We have to ask: could this be related to the fact that the marginal risk posed by terrorism to companies in the US are small? Of course, terrorist attacks are spectacularly horrible events, but in terms of the sheer numbers, how large a risk is it compared to, say, internal sabatoge or even accidental fires? Overall, despite the screaming headline, this is a decent article... except that it basically ignores the obvious role of insurance in situations of low average risk but highly catistropihic possible outcomes. . . .
A majority of security executives surveyed said their companies don't have plans to cope with an unconventional terrorist attack, even though most believe that a terrorist attack of some kind is likely to occur in the coming months, according to the results of a poll released by CSO magazine today.

The survey of 476 chief security officers and senior security executives found that 60% believe that a terrorist attack is likely in Boston or New York, which are hosting the Democratic and Republican political conventions this summer, respectively. While 63% of CSOs said their companies have planned for conventional attacks such as bombings or hostage taking, 61% said they haven't planned for unconventional attacks using chemical, biological or nuclear weapons, according to the magazine.

The online survey of CSO subscribers was conducted between April 27 and May 18, 2004, and has a 4.5% margin of error. CSO subscribers were asked their opinions on a number of issues, including terrorism, politics, IT security policy and purchasing decisions.

The link for this article located at computerworld.com is no longer available.