He added that prior to the train bombings in Madrid or London, “people may not have been thinking about crisis management issues relative to personnel getting into town and the city shutting down.” Risk managers should make contingency plans for such a threat, such as being able to operate from another location, he suggested.

With terrorism such a difficult exposure to predict, “there are many companies out there that haven't done all the things they could potentially do,” he added.

This is due to a number of factors, including the inability to pay for security measures and the difficulty in getting plans implemented quickly, according to Mr. Grniet. “Physical barriers are a perfect example. They need to get approvals from the city, find the right product to use, decide what is appropriate, and make sure they are installed properly,” he noted.

Having a good system in place requires “a constant reassessment of your position–your risk to threat based on the information received from the government and the news,” Mr. Grniet explained. “You have to make sure [a threat] applies to you before you respond to it or you could be headed in the wrong direction.”

Risk managers need to take a global strategic view, according to Simon Sole, chief executive officer of Exclusive Analysis, a strategic intelligence company based in London that forecasts violent and political risk. “One of the faults of historical risk analysis is that it is backward looking,” he said. “We're not insuring last year–we're insuring next year. The past is no more than a data-point; it is not a forecast.”

It is also critical for risk managers to recognize that terrorist threats come not only from foreign, extremist religious groups, he continued, noting organizations at work inside the United States that at times resort to terrorism, causing less catastrophic but more frequent destruction than those who attacked on 9/11. He cited the animal liberation front and radical environmental activists as examples.

“They do things like pour paint stripper on car dealers in California,” he noted. “Property damage in the states caused by [religious] extremists in the last year is very low, but by these groups it's about $50 million,” according to Mr. Sole.

On the plus side, he added that intelligence on radical animal liberation and environmental groups is much easier to obtain than for religious extremists, warning that “insurers and risk managers need to expend some effort finding out if they are on the [target] list because of activities such as testing on animals.”

Mr. Sole also noted that risk managers presenting threat scenarios to upper management should be prepared for questions such as: “Why that scenario? On what basis were the scenarios derived?”

Those who are aware of international threats and who gather data, he said, “can do a very good job determining what is going to happen next…When you use modeling, for example, you can do a good job of figuring it out.”

Tom Marsden, associate vice president in the Government Services Division with Dunn & Bradstreet Government Solutions in Washington, said much of the focus now “is on what happens when you have uncovered a problem–we think of that as finding the needle in the haystack. There are exhaustive amounts of money and resources being applied to the problem after it's known.”

Although his company “plays a big role in supporting those investigations,” he said, “I think the more interesting and promising area is reducing the haystack.” Mr. Marsden explained that “if you can screen or filter [risks] using data, then you're being more efficient in the deployment of people.”

He noted the increasing sophistication of modeling technology and the greater use of data in terrorism risk management, “so you can quickly isolate the companies or individuals that appear to be acceptable, in which case you fast-track them and cull out the organizations or individuals that exhibit attributes that could speak to risk–thus you lower the haystack.”

Technology can be used to verify agricultural suppliers shipping goods to the United States, or a company shipping goods out of the country–perhaps a trucking company working within the country and shipping across state lines, or independent air cargo carriers, “which are high risk in nature because of the weapon at their disposal,” Mr. Marsden said.

Donald L. Schmidt, CEO of Preparedness, LLC in Sharon, Mass., said the specter of terrorism is very real. “We've had many instances of terrorism before 9/11.” He is convinced that even though the United States “has not seen a major terrorist event since 9/11, another event will occur.”

If travel, telecommunications, transportation or other critical infrastructure were affected by a terrorist attack, he asked, “what would it do to your business? What is the financial exposure? What is the potential impact on employees?”

Most importantly, he added, risk managers must prepare emergency response plans so they can react immediately in a crisis and protect employees. “Be sure you have effective warning and communications capabilities,” he said. “Accountability of personnel is not only a necessity; it's also the law in most cases.”