Risk Analysis: An International Journal
A Risk Analysis Approach to Prioritizing Epidemics: Ebola Virus Disease in West Africa as a Case Study
The 2014 Ebola virus disease (EVD) outbreak affected several countries worldwide, including six West African countries. It was the largest Ebola epidemic in the history and the first to affect multiple countries simultaneously. Significant national and international delay in response to the epidemic resulted in 28,652 cases and 11,325 deaths. The aim of this study was to develop a risk analysis framework to prioritize rapid response for situations of high risk. Based on findings from the literature, sociodemographic features of the affected countries, and documented epidemic data, a risk scoring framework using 18 criteria was developed. The framework includes measures of socioeconomics, health systems, geographical factors, cultural beliefs, and traditional practices. The three worst affected West African countries (Guinea, Sierra Leone, and Liberia) had the highest risk scores. The scores were much lower in developed countries that experienced Ebola compared to West African countries. A more complex risk analysis framework using 18 measures was compared with a simpler one with 10 measures, and both predicted risk equally well. A simple risk scoring system can incorporate measures of hazard and impact that may otherwise be neglected in prioritizing outbreak response. This framework can be used by public health personnel as a tool to prioritize outbreak investigation and flag outbreaks with potentially catastrophic outcomes for urgent response. Such a tool could mitigate costly delays in epidemic response.
Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastructure of an organization's security operation center to quantitatively estimate the probability of attack. Our methodology specifically addresses untargeted attacks delivered by automatic tools that make up the vast majority of attacks in the wild against users and organizations. We consider two-stage attacks whereby the attacker first breaches an Internet-facing system, and then escalates the attack to internal systems by exploiting local vulnerabilities in the target. Our methodology factors in the power of the attacker as the number of “weaponized” vulnerabilities he/she can exploit, and can be adjusted to match the risk appetite of the organization. We illustrate our methodology by using data from a large financial institution, and discuss the significant mismatch between traditional qualitative risk assessments and our quantitative approach.
With cloud computing, Internet-of-things, wireless sensors, social media, fast storage and retrieval, etc., organizations and enterprises have access to unprecedented amounts and varieties of data. Current risk analysis methodology and applications are experiencing related advances and breakthroughs. For example, highway operations data are readily available, and making use of them reduces risks of traffic crashes and travel delays. Massive data of financial and enterprise systems support decision making under risk by individuals, industries, regulators, etc. In this introductory article, we first discuss the meaning of big data for risk analysis. We then examine recent advances in risk analysis with big data in several topic areas. For each area, we identify and introduce the relevant articles that are featured in the special issue. We conclude with a discussion on future research opportunities.
This article studies the effects of incorporating the interdependence among London small business defaults into a risk analysis framework using the data just before the financial crisis. We propose an extension from standard scoring models to take into account the spatial dimensions and the demographic characteristics of small and medium-sized enterprises (SMEs), such as legal form, industry sector, and number of employees. We estimate spatial probit models using different distance matrices based only on the spatial location or on an interaction between spatial locations and demographic characteristics. We find that the interdependence or contagion component defined on spatial and demographic characteristics is significant and that it improves the ability to predict defaults of non–start-ups in London. Furthermore, including contagion effects among SMEs alters the parameter estimates of risk determinants. The approach can be extended to other risk analysis applications where spatial risk may incorporate correlation based on other aspects.
Border inspection, and the challenge of deciding which of the tens of millions of consignments that arrive should be inspected, is a perennial problem for regulatory authorities. The objective of these inspections is to minimize the risk of contraband entering the country. As an example, for regulatory authorities in charge of biosecurity material, consignments of goods are classified before arrival according to their economic tariff number. This classification, perhaps along with other information, is used as a screening step to determine whether further biosecurity intervention, such as inspection, is necessary. Other information associated with consignments includes details such as the country of origin, supplier, and importer, for example. The choice of which consignments to inspect has typically been informed by historical records of intercepted material. Fortunately for regulators, interception is a rare event; however, this sparsity undermines the utility of historical records for deciding which containers to inspect. In this article, we report on an analysis that uses more detailed information to inform inspection. Using quarantine biosecurity as a case study, we create statistical profiles using generalized linear mixed models and compare different model specifications with historical information alone, demonstrating the utility of a statistical modeling approach. We also demonstrate some graphical model summaries that provide managers with insight into pathway governance.
Communicating Earthquake Preparedness: The Influence of Induced Mood, Perceived Risk, and Gain or Loss Frames on Homeowners’ Attitudes Toward General Precautionary Measures for Earthquakes
Despite global efforts to reduce seismic risk, actual preparedness levels remain universally low. Although earthquake-resistant building design is the most efficient way to decrease potential losses, its application is not a legal requirement across all earthquake-prone countries and even if, often not strictly enforced. Risk communication encouraging homeowners to take precautionary measures is therefore an important means to enhance a country's earthquake resilience. Our study illustrates that specific interactions of mood, perceived risk, and frame type significantly affect homeowners’ attitudes toward general precautionary measures for earthquakes. The interdependencies of the variables mood, risk information, and frame type were tested in an experimental 2 × 2 × 2 design (N = 156). Only in combination and not on their own, these variables effectively influence attitudes toward general precautionary measures for earthquakes. The control variables gender, “trait anxiety” index, and alteration of perceived risk adjust the effect. Overall, the group with the strongest attitudes toward general precautionary actions for earthquakes are homeowners with induced negative mood who process high-risk information and gain-framed messages. However, the conditions comprising induced negative mood, low-risk information and loss-frame and induced positive mood, low-risk information and gain-framed messages both also significantly influence homeowners’ attitudes toward general precautionary measures for earthquakes. These results mostly confirm previous findings in the field of health communication. For practitioners, our study emphasizes that carefully compiled communication measures are a powerful means to encourage precautionary attitudes among homeowners, especially for those with an elevated perceived risk.
This work aims to assess the exposure to permethrin of the adult French population from available contamination measurements of outdoor air, indoor air, and settled dust. Priority is given to the assessment of chronic exposure, given the potential of permethrin to induce cancers and/or endocrine disorders. A statistical method was devised to calculate exposure to permethrin by different pathways (inhalation, indirect dust ingestion, and dermal contact). This method considers anthropometric parameters, the population's space–time budget, and recent methods for calculating dermal exposure. Considering the media of interest, our results pointed to house dust as the main environmental source of permethrin exposure, followed by indoor and outdoor air. Dermal contact and indirect dust ingestion may be more important exposure pathways than inhalation. A sensitivity analysis indicated that exposure estimates were mainly affected by variability within contamination data. This study is the first step in aggregated exposure and risk assessment due to pyrethroid exposure. Outdoor air, indoor air, and settled dust may constitute significant exposure sources, in addition to diet, which could be important. The next step entails assessing internal doses and estimating the proportion of each exposure source and pathway relative to internal exposure.
Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decision-Theoretic Approach
The government, private sectors, and others users of the Internet are increasingly faced with the risk of cyber incidents. Damage to computer systems and theft of sensitive data caused by cyber attacks have the potential to result in lasting harm to entities under attack, or to society as a whole. The effects of cyber attacks are not always obvious, and detecting them is not a simple proposition. As the U.S. federal government believes that information sharing on cybersecurity issues among organizations is essential to safety, security, and resilience, the importance of trusted information exchange has been emphasized to support public and private decision making by encouraging the creation of the Information Sharing and Analysis Center (ISAC). Through a decision-theoretic approach, this article provides new perspectives on ISAC, and the advent of the new Information Sharing and Analysis Organizations (ISAOs), which are intended to provide similar benefits to organizations that cannot fit easily into the ISAC structure. To help understand the processes of information sharing against cyber threats, this article illustrates 15 representative information sharing structures between ISAC, government, and other participating entities, and provide discussions on the strategic interactions between different stakeholders. This article also identifies the costs of information sharing and information security borne by different parties in this public-private partnership both before and after cyber attacks, as well as the two main benefits. This article provides perspectives on the mechanism of information sharing and some detailed cost–benefit analysis.
Most risk analysis approaches are static; failing to capture evolving conditions. Blowout, the most feared accident during a drilling operation, is a complex and dynamic event. The traditional risk analysis methods are useful in the early design stage of drilling operation while falling short during evolving operational decision making. A new dynamic risk analysis approach is presented to capture evolving situations through dynamic probability and consequence models. The dynamic consequence models, the focus of this study, are developed in terms of loss functions. These models are subsequently integrated with the probability to estimate operational risk, providing a real-time risk analysis. The real-time evolving situation is considered dependent on the changing bottom-hole pressure as drilling progresses. The application of the methodology and models are demonstrated with a case study of an offshore drilling operation evolving to a blowout.
Predicting the Risk of Biological Invasions Using Environmental Similarity and Transport Network Connectedness
Understanding the risk of biological invasions associated with particular transport pathways and source regions is critical for implementing effective biosecurity management. This may require both a model for physical connectedness between regions, and a measure of environmental similarity, so as to quantify the potential for a species to be transported from a given region and to survive at a destination region. We present an analysis of integrated biosecurity risk into Australia, based on flights and shipping data from each global geopolitical region, and an adaptation of the “range bagging” method to determine environmental matching between regions. Here, we describe global patterns of environmental matching and highlight those regions with many physical connections. We classify patterns of global invasion risk (high to low) into Australian states and territories. We validate our analysis by comparison with global presence data for 844 phytophagous insect pest species, and produce a list of high-risk species not previously known to be present in Australia. We determined that, of the insect pest species used for validation, the species most likely to be present in Australia were those also present in geopolitical regions with high transport connectivity to Australia, and those regions that were geographically close, and had similar environments.
Communicating Low-Probability High-Consequence Risk, Uncertainty and Expert Confidence: Induced Seismicity of Deep Geothermal Energy and Shale Gas
Subsurface energy activities entail the risk of induced seismicity including low-probability high-consequence (LPHC) events. For designing respective risk communication, the scientific literature lacks empirical evidence of how the public reacts to different written risk communication formats about such LPHC events and to related uncertainty or expert confidence. This study presents findings from an online experiment (N = 590) that empirically tested the public's responses to risk communication about induced seismicity and to different technology frames, namely deep geothermal energy (DGE) and shale gas (between-subject design). Three incrementally different formats of written risk communication were tested: (i) qualitative, (ii) qualitative and quantitative, and (iii) qualitative and quantitative with risk comparison. Respondents found the latter two the easiest to understand, the most exact, and liked them the most. Adding uncertainty and expert confidence statements made the risk communication less clear, less easy to understand and increased concern. Above all, the technology for which risks are communicated and its acceptance mattered strongly: respondents in the shale gas condition found the identical risk communication less trustworthy and more concerning than in the DGE conditions. They also liked the risk communication overall less. For practitioners in DGE or shale gas projects, the study shows that the public would appreciate efforts in describing LPHC risks with numbers and optionally risk comparisons. However, there seems to be a trade-off between aiming for transparency by disclosing uncertainty and limited expert confidence, and thereby decreasing clarity and increasing concern in the view of the public.
Hazard Analysis and Safety Requirements for Small Drone Operations: To What Extent Do Popular Drones Embed Safety?
Currently, published risk analyses for drones refer mainly to commercial systems, use data from civil aviation, and are based on probabilistic approaches without suggesting an inclusive list of hazards and respective requirements. Within this context, this article presents: (1) a set of safety requirements generated from the application of the systems theoretic process analysis (STPA) technique on a generic small drone system; (2) a gap analysis between the set of safety requirements and the ones met by 19 popular drone models; (3) the extent of the differences between those models, their manufacturers, and the countries of origin; and (4) the association of drone prices with the extent they meet the requirements derived by STPA. The application of STPA resulted in 70 safety requirements distributed across the authority, manufacturer, end user, or drone automation levels. A gap analysis showed high dissimilarities regarding the extent to which the 19 drones meet the same safety requirements. Statistical results suggested a positive correlation between drone prices and the extent that the 19 drones studied herein met the safety requirements generated by STPA, and significant differences were identified among the manufacturers. This work complements the existing risk assessment frameworks for small drones, and contributes to the establishment of a commonly endorsed international risk analysis framework. Such a framework will support the development of a holistic and methodologically justified standardization scheme for small drone flights.
Examining Factors that Influence the Existence of Heinrich's Safety Triangle Using Site-Specific H&S Data from More than 25,000 Establishments
In the 1930s, Heinrich established one of the most prominent and enduring accident prevention theories when he concluded that high severity occupational safety and health (OSH) incidents are preceded by numerous lower severity incidents and near misses. Seventy-five years of theory expansion/interpretation includes two fundamental tenets: (1) the ratio of lower to higher severity incidents exists in the form of a “safety-triangle” and (2) similar causes underlie both high and low severity events. Although used extensively to inform public policy and establishment-level health and safety priorities, recent research challenges the validity of the two tenets. This study explored the validity of the first tenet, the existence of the safety triangle. The advantage of the current study is the use of a detailed, establishment-specific data set that evaluated over 25,000 establishments over a 13-year time period, allowing three specific questions to be explored: (1) Are an increased number of lower severity incidents at an establishment significantly associated with the probability of a fatal event over time? (2) At the establishment level, do the effects of OSH incidents on the probability of a fatality over time decrease as the degree of severity decreases—thereby taking the form of a triangle? and (3) Do distinct methods for delineating incidents by severity affect the existence of the safety triangle form? The answer to all three questions was yes with the triangle form being dependent upon how severity was delineated. The implications of these findings in regard to Heinrich's theory and OSH policy and management are discussed.
Is There Any Hope? How Climate Change News Imagery and Text Influence Audience Emotions and Support for Climate Mitigation Policies
Using a national sample, this study experimentally tests the effects of news visuals and texts that emphasize either the causes and impacts of climate change or actions that can be taken to address climate change. We test the effects of variations in text and imagery on discrete emotions (i.e., hope, fear, and anger) and, indirectly, on support for climate mitigation policies. Political ideology is examined as a moderator. The findings indicate that news images and texts that focus on climate-oriented actions can increase hope and, in the case of texts, decrease fear and anger, and these effects generally hold across the ideological spectrum. In turn, the influence of emotions on policy support depends on ideology: Hope and fear increase support for climate policies for all ideological groups but particularly conservatives, whereas anger polarizes the opinions of liberals and conservatives. Implications for climate change communication that appeals to emotions are discussed.