Howard Kunreuther looks at the bankruptcies of Barings Bank and Arthur Andersen, and the severe losses incurred by Union Carbide and Lloyd s of London after a series of disasters, and he sees a common thread: How the actions of one division or plant severely damaged the whole company.


Such cases, along with the September 11 terrorist attacks, have caused Kunreuther, co-director of Wharton s Risk Management and Decision Processes Center, to think about the challenges that organizations face in dealing with low-probability events that have large-scale consequences. Specifically, he is concerned about how divisions within firms can be encouraged to invest in protective measures when other divisions are not making that same investment.


 Until after September 11, I never really appreciated why insurance, as a tool, can t provide the appropriate kinds of incentives for protecting people if it turns out the insured party can be contaminated by the actions of others, he says.  Consider fire protection in an apartment building. Suppose a tenant invests in a sprinkler system for his apartment only to have a fire on the floor below spread to his unit and destroy it, despite the fact that he invested in a protective measure (the sprinkler system).


 His insurance company knows that this type of scenario can occur, Kunreuther says,  and therefore will be reluctant to reduce the premium on his fire policy by as much as it would have if the person lived in a unit that could not be contaminated by others or if the apartment building required all units to have fire sprinklers.


The airlines industry offers another example. Airlines invest in baggage security, but a plane can be contaminated by a piece of luggage transferred by other airlines that do not have baggage security systems. Pan Am 103 crashed, Kunreuther says, because an uninspected Malta Airlines suitcase carrying a bomb was transferred to the Pan Am plane.


 If each airline knows that others in the industry have not invested in baggage security systems they will be more reluctant to incur these investments themselves, Kunreuther points out. In fact, it was only after September 11 that the federal government intervened by requiring airlines to institute baggage security systems. Several years prior to these terrorist attacks, he adds, individual airlines had asked the federal government to be involved in the process but were told that each airline should institute a security system on its own.


Interdependency issues also arise in supply chain management where it is often hard to determine which part of a defective product actually caused the problem. If that is the case, what incentive does a supplier have to make a part safe, if it knows the defect cannot be detected after many other components are added on? In the information technology area, how do you make computer networks more secure against terrorist attacks? For government health agencies, what is the optimal number of people to vaccinate against a disease where any unprotected individual could contaminate many others?


A recent paper by Kunreuther and Geoffrey Heal, a finance professor at Columbia s Graduate School of Business, analyzes this issue of interdependent security and its relationship to catastrophic events, specifically with reference to company behavior.  We show that when failure to take action by any division can bankrupt the entire firm, the economic incentive for any division to invest in risk-reduction measures depends on how it expects the other divisions to behave, the authors note.  There may be situations where no one invests in safety measures, even though everyone would be better off if each division had incurred this cost.


Underlying that finding is a fundamental question:  Do organizations  such as chemical firms and airlines, and decision-makers such as computer network managers and public health officials  invest in security to a degree that is adequate from either a private or social perspective? The answer, Kunreuther says, is no. So what do you do about it?


Contamination from Others


First, a look at some of the issues raised by interdependent security.


A firm s objective, says Kunreuther, is to maximize its expected returns by either investing or not investing in protective measures. (Protective measures are any investments that reduce the risk of an untoward event. Examples include baggage screening that protects airlines from bombs, triple hulls on oil tankers that reduce the chances of an oil spill, and safety measures in chemical plants that reduce the chances of an accident.) The decision depends in part on the behavior of subunits in the organization. If all divisions invest in security (or protection), then the problem of contamination is alleviated. But if one or more divisions don t make this investment, then the incentives for others not to invest are greater.


And of course as more and more divisions choose not to invest in protection, the remaining divisions will have even less incentive to invest because they are getting fewer benefits in return for their costs. The result is likely to be an increase in risky behavior by all units.  A culture of risk-taking can spread through the organization because knowledge that a few groups are taking risks reduces the incentives of others to manage [these risks] carefully, says Kunreuther.


In the Union Carbide case, the company suffered catastrophic losses because of unsafe conditions in its Bhopal chemical plant; Lloyd s of London was in financial trouble due to the huge insurance losses of several of its high-flying and semi-autonomous syndicates; Barings Bank fell because of an unsupervised rogue trader in its Singapore office, and Arthur Andersen declared bankruptcy after it was convicted of obstruction of justice related to the Houston office s audit of Enron Corp.


Probability  in this case the chances that a catastrophic loss will occur  should play a role in the decision-making process. People in general have a hard time dealing with low probability events, Kunreuther says. They find it difficult, for example, to distinguish between probabilities of one in 10,000, one in 100,000 or one in a million. So the question becomes whether to invest in protection  when there is some probability, often a very small one, that there will be a catastrophic event that could be prevented or mitigated.   


In their paper, entitled  A Firm Can Only Go Bankrupt Once: Risk Management Strategies in an Uncertain World, the authors point out that a central aspect of interdependency is that  the risk faced by one agent depends on the actions taken by others & The risk that a corporate divisional manager faces of his company being sent into bankruptcy depends not only on how he manages his divisional risks but also on how other division heads behave. The risk of an airplane being blown up by a bomb depends on the thoroughness with which other airlines inspect bags that they transfer to this plane.


Kunreuther and Heal look specifically at expected returns associated with investing and not investing in security. For example, if a company consists of a single division,  the cost of investing in protection must be less than the expected cost to its employees from a catastrophic accident. Adding a second division tightens the constraint by reflecting the possibility of contagion & Investing in protection buys you less when there is the possibility of contamination from others.


When you go to multiple divisions within a firm,  one weak link in the organization compromises all the other divisions. In other words, one unprotected division endangers all of the other divisions in the firm even if they have all invested in security. The more divisions that have not invested in protection, the greater the chances that the employees of any division will be looking for another job even if its own plants are secure from a catastrophic accident.


This gets back to the question raised earlier: How can enough divisions in a company, or companies in an industry, be persuaded to invest in security so that all the others will follow suit?


Third Party Inspections


A centralized management committee within the company is one option. Such a committee could, for example, try to establish an organizational norm by making it clear, as Dupont does, that  safety is our most important product, and then convince everyone in their various divisions to use that as a guideline for their actions. Those divisions that do  would get some reward, not profits, but perhaps a bonus or a citizens award, says Kunreuther, adding  I don t know how well that strategy actually would work in practice.


The committee could also make clear the possibility of a catastrophic accident that would destroy everybody.  But even here, divisions may be adverse to investing in protection against the very large accident, knowing that if it ever happens, everyone will have to pay for it and the individual divisions won t have to worry about their own skins, Kunreuther says.


Then there are third party inspections. Kunreuther and Heal cite the Clean Air Act Amendments of 1990 that required facilities to perform a hazard assessment, estimate consequences from accidents and develop a risk management plan that would be made available to the U.S. Environmental Protection Agency.


But as Kunreuther notes, the EPA  doesn t have enough personnel to monitor the firms, so some divisions are likely to not undertake certain safety measures and gamble that they won t be caught. A firm will say,  The probability of getting caught is very low and the fine if I am caught is very low, so I m just not going to spend the money to come into compliance. 


To counter that mindset, Kunreuther has suggested that the EPA consider a proposal whereby a third party inspection is coupled with insurance. Low risk divisions will want to get inspected in order to get a lower insurance premium. These divisions would also get a seal of approval  after passing a high-quality inspection  that they could show to the EPA. The Agency would then have no reason to inspect them. That means there would be a greater chance that the high risk divisions would get inspected, and this in turn would encourage them to adopt a risk management plan. At least that is the theory.


Ironically, Kunreuther adds, central management committees in organizations may actually like third party inspections, such as those demanded by the government. The firm can then blame others for the regulations and inspection requirements.  Many organizations would like someone else to do their dirty work for them, Kunreuther notes. It gives these firms an excuse to hire a third party inspector to make sure the divisions are operating safely and it increases the firms expected profits by reducing the negative externalities that divisions face.


 The use of third party inspections in conjunction with private insurance is a powerful combination of two private market mechanisms coupled with a government regulation that can convince many firms of the advantages of implementing risk management programs to make their plants safer, the authors write.  It has the potential of encouraging recalcitrant divisions in a large firm or small firms to comply with the regulation to avoid being caught and fined.


Tipping Behavior


Kunreuther and Heal pose another question in their paper: What if divisions in a company are heterogeneous so that they have different risks and costs associated with their activities? In a chemical firm, for example,  some divisions may be responsible for plants that have a much higher risk of a large-scale accident than plants operated by other divisions. In an investment banking firm, the trading division is likely to take more risks than the M&A division.


In some firms, there may be one division that occupies  such a strategic position that if it changes from not investing to investing in protection, then others will follow suit. And even if there is no one single division that can exert such leverage, there may be a small group. This type of  tipping behavior implies that one might need to  focus on only certain parts of an organization to convince others that it is in their economic interest to take similar actions. [It becomes] particularly important to persuade some key players to manage risks more carefully, the paper notes. What this means, Kunreuther adds,  is that you wouldn t have to police every division.


The authors also look at the problem of interdependent security in the context of firms within an industry rather than divisions within a firm. To use the earlier example of baggage inspection in the airline industry, the authors suggest bringing in an official organization to coordinate a unified approach. For example, the International Air Transport Association (IATA)  could have made the case to all the airlines that they would be better off if each one used internal baggage checking so that the government would not have had had to require this.


Other associations, such as the American Chemical Council, could establish social norms that promote conformance with certain industry standards and, in that context,  could put pressure on individual companies to invest in protection, Kunreuther adds.


In the research models that Kunreuther and his colleagues have devised to study these issues,  the probability and outcomes of a particular event are well specified, the authors note. In reality, of course, there is considerable ambiguity associated with the data,  ambiguity that has an impact on decisions of whether or not to invest in protective measures.


 The insurance industry has not marketed terrorism coverage widely since Sept. 11, says Kunreuther,  and when you ask them why, they say that they really can t estimate the risk. When you estimate the risk for them, they still say that the information is too ambiguous and they don t want to deal with it & Ambiguity for whatever reason seems to queer a lot of decisions people make with respect to dealing with, or protecting themselves, from risk.


Kunreuther and his colleagues note the need for more data to increase their understanding of the way people behave and their interest in adopting protective measures when there are issues of interdependent security. Their research, Kunreuther says, has clearly identified a need to  reexamine the role of the public and private sectors in developing strategies for providing protection against catastrophic events so as to reduce their likelihood of occurrence and their potential consequences.