How Risk Management Pros Are Working to Stop the Next Mass Shooter

The Mandalay Bay hotel attack in Las Vegas last October lent fresh urgency to the task of risk managers across various industries to minimize the potential of a disastrous mass shooting event.
By: | October 15, 2018

Despite several decades during which mass shootings have become a regular occurrence, the attack at Las Vegas’s Mandalay Bay Hotel last October traumatized the country.

Yet again, questions were asked on whether public places can be better defended against gunmen; in addition to Mandalay Bay, targets in recent years include a movie theater (Aurora), a nightclub (Orlando), an airport (Fort Lauderdale), multiple churches and dozens of schools.

Around the world, the vulnerability of busy venues to mass shootings has been regularly exposed in the 21st century. A decade has passed since a series of gun attacks and bombings in Mumbai over four days in November 2008, when terrorists targeted 12 locations including two hotels, a train station and a restaurant. A lengthy siege at the Taj Mahal Hotel left 164 dead and hundreds wounded.

Despite a growing body of knowledge on how to prepare for and limit the impact of gun attacks, they appear to be occurring with increasing regularity. As one risk manager acknowledges, “bad people will always find a way to do bad things.”

Following the Mumbai attack, local hotels introduced a policy requiring guests to drop off their baggage at a perimeter outside the building, where a checking system similar to airport security could examine the contents.

“The societal barrier for violent acts has steadily lowered as individuals come to regard violence as a solution to their problems, while the average age of perpetrators is also lower.” — Hart S. Brown, COO, Firestorm Solutions

Similarly, in the weeks following the Mandalay Bay killings, a group of seven casino and hotel risk operators formed a working group to meet regularly and discuss how to control such events. In a blog posted last January, Marsh’s U.S. hospitality, sports and entertainment practice leader, Christian Ryan, reported evidence of several major changes across the hotel, gaming and entertainment industries.

Those changes could be summarized as “checking out who’s checking in” and include training staff at all levels to speak out should they detect any suspicious activity — even if seemingly trivial. Even the “do not disturb” and “occupied” signs regularly hung on hotel doors can be worth noting if, for example, a room has remained unchecked for several days. Staff training also focuses on the types of luggage that guests may carry, helping them discern between a golf bag and a gun bag.

Making greater use of CCTV is another trend, along with having a more evident police and security presence in both the front and back of the premises.

As one risk consultant observes, high-profile security was a factor in the June 2016 attack on the Pulse nightclub in Orlando. The subsequent investigation revealed the gunman initially targeted other locations but was deterred by the presence of police officers and finally chose Pulse because of its relative lack of security.

Valuable Risk Management Resources

Two sources of information and recommendations for risk managers singled out by Chandra Seymour, a senior vice president within the Marsh Risk Consulting’s reputational risk and crisis management group, are the websites of the Department of Homeland Security (DHS) and the Occupational Safety and Health Administration.

Chandra Seymour, senior vice president, Marsh Risk Consulting’s reputational risk and crisis management group

“All the pieces are there, which risk managers can use in putting together their own individual risk mitigation program using what they already have, and there is a hotline available for further advice,” said Seymour.

The DHS’s network of fusion centers for pooling information on potential threats is another valuable source, confirms the risk manager for one major hospitality and gaming company. “We work closely with the DHS, and it is a two-way communication. They inform us when they become aware of a possible threat and we inform them of suspicious activities that they investigate,” he said.

“They also provide support for ‘soft target’ industries like hospitality and entertainment to review response plans and make recommendations for improvements.”

The risk manager added that prior to the Mandalay Bay attack, hospitality companies were members of various professional organizations such as American Hotel & Lodging Association’s risk management committee and safety & security committee, ASIS International (formerly the American Society for Industrial Security), and other professional groups.

“Since that incident, informal groups have formed that are made up of risk, safety and security professionals from the same area,” he said.

“It’s an opportunity for companies to not only look inward at their own practices but to also discuss what others are doing and thinking about. It’s common to include local law enforcement as well as other agencies such as DHS to participate. The result isn’t so much a ‘checklist’ for risk managers but innovative and thoughtful best practices that can be implemented across the sector without compromising our business mission.”

However, as Hart S. Brown, with crisis risk management firm Firestorm Solutions acknowledges, the incidence of mass shootings is likely to remain high. “The societal barrier for violent acts has steadily lowered as individuals come to regard violence as a solution to their problems, while the average age of perpetrators is also lower.”

Hart S. Brown, COO, Firestorm Solutions

The scope for pre-emptive action is limited. “A threat in itself isn’t enough to constitute a federal crime and local police departments lack the time and resources to follow up a less-than-concrete threat. Responsibility then rests with either the individual or the organization to act to prevent it from developing further,” Brown said.

Coverage Questions

Marsh reported that real estate and hospitality risk managers reviewed their general liability limits in the months following the Las Vegas attack, increasing them on average by 20 percent to 30 percent. The big question, as the incidence of workplace violence increases, is whether commercial general liability policies will respond to incidents such as a mass shooting.

Insurers are generally reluctant to comment, although according to one broker: “We understand that some general liability carriers are reviewing their policy wordings in order to clarify whether or not claims arising from mass shootings/active shooter events are covered under their policies. We’re not aware of any GL carriers amending their policies to cover such events.”

The specific issue of liability arising from Mandalay Bay is becoming increasingly contentious. In July, it was reported that the hotel’s owner MGM Resorts International, which is potentially liable for the 58 deaths and hundreds of injuries, was suing a total of 1,977 individuals involved in the shooting.

The lawsuits, filed by MGM in Nevada and California federal courts, aim to move victims’ Nevada-state court lawsuits into federal courts and seek a declaratory judgment “that the MGM parties cannot be held liable to defendants for deaths, injuries or other damages arising from [gunman Steven] Paddock’s attack.”

The potential gaps in coverage identified even when general liability, terrorism, workers’ compensation and property insurance policies are combined has seen growing demand for the specific active shooter/active assailant insurance products developed by insurers such as Beazley, Hiscox, XL Catlin and Aspen, reports Tarique Nager, terrorism placement advisory leader in Marsh’s property practice.

Chris Parker, Beazley’s political violence kidnap and ransom underwriter, confirms the company developed its Deadly Weapon Protection (DWP) insurance coverage anticipating growing demand for a specific liability insurance covering mass shooting events. Since its launch, the product has been regularly enhanced in response to feedback from clients and brokers.

“The DWP product is now at a point where it offers broad coverage, includes extensive pre- and post-event crisis management services and is priced at a point that is affordable and represents value for the money,” Parker said. “This has resulted in a three-fold increase in the number of inquiries we’ve received already this year compared to 2017 and the number of clients buying policies has more than doubled.

“Unfortunately, the number of mass shootings in the U.S. isn’t abating. Consequently, more insurance carriers are releasing their own versions of the DWP product as demand for the coverage increases.” &

Graham Buck is a UK-based writer and has contributed to Risk & Insurance® since 1998. He can be reached at

More from Risk & Insurance

More from Risk & Insurance