If It Happens Here: Facing Post-Terror Attack Litigation

But while these events leave us at a loss, the court system braces for a wave of litigation as suits are quickly filed — not against the attacker, but against venue owners, operators and security providers. Which is why it is important for these stakeholders to acknowledge that they could face liability in the event of a terrorist attack, and explore options to manage that risk.

Who Used To Be Responsible For Terrorist Attacks? The Terrorists, Of Course

Actions seeking damages from property owners, operators and security providers following a terrorist attack is a fairly recent trend. For years, courts typically held that losses suffered as a result of a terrorist attack were attributable to terrorists, not property owners.

For example, after the 1995 Oklahoma City bombing, a number of plaintiffs filed negligence and other claims against the manufacturers of the fertilizer used to make the bomb used in that attack. But courts dismissed the claims, finding that the intervening actions of the terrorists negated any causal link between the fertilizer manufacturer and the plaintiffs’ losses.

Similarly, negligence claims against the manufacturers of the fertilizer used in the bombing of the World Trade Center in 1993 were dismissed. In that instance, the court held that fertilizer-based attacks were so uncommon that they made an incident like the 1993 World Trade Center bombing nothing more “than a remote or theoretical possibility.” In other words, the manufacturer was not expected to account for the unpredictable, senseless actions of terrorists.

The Changed Liability Landscape Of The 21st Century

But the world has changed a great deal since the 1990s. So too has case law on who bears liability for damages stemming from terrorist attacks.

This shift is evident in additional litigation filed after the 1993 World Trade Center bombing. After that attack, suits were not only filed against the fertilizer manufacturer, but also against the Port Authority of New York and New Jersey, the entity that operated and provided security for the WTC.

In the suit against the Port Authority, a New York court initially held that the Port Authority bore the majority of the liability for the 1993 bombings, finding that the attack would not have occurred but for inadequate provision of security at the World Trade Center. Specifically, the court held that terrorist attacks are foreseeable and that venue owners and operators should take “reasonable measures” to defend against them.

While the Port Authority ultimately defeated liability in this suit by successfully asserting sovereign immunity, a defense not generally available to the typical venue owner/operator, the New York court’s initial holding represents an early indicator of a changing judicial view on how responsibility is allocated following an act of terror.

The shift towards holding venue owners, operators and security providers liable following an act of terrorism gained ground in the litigation arising out of the 9/11 attacks. Following those attacks, families of the victims sued a variety of entities, including the manufacturers of the hijacked airplanes.

The manufacturer’s defense rested in large part upon an assertion that it was nigh impossible for them to envision terrorists would break through “negligently designed” cockpit doors, hijack an aircraft and wreak havoc and destruction. The Southern District of New York, however, disagreed and flatly rejected this defense. The court found instead that the danger of a plane crashing as a result of a hijacking was “the very risk that Boeing should reasonably have foreseen.”

With this decision, plaintiffs can now argue that basically any terrorist attack is “foreseeable,” thereby requiring venue owners and operators to take “reasonable” security mitigation measures to deter, defeat or mitigate terrorist attacks.

What Property Owners Need To Think About In 2017

The requirement to take “reasonable” security measures to defend against terrorist attacks raises a key question for U.S. venue owners, operators and security providers: what measures are “reasonable?”

There is no law, rule or definitive benchmark for venues, meaning that following an act of terror, an owner, operator or provider facing liability can expect expensive and protracted litigation over the “reasonableness” of their security measures. In an effort to protect against this outcome, companies now find themselves second-guessing whether their security measures are “sufficient” and debating whether they should invest more resources or procure different products or services. This uncertain process could easily lead to a variety of negligence claims by plaintiffs.

Consider the following examples:

• A venue owner installs metal detectors to screen patrons for contraband and weapons and thus limit the possibility of a terrorist bombing. Plaintiffs may counter that all the owner did was shift the threat to outside their screening area, while failing to implement appropriate security for guests waiting to be screened.
• A venue owner contracts with a security company to monitor the facility and intercept security threats. In that scenario, plaintiffs respond with “negligent contracting,” alleging that the security vendor was inadequately vetted or supervised, which, in turn, contributed to the success of the terrorist attack.

The potential pitfalls for owners and operators vary, but have a common end result: lengthy and contentious post-attack litigation.

Can Post-Terrorist Attack Litigation Risks Be Managed?

So what can venue owners in the US do to manage post-attack litigation? There are three options.

Insurance

Terrorism insurance is available to venue owners via the Terrorism Reinsurance Act. That law guarantees the availability of terrorism insurance, via a government backstop and other mechanisms.

Still, the program only offers limited protection, because a) it does not kick in until significant losses are incurred and b) the insurance does nothing to cap liability — it makes available reimbursement only up to a certain point.

Risk/liability transfer

One popular tool is to transfer risks via contract to other parties such as security vendors or property managers.

This option is certainly viable and can help to minimize the exposure of owners but negotiating such agreements can be difficult. Moreover, it is difficult to envision a scenario where a venue owner and/or operator will be able to transfer away all their risks and liabilities.

Federal safe harbors

Perhaps the best option for venue owners and operators is the SAFETY Act, a federal law explicitly designed to address the difficult liability environment described above.

The SAFETY Act was created to allow venue owners and operators (along with any provider of a physical or cybersecurity product or service) to obtain a cap or presumption of immunity from liability following a terrorist attack. That allows venue owners/operators to proceed with confidence that post-attack litigation can and should be limited.

Whatever You Are Going To Do, Get To It

Stopping every terrorist attack is near insurmountable task. Unfortunately post-attack litigation will be one of the painful legacies of those tragic events.

For companies that have worked hard to do the right thing and protect their guests and employees, however, tools like the SAFETY Act are there to justify all their hard work.