In the five years since the attacks on September 11, 2001, Howard Kunreuther, Wharton professor of operations and information management, has collaborated with members of the private and public sectors to determine how individuals and firms can be motivated to enhance security in our interconnected world. In a new book titled, Seeds of Disaster, Roots of Response: How Private Action Can Reduce Public Vulnerability, Kunreuther and other contributors argue that the United States will continue to be at risk for low-probability, high-consequence events like 9/11 and Hurricane Katrina until the private sector and public leadership develop strategies to persuade individuals and firms to invest in cost-effective protective measures. The book is edited by Erwann Michel-Kerjan, managing director of Wharton’s Center for Risk Management and Decision Processes, and three others.
In a podcast with Knowledge at Wharton, Kunreuther and Michel-Kerjan discuss the book as well as issues like: What incentives are there for investing in protective measures when others haven’t taken similar steps, and how can organizations and ordinary citizens be motivated to move beyond self interest?
If you have your favorite podcast source, the url is:
For your convenience you may play or download with the links under the title.
The following is an edited version of the Podcast:
Knowledge at Wharton: Howard, you had been studying decision making for low-probability high-consequence events before the attacks of 9/11. In what ways did 9/11 change your focus?
Kunreuther: I think one of the big differences with 9/11 and some of the other events that we had looked at — including natural catastrophes and disasters but also low-probability events like hazardous waste and the storing of radioactive waste — is that you really didn’t have a group that could respond to what you were doing.
What we are seeing with 9/11 is, it’s always a concern in terms of what the terrorists are going to do based upon what actions will you take. That is one big difference. The other difference we can talk more about is that there’s a whole set of interdependencies that exist when you’re dealing with terrorist attacks, weak links and a variety of things that the terrorists can take advantage of, that can hurt a much larger system than just the unit that might be attacked.
Knowledge at Wharton: Howard: In a recent article on interdependent security, you raise the example of the bomb that terrorists concealed in a checked bag on Malta Airlines in 1988, which ultimately led to the explosion of Pan Am Flight 103 over Lockerbie, Scotland. Question to both you and Erwann: How does this illustrate the problems associated with interdependent security?
Kunreuther: Well, let me start, and Erwann may want to say a few words and broaden this to some of the other things that are part of the book that he’s co-edited. I think the Pan Am 103 crash, which came to our attention certainly in 1988 but then also after 9/11, raises the following issues, and it’s an issue that Geoffrey Heal, a professor at Columbia University and I have been spending some time thinking about.
In this particular case, a bomb was loaded at an unsecured airport in Gozo airport in Malta. It was transferred to a feeder plane in Frankfurt, transferred to Pan Am 103, and set to explode at over 28,000 feet, which is only after the Pan Am 103 plane left Heathrow. There was nothing that Pan Am could do about preventing that accident short of inspecting all its bags because this was a transferred bag.
This is one example of interdependencies on two levels. One is, it shows that some weak link, in this case Gozo airport, could actually cause a crash in an entirely different part of the world. Secondly, it also shows that there may have to be some very, very strong steps of coordination that would take place because up until, really, maybe a year or two ago, the only airline in this case that ever inspected every bag was El-Al. At all other airlines, once a bag was actually loaded, it stayed on that airline and was assumed to be safe because it was assumed that security measures would have been taken at all the airports.
Knowledge at Wharton: But given the fact that international flights touched down in so many different countries, how can you assure that sort of global interaction and how can you depend on airports in other countries to do the kind of thorough checking that you would want done?
Kunreuther: This has been one of the issues that has really faced us after 9/11. We have a very different view of airline security now as we all know, given all of the checking that is taking place all over the world. So in some sense, 9/11 changed our view, whereas beforehand this was all viewed as a problem that each of the individual airlines faced. Now it’s a problem not only
that airports face, but that society faces, and a global society in this case.
Michel-Kerjan: I was going to say, we have to mix globalization of social and economic activity with just-in-time processes, meaning that you want everything now…. [Because] risks we face are international by definition, we are [dealing with] unknown security all the time. What you’re really talking about here is international security and how you can secure — not only the homeland — but different individual countries.
Knowledge at Wharton: What happens when one entity invests in protective measures, such as vigilant luggage checking, but others don’t? Does that become a disincentive?
Kunreuther: It becomes very much of a disincentive if it turns out that you know that no one else is taking the steps that you are taking. Let me give you one example on a very different level that might illustrate this. If you want to take protection against, let’s say, a fire that might occur in your apartment, and you feel you should be rewarded for having taken those measures in some sense, and you think about the fact that this is going to cost you something. The fact that you would know that no one else has taken those protective measures provides a disincentive for you to do so because you’re aware that a fire could spread from one of the other apartment units to yours.
So we really have a challenge in this area of how we coordinate and get everyone to work together. It also requires — this is one of the important parts, and I know it’s one of the features of the book that Erwann has co-edited — bringing the public and private sector together. You need to have regulations; you need to have well-enforced standards. For example, in the case I just illustrated, a building code or some building codes become an important aspect. Just like in airline security, we have a whole set of different ways that we’re viewing the problem today.
Michel-Kerjan: I was going to add to that, when you consider what we call critical infrastructure services, such as transportation, postal operation, water supply, food supply, in the U.S. a large majority of these critical services is owned by the private sector. I’m talking about 80-85% of these critical services being owned by the private sector, so you have a real challenge. … Then, on the private side, it’s a very competitive waltz. If you are not the one to take the lead on that, along with a critical mass of your competitors, you won’t do anything because you don’t want to be the first one to spend a lot of money investing in costly mitigation measures.
Knowledge at Wharton: So what’s the future of the private sector and public leadership working together to develop some sort of accountability?
Michel-Kerjan: I think that was the theme of the book. We have 26 chapters in what has been a joint venture between Wharton, Harvard and George Mason University. I think regulation’s definitely part of the game. [The idea is] to sit at the same table with decision makers in the private sector and say: “Well, how can we help you doing a better job so you can integrate the security factor into your business model?”
Kunreuther: Let me just add to what Erwann just said. I think that there are very, very important roles the private sector can play. Even within their own industry trade associations can play an important role enforcing a variety of norms and standards. In the airlines — where you have an airline association –I think this is happening more. In the chemical industry there are a variety of these associations that now are really in the forefront in terms of taking steps to avoid having what they would say is “hard hand of government” coming in. But if you don’t have that kind of coordination, then I think you’re going to really have to rely on some kind of government involvement, so that industry recognizes this is not just their problem.
One other point that Erwann emphasized, and it’s an important one, is the level playing field aspect on the competitive side: If you have one group that feels it’s going to want to take a step and incur a set of costs, if they know none of the others are doing this, they are going to be very hesitant to [incur] those costs themselves — for profitability reasons alone.
Knowledge at Wharton: And you have also to [take into account] that most businesses are myopic in a sense because they feel they need to prove return on investment in the next two weeks or two months. Here, however, you are talking about a long-term investment for security measures, so the business model is different as well.
Kunreuther: We have an acronym for that called NIMTOF which we’re using these days: Not In My Term of Office.  
Knowledge at Wharton: A variation of NIMBY [Not in My Back Yard].
Kunreuther: Right, another version, exactly.
Knowledge at Wharton: What is the best-case scenario for minimizing the damage of the next Katrina?
Kunreuther: Well, this is an area that we have been very, very interested in at the Risk Center, that Erwann and I are both actively involved in here at Wharton, and that is: How do you take steps before a disaster to avoid the damage afterwards? Our provost at Penn, Ron Daniels, was very active in pushing this, and in fact got a whole group of us starting to think about this issue one month after Katrina. There is a book that came out on risk and disaster that really was pushed by virtue of just the question that you’re raising: How do you take these steps beforehand in dealing with the risk?
I think the key issues that are challenging here is that no one wants to think about these disasters until after they occur; and I think we even saw that after Katrina: There was almost the hope that it wouldn’t occur, and the feeling that if we could just wish it away, it would go away. What needs to be done is there has to be a very systematic analysis on the part of the public sector as to what actions should be taken beforehand. The levees are a very good example. There were real indications, and studies done, that New Orleans was a city that was going to be hurt very badly. The Times-Picayune got a Pulitzer Prize for their articles. And I will tell you, there’s an article in National Geographic, in October 2004, that I read to my wife after Katrina, not telling her where it came from, and she was sure it was a Katrina scenario. But there it was, nine months before Katrina occurred, with exactly, almost to the word, what happened there. So there were all sorts of evidence beforehand. We have to do the appropriate kind of benefit/cost analysis on the public sector.
For the private sector, it’s a great challenge, because we really face what Erwann and I have both been talking about — myopia. People don’t really see the benefits of these investments in which they face these up-front costs that will be required to make a house safer, for example. You would have to improve the roof, or you could shore it up in one way or another, make it flood-proof, or earthquake-proof in the case of a California home. And that really raises problems, because people feel that they aren’t going to get enough back for their investment. So we have to think about ways of dealing with that problem, and getting people, through loans or other ways of spreading the costs, to want to take those steps beforehand. It’s a big challenge.
Michel-Kerjan: I amjust going to add, when you have one disaster per decade, that’s one thing, but when you’ve got four hurricanes hitting Florida in 2004, and then three or even four major hurricanes in 2005, just the meaning of what is a disaster — and how you include that disaster preparedness into your public policy or private strategy — becomes one of the important points for decision-makers…. We have a project between Wharton and the World Economic Forum in Davos on global risks. The fact that the World Economic Forum put the question of global risks on the table, on the agenda, for top decision-makers in the world [to discuss], is very, very important, because you integrate that into a new way of thinking about these catastrophes.
Knowledge at Wharton: You’ve both talked about ways to motivate the adoption of protective measures, of trade associations getting involved, maybe the threat of government regulation. What specific economic incentives can be used to encourage people to adopt protective, proactive measures?
Kunreuther: Well, let me give you one example of that in the context of what we were just talking about on Katrina — thinking about the idea of trying to get an individual to take a protective step, recognizing that that measure might cost a thousand or two thousand dollars, and having them feel they are not going to live in their house for that long so they can’t afford it. “I live from payday to payday” is something we often hear. But one should recognize that when they take that measure, they are really reducing the risk. They are reducing the risk to the point where if they are buying insurance, which most people are required to buy — on the wind portion anyway, and many of them on the flood portion for hurricanes — they should be able to get a premium discount for having taken that measure.
Now, if we can provide some kind of way to bring the private sector together — and in this case I would say the insurance industry and the banking community together…. [Pretend] that you are living in the New Orleans area for the moment, now, and you want to put in this measure. You take a home improvement loan, you get it from your bank; it’s a 20-year loan; it gets tied to your mortgage; it’s a relatively small payment that you have to make each year for that measure, and because it’s something that has improved the quality of your house, and reduces the loss from a hurricane, you should get something back on your insurance premium. If it’s a cost-effective measure, you’re going to come out ahead, because you will actually wind up paying a lower amount and having your insurance premium reduced more than the cost of the loan, per year. You don’t have to think about that measure any more; that loan will stay with the mortgage if you happen to move. Now what’s interesting — and this hasn’t been implemented, by the way, so this is one way of trying to push for it, trying to get the banks and insurers to come together — is that you have to have the insurance rates reflect the risk. That’s very important; otherwise there’s no incentive for the insurance industry to give you a premium discount if they’re forced to subsidize those rates. That is a major problem we fact today.
Knowledge at Wharton: And measuring that risk.
Kunreuther: And measuring that risk, which can be done. There is a lot of data and we have modeling companies, and that’s more sophisticated — a lot easier to do that on hurricanes than on terrorism. But if you measure the risk, and you can get the premium to reflect it, and you then say, “I’m going to give you this premium discount because this measure is a cost-effective measure,” the insurance industry comes out ahead, because they have lower losses. They also have to pay less for their protection against catastrophic losses, if a lot of houses do that, and they pay less for reinsurance. The banking industry comes out ahead because they’re better-protected [on the] mortgages. And all of us, as taxpayers and citizens in this country, come out ahead because we have to pay less for disaster relief.
So when we put it on the table this way, it looks like a no-brainer, a win-win-win. When you deal with the real world, you’ve got regulatory issues in place and you have state regulation of insurance that has to be looked at. We are currently involved in a major project now — Wharton, Georgia State and the Insurance Information Institute — on the future of disaster insurance. One of the principles we are advocating is, rates have got to reflect the risk in order to be able to promote the measure that you’re asking to come forward. Otherwise it will not happen. It will not happen easily, anyway.
Michel-Kerjan: Two points on that: First, the insurance industry doesn’t have good publicity most of the time, especially after a disaster. Well, what people don’t realize most of the time is that the insurance industry today, 2006, is the largest industry sector in the world. It’s three times the size of the oil industry, in terms of revenue generated. When you think about it, insurance is everywhere. So as a market mechanism … insurance can be a bridge between mitigation and risk financing. Second, to answer your question, “What could be done?” we think that at the end of the day, customers will have an important role to play. I mean, just think about 20 years ago when you talk about car safety — it was not a marketing thing. Now when you talk about car safety, you see ads on TV and everywhere talking about five-star ratings, safety for cars, really marketing arguments. Can we do the same thing, same type of job, 10 years from now, where security becomes a marketing argument as well?
Knowledge at Wharton: And going back to 9/11 to maybe wrap this up, Howard, you have noted that 9/11 is something that maybe couldn’t have been avoided, but what would have helped to minimize the peripheral damage?
Kunreuther: That’s a very challenging issue, and we’ve all looked back, five years now that 9/11 has occurred, and I think that notion of better vigilance is clearly there. But what we needed to recognize, first of all, is that this is something that could not be done, in many ways, by the private sector alone. And I think that is something that we have come to recognize now, but it took 9/11 for us to be aware of the fact. We formed the Department of Homeland Security only after 9/11, because nothing had happened.
And so 9/11 illustrates the problem we have in all of these areas of low-probability events: It’s only afterward that we really pay attention. But when we think about this, we had all sorts of evidence before 9/11 that there were major problems here, and we ignored them. The insurance industry ignored them. They didn’t charge a penny for terrorism insurance before 9/11, despite the fact that we had the World Trade Center attempt in 1993, and Oklahoma City, but they didn’t see it as a threat. If the insurance industry wasn’t paying attention, that’s an indication that a lot of us were not paying attention and yet we had all sorts of evidence in other parts of the world, including our own country, that this was a problem. So I think it’s really vigilance, and trying to be prepared, and trying to say that this may happen to us, and that we can’t just take it for granted and tune out of these events. I think we’re doing more of that now, and I think this fifth anniversary of 9/11, coupled with the first anniversary of Katrina, has put all of these events very much on the radar screen of everyone. We’re paying attention to these issues in a way we hadn’t done before.