Crisis Management

Plan to Survive

Employers are still slow to take the necessary steps to ensure that their organizations are prepared for violence.
By: | January 25, 2016

You’re at your desk, engrossed in a report. From somewhere on the other side of the building, you hear a loud muffled noise. Furniture-moving mishap? Backfiring car? It barely registers in your mind until you hear it again.

Then you hear screams. The icy grip of fear tightens your chest. There’s a shooter in the building.

Your vision blurs for a moment as you try to decide in that split second what to do next. Fifteen minutes from now, you will either be a survivor, or you will be a statistic.

Armed killing sprees have long been a troubling fact of life in the U.S. and elsewhere. As far back as August 1966, Charles Whitman opened fire from the clock tower of the University of Texas at Austin, killing 16 people and wounding 31.

The massacre shocked and horrified the world in 1966. But in 2016, our capacity for shock has been dulled by the increasing frequency of the type of violence we now commonly refer to as active shooter incidents.

In 2015, there were 330 incidents in the U.S. in which four or more people were shot or killed using firearms, resulting in 367 deaths and 1,317 injuries. Incidents at schools, universities and public spaces took up most of the media attention until December, when an employee of the Inland Regional Center in San Bernardino, Calif., left work and returned with his wife and a small arsenal of firearms. Fourteen people were killed, and 22 were wounded. Suddenly employers that gave workplace violence only a passing thought began asking “What if it had happened here?”

The question is long overdue. The FBI reports that 45 percent of active shooter incidents occur at places of business, making them the most common target for these attacks.

Be Proactive

There are multiple categories of active shooter or other workplace violence situations. The San Bernardino shooters are alleged to have had ties to terrorist factions, but acts of political terrorism in the workplace are rare. Acts perpetrated by unstable individuals are far more common, as are domestic violence incidents.

active shooter chartWithout question, there are situations where a target is chosen at random, and there is absolutely no way an employer could have seen it coming. But more often there are signs or signals along the way — red flags, both subtle and obvious, that were brushed off or even deliberately ignored out of a reluctance to create conflict. That is a mindset that desperately needs to change, say experts.

“Many of the incidents that we see could have been avoided because there were clear precursors,” said Sean Ahrens, Aon Global Risk Consulting’s Security Consulting practice leader. He adds that “incidents where there’s a straw that broke the camel’s back are happening more and more.”

The culture of silence happens for a variety of reasons. Coworkers don’t speak up for fear they’ll be branded as troublemakers. Employers worry they will be accused of defamation or discrimination if they take a hasty action against an employee.

In the well-intentioned quest to create a solid, documented case for taking action, sometimes employers wait too long. The results can be tragic.

Experts agreed that risk managers must work to cultivate a “see something, say something” culture. To increase the chance of being able to identify a burgeoning threat, experts strongly advise employers to have a means in place for employees to report concerns anonymously.

Sean Ahrens, security consulting practice leader, Aon Global Risk Consulting

Sean Ahrens, security consulting practice leader, Aon Global Risk Consulting

“Employers should afford as many ways as possible to communicate this information,” said Ahrens. That could an online email form, an anonymous hotline, a third-party hotline, or whatever methods make the most sense for the organization.

From there, an internal threat assessment team can gather further intelligence and decide how to proceed or attempt to de-escalate the situation. Simply terminating an at-risk employee isn’t necessarily the smart play, and could actually make things worse. Crisis management experts can be a useful resource for employers working to avoid a misstep.

The Survival Plan

The bottom line for risk management is that there is no iron-clad means to eliminate the risk that your workplace will experience an active shooter event. Even the best preventative measures have to be backed up by a solid emergency plan paired with response protocols spelling out what needs to happen during an event.

Communication is the first line of defense. A clear warning can give everyone out of the line of fire a better chance of evacuating safely. The simplest method is using overhead audio such as a P.A. system.

“Don’t use codes, just plain English,” said Ahrens. Be straightforward: “There’s an aggressor in the building near the Northwest stairwell. We’ll provide updates when available. Evacuate now if you can, or shelter in place.” Then provide continuous updates, he said.

Other environments may require additional measures. A noisy manufacturing floor or warehouse, for example, may need to use a strobe light to alert workers to turn off machines so that they can hear the emergency message.

What happens after the warning is broadcast will likely make the difference between life or death, which is why failure to train employees is not a valid option.

Michelle Colosimo, director, Black Swan Solutions

Michelle Colosimo, director, Black Swan Solutions

“Yes, you have to call 911,” said Michelle Colosimo, director of Black Swan Solutions, “but look how quickly these events can [unfold]. You now need to leverage your own employees to make sure that they’re doing the right things to help keep themselves safe.”

In 2012, the City of Houston produced a 6-minute video called “Run. Hide. Fight.,” funded by the Department of Homeland Security. The video has become the standard training model endorsed by the FBI and DHS for teaching civilians how to protect themselves and others around them.

Other training models have gained traction, such as “Avoid, Deny, Defend,” but most have same underlying message at their core:

    * Escape if you can do so safely
    * If not, then get to a location that can be locked or barricaded, if possible
    * Fight back as a last resort, using any improvised weapon within reach

“You don’t have a means in place to be able to take down that gunman,” said Colosimo, “nor do you want to be encouraging employees to try to take down that

gunman. So what are you doing to help educate and train them? Because it’s really up to the employee to make the right decisions.”

Some risk managers may find upper management squeamish about the phrase “active shooter training,” because their perceptions have been shaped by stories in the news about unannounced active shooter drills that traumatized employees.

The goal of drills is not fear, it’s understanding, said Mike Payne, organizational resilience manager at iJET International.

“You want to walk everybody through and talk everybody through what the expectations are, where the decision points are, and how to effectively respond.”

Jay Hart, director, Force Training Institute

Jay Hart, director, Force Training Institute

“This kind of training is very easy to get wrong. It’s very easy for it to be fear-based,” said Jay Hart, director of Force Training Institute. “I’ve noticed that’s what a lot of executives struggle with.”

Those same misperceptions may tempt some to provide training without drills, but that strategy is ill-advised, experts said, because in an emergency, there’s no accounting for how people might respond without a frame of reference.

Most will revert to habit – perhaps attempting to exit the building via their normal exit route, even though that route might be in the line of fire. Others may simply freeze in place.

“When chaos strikes and fear takes over, we’re typically not thinking clearly,” said John Stevens, senior vice president at Keenan.

“I think you’d be amazed by how many people would just sit at their desk and process that information.” agreed Ahrens. Drills help people move past that paralysis by ingraining the right behaviors and turning them into reflex or “muscle memory.”

“[They have to] go through the motions, pretend something is happening — make sure they actually have to take those steps necessary to protect themselves, kind of like a dry run,” said Colosimo.

“Give them all of the tools and the means necessary.”

Drills are important not only to help employees refine their instincts, she added, but also to identify potential flaws in the emergency response plan.



“It may look great on paper,” she said, but when you actually test it, you may find that some escape routes are obstructed or that a particular route didn’t lead where you thought it would.

Keep in mind that there’s always the potential for some employees to react negatively to whatever training you provide. But Ahrens suggested putting it in perspective.

“You have people saying, ‘I can’t believe you showed us that, that training was over the top.’ But if they remember it during an incident, I think it’s worth the couple of people who don’t like it.”

Far-Reaching Repercussions

While employers are no longer burying their heads in the sand about workplace shooter risks, most are still a long way from being truly prepared.

Mike Payne, iJET International

Mike Payne, iJET International

“People are putting plans in place,” said Colosimo, “and maybe [some are] training people. But when you get to the drill level, specific to active shooters, those numbers are still low. And that’s what needs to change.”

Risk managers may still be struggling to get the buy-in they need, and the problem doesn’t necessarily revolve around the bottom line. Taking steps toward active shooter preparedness can involve some uncomfortable decision making, explained Payne, so “by not having a background in handling those types of risk decisions, it creates a level of denial. And while that is a response, it’s not the preferred one.”

To help the C-suite move past reluctance, experts recommend framing the language in terms of safety as well as presenting the bigger picture and the potential impact to the business.

To help the C-suite move past reluctance, experts recommend framing the language in terms of safety as well as presenting the bigger picture and the potential impact to the business.

While the frequency of an active shooter incident may be less than any other risk that a business faces, stressed Stevens, “the severity and the magnitude of the circumstance become greater than anything else they face because you’re dealing with human lives.”

In the aftermath, the fallout would likely be a tangle of workers’ comp and liability claims related to fatalities and potentially catastrophic injuries. Property damage could be extensive in some situations, and many organizations could face significant business interruption expenses. In addition, questionable security procedures or a failure to respond to threats made prior to an incident may expose employers to a Pandora’s box of employment liability actions.

“In the world we live in now,” said Ahrens, “courts aren’t going to recognize ‘We didn’t see it as a risk.’ ”

As if that wasn’t enough, some businesses could find themselves in violation of workplace violence prevention laws, which are on the books in several states. And many companies may not even be aware of their obligations under OSHA.

While there is no federal workplace violence standard, OSHA asserts that it has the authority to cite employers for failing to take steps to prevent workplace violence under the General Duty Clause, which requires employers to keep workplaces “free from recognized hazards likely to cause death or physical harm.” Courts have generally agreed.

In addition, some say, there are multiple OSHA standards related to emergency action plans and job hazard training that can be interpreted to apply to active shooter training. Those claims have not yet been legally tested. But if the frequency of incidents continues to climb, it may only be a matter of time.

Reputational harm is also a very real possibility — not just among customers, but among vendors. Some companies may choose not to do business with a company it perceives as having lax security measures. Not least of all is the company’s reputation among both existing and prospective employees.

“If you have a workplace where people don’t feel safe, they’re not going to come to work,” said Colosimo. “If they don’t come to work, your productivity is gone.”

Insurance recovery may not be as straightforward as some assume. In the wake of a workplace shooting, business interruption losses may or may not be covered depending upon policy wording.

Workers’ compensation typically will cover costs related to injuries or fatalities that occur at work. However, a targeted, personal attack on an employee with a clear motive that is unrelated to the workplace — such as an attack by a jilted spouse — could negate some workers’ comp claims because it falls outside of the “scope of employment.”

Workers’ comp costs can wreak havoc on employers and insurers. The California death benefit of $250,000 for a single dependent survivor was multiplied many times over for those that died in the San Bernardino attack. But those that survive such an event with catastrophic injuries can potentially cost 10 times that amount over the long-term.

Until recently, there were no insurance products designed specifically for the risk of gun violence. But Willis Towers Watson now offers active shooter insurance. The coverage was intended for universities, but the company is now fielding inquiries from hotels, hospitals, and other institutions.

The policies, underwritten by Beazley, an affiliate of Lloyd’s, can cover up to $5 million of liability against claims that the company didn’t take the necessary precautions to prevent a mass shooting. It also covers the “on the scene” costs of a shooting incident, as well as any counseling or consulting expenses needed after the event.

What companies need to guard against is being lulled into false assumptions about the scope of the problem. After 911, there was a similar spike in interest in protecting workplaces from violence, noted Colosimo.

But eventually the interest waned, as the media moved on to fresher territory. Her hope is that it won’t require more incidents like San Bernardino to keep risk managers focused on what needs to be done.

“We’ve got to keep the momentum going because this isn’t stopping,” she said. “People have to be prepared.”

Michelle Kerr is Workers’ Compensation Editor and National Conference Chair for Risk & Insurance. She can be reached at [email protected].

More from Risk & Insurance