Running in Place: Security risk management in humanitarian operations

March 2024

Running in Place: Security risk management in humanitarian operations
Abby Stoddard, Humanitarian Outcomes

Humanitarian aid workers are more likely to die from violence than any other job-related cause. Last year was especially brutal, with upwards of 260 aid workers killed — more than double the average of the prior three years.

Beginning in the late 1990s, aid organisations have been awake to the serious security risks inherent in their work, and have made steady progress in developing systems, tools, and approaches to mitigate them — a body of practice known as security risk management (SRM). As SRM has spread across the humanitarian sector, it has incrementally become more sophisticated and institutionalised within organisations, for the purpose of enabling operations in high-risk areas. At its best, SRM is inseparable from programming, used as both a support and a means to achieve aid objectives.

A newly released study, conducted by Humanitarian Outcomes and the Global Interagency Security Forum (GISF), takes stock of SRM as it is currently practiced in humanitarian responses. The research project, funded by USAID’s Bureau for Humanitarian Assistance (BHA), is the largest and most comprehensive review of the subject since the UN-led To Stay and Deliver research from 2011.

Although the study found significant progress in SRM, it also highlights some troubling disparities and gaps. Specifically, neither the benefits of SRM nor the burden of risk are shared fairly between international organisations and local/national humanitarian actors. Moreover, the goalposts have moved, meaning the advances made in SRM have not necessarily kept up with changing threat landscapes, nor have they enabled humanitarians to address emerging risks proactively. Due partly to these shortcomings, humanitarian access remains severely constrained in some of the world’s worst emergencies — a crippling weakness for the aid sector. 

We’re not ready for what’s coming.
Since the early 2000s, complex emergencies and civil conflicts with multiple armed factions have presented increasingly challenging environments for aid groups to navigate. But recent years have witnessed a new rise in large-scale wars, fought with heavy weaponry and often indiscriminate airstrikes. While the first two decades of the 20th century saw humanitarians coming to grips with the fact that they were increasingly becoming targets in these conflicts, the challenge of 2020s will likely be operational environments where every civilian is a potential target and the rules of war seem more and more illusory.

The digital realm presents a growing array of new risks as well, with disinformation and cyber-crime posing threats that can quickly translate to real world dangers. Meanwhile, the global pressures of climate change and economic hardship are spurring population movements and kindling tensions over resources that could easily erupt in new violence. 

A basic challenge with SRM is that it is by nature reactive and tends to innovate backward. Humanitarians may spot the emerging risks on the horizon, but until they encounter them in the form of a serious security incident, little thought or action is applied to how best to anticipate and mitigate against them. While well-suited for managing probable risks, SRM procedures often overlook and undervalue the less likely, yet potentially devastating, ones.

The most at risk are the least equipped.
Most international NGOs and agencies working in humanitarian crises can now boast well-established SRM systems, structures, and protocols, but local and national organisations lag far behind in SRM development. They lack adequate staff in security roles, as well as budgets for basic equipment and necessities like safe transport or accommodations for programme staff. This is largely because of a persistent and pernicious funding model (the project-based “implementing partnership” sub-grant) that effectively prevents their organisational growth and capacity strengthening. In short, without access to sufficient overheads or sustained core funding, and under pressure to keep costs low to win contracts, local and national organisations remain at a serious disadvantage when it comes to SRM. 

In addition to direct funding, local actors have lesser access to SRM coordination, training, tools, and policy guidance. Even where these resources are shared, too often they are only available in English, and geared towards Western international organisations. 

This disparity is unconscionable given that local actors often bear more frontline risk. It also leads to perverse outcomes whereby the organisations in the most immediate danger are the least resourced in SRM capacity. Perhaps most troubling, international organisation staff interviewed for the study spoke of disincentives to supporting SRM development of their local organisation partners, out of fear this would create a formal responsibility and liability for their organisation should the local partner experience a security incident.

Access challenges: If SRM isn’t enabling humanitarian access, what is it for?
Access constraints in recent conflicts have left large numbers of crisis-affected people unable to reach, or be reached by, critical humanitarian aid. In such cases, security risks can be an important, but not the only, obstacle to access. In addition to logistical impediments, there are often political and bureaucratic challenges that require intensive negotiations and coordinated approaches to extend and expand access. Humanitarians are also contending with a significant loss of trust in deconfliction efforts with military actors (notably Russia) acting in bad faith. NGOs have legitimate fears that providing information on their location and movements, far from guaranteeing their safety, may instead be putting a target on their backs. The study found that SRM personnel and systems are not invited or are choosing not to engage with the broader issues and discussions, such as the OCHA-led Access Working Groups, which have made impressive progress in several settings. Given that gaining and maintaining access in challenging operational environments is the fundamental aim of SRM in the humanitarian response, it would benefit both security and access objectives if SRM was more integrated in access efforts.


People and progress: How person-centred approaches and new skills profiles can strengthen SRM.
A more nuanced consideration of individuals and their profiles is changing humanitarian SRM in two major ways. First, many in the sector have endorsed a ‘person-centred approach’, which considers staff members’ individual risk factors like gender, ethnicity, and sexual orientation in assessing and addressing risks. While seeing the value of such an approach, however, many organisations are unsure how to implement it, fearing that mitigation of identity-based risk may cross the line into discrimination (for instance, not hiring female staff in places where women’s employment is proscribed.) Yet the person-centred approach does not seek to limit anyone’s opportunities (and indeed it holds that diversity in teams leads to better risk awareness generally), but rather to tailor risk mitigation measures appropriately and ensure staff members are fully informed on their risks. 

The other way diversity is transforming SRM is reflected in the widening pool of security professionals in the humanitarian sector. This includes more women, more professionals from the Global South, and an increasing number that have backgrounds in humanitarian programming. A new model of security professional has emerged (one which admittedly may still be challenging to recruit for) — a humanitarian programme person by training, possessed of the traditional ‘hard’ security skills and know-how, as well as ‘soft’ skills of communication, leadership, and negotiation, and the mindset which seeks to apply both in service of humanitarian programming objectives.

The next steps in the evolution of SRM in the humanitarian space
Twenty years ago, only the largest international organisations had SRM systems and capacities in place, and it was much more of a struggle to advocate with donors for funding that supported and incentivised security measures for their staff. Today, we see this situation repeating, only this time it is the local and national NGOs that are struggling to get support from their donors (the international organisations who partner with them). To build on the significant progress made in SRM by the international organisations, the sector must focus on extending these capacities and competencies to the wider humanitarian space, bridging the indefensible gap between international and local NGOs. 

The GISF-Humanitarian Outcomes report includes a series of recommendations addressing this gap and other areas for improvement. Perhaps the most consequential of these, as well as the hardest to realise, involves a shift to a more forward-looking, less reactive approach to assessing risk and innovating mitigation measures. Because in addition to extending progress to the key humanitarian actors in all settings, the sector needs to stretch its planning horizons to stay on top of changing risks and, hopefully, get out in front of new ones not yet envisioned. 


This blog is co-published with Humanitarian Practice Network (HPN), an independent forum for policymakers, practitioners and others working in the humanitarian sector to share and disseminate information, analysis and experience, and to learn from it, and the Global Interagency Security Forum (formerly EISF), a member-led NGO forum that drives change through its global network of over 140 member organisations. GISF influences good security risk management practice that works for the whole humanitarian sector, improving the security of aid workers and operations for sustainable access.


About the author
Abby Stoddard is a researcher, writer, and humanitarian policy analyst. She is a founding partner of the international research consultancy, Humanitarian Outcomes, where she conducts independent and commissioned studies and provides analysis and advice to governments and international aid agencies. Abby is a lead author of the new GISF and Humanitarian Outcomes research paper, State of Practice: The Evolution of Security Risk Management in the Humanitarian Space.