there are mandatory questions that need to be asked. These questions should not result in a simple yes or no answer. However once questions are asked, those seeking coverage should be required to provide documentation as proof to support their answer. While insurance underwriters may not know how to fully examine the requested documents, a qualified security professional will. There is a list of policies and procedures an organization should have in place which address’s and mitigates the potential for loss. Some of those that should be in place and verified include but are not limited to;

  • Do they have a Workplace Violence Program, and is it up to date?

  • What is their hiring process, do they conduct background checks?

  • What is their termination process?

  • Do they have a Hostile Termination policy and procedure?

  • Do they have a Crisis Management Plan, and is it current?

  • Do they have a reporting process for See Something, Say Something?

  • Do they have a business continuity plan?

  • What type of access control measures do they utilize?

  • Do they have a training program for their staff on company policy and procedures and is it documented?

  • Do they utilize any form of security in-house, or is it contracted?

  • What is the Standard Operating Procedures for the security?

Most Active Shooter and Workplace Violence occur because organizations fail to have or adhere to one or more of these policies. Being able to answer and validate these questions can potentially lead to the reduction of an incident occurring.

There is also a list of security specific questions that should be asked of any organization that has security officers on site. Those questions would include but not be limited to;

  • Are the guards armed or unarmed?

  • What are the Rules of Engagement (ROE)

  • If they are armed are the hiring clients aware of the ROE?

  • Are there specific POST orders given to each location they provide security for?

  • Have they guards been trained on situation de-escalation?

  • Are the guards instructed to “Observe and Report” only and if so are the clients aware of the guard’s response responsibilities?

  • What types of weapons and retention holsters are being utilized?

  • Have they been trained on handcuffing?

By not insuring these types of questions are answered and verified organizations are open to legal exposure which ultimately is paid for by insurance companies. All companies large and small, are subject to lawsuits if and when an incident occurs. The goal is to diminish as much liability as possible thus reducing financial losses. By being proactive and having updated policies, procedures, and training in place, the potential award amounts could be greatly reduced.


Legal exposure, in general, fall within the charges of;

  • Violation of OSHA General Duty Clause

  • Negligence – Often Gross Negligence

  • Respondeat Superior - Circumstances when an employer is liable for acts of employees performed within the course of their employment. This rule is also called the master-servant rule, recognized in both common law and civil law jurisdictions

  • Wrongful Death

  • Loss of Parental Consortium - the law that refers to the deprivation of the benefits of a family relationship due to injuries caused by another

  • Premise Liability

  • Voluntary Assumption of Duty to Protect

  • Pain and Suffering

  • Emotional Suffering

[1] www.shrm.org

[2] www.asisonline.org

[3] www.rims.org


What steps can you take and how can Security Professionals and Risk Managers help? As insurance providers, there should be a developed partnership, with verifiable, Security Professionals. Critical areas that they can immediately assist with would include;

  • Assist insurance providers develop new emerging business opportunities such as” Active Shooter” and “Terrorism” policies.

  • Help understand your current client portfolio and assign levels of risk such as High, Medium, Low and develop list of required action items for each.

  • They can assist insurance providers understand what organizations should be doing to mitigate their risk and exposure.

  • They can make recommendations on policy, procedures and programs organizations should be developing, implanting, improving and maintaining.

  • Security professionals should also be used to audit current insured's, Programs, Policies and Procedures – Becoming the professional eyes and ears for insurance providers.

  • Lastly, they can conduct training for the insured's organizations within the Insurance Providers portfolio.

Unfortunately, not all security professionals can assist with these solutions. Finding the right person or firm is imperative because if they aren’t qualified, their assistance would be meaningless. Professionals who are qualified should carry at a minimum, a Board Certification such as the CPP[1] or Certified Protection Professional issued by ASIS. Another certification would be the CRMP[2] or Certified Risk Management Professional issued by RIMS. Both certifications validate the professional’s knowledge and experience in risk management.


Working with Security Professionals or Risk Managers to help insurance companies understand the gaps in a client’s processes is not only critical but it will reduce the potential for legal liability, while also helping to reduce the chances of an incident from ever occurring.

[1] www.asisonline.org/Certification/Board-Certifications/CPP/Pages/default.aspx

[2] www.rims.org/certification/