Load low-bandwidth site?

Published: December 3, 2020

Departing from a blank-profile approach to NGO security management – Overcoming barriers at the field level

By: Gavin Kelleher

Share this:

We already know that violence is not experienced by all aid workers equally, even within the same contexts, yet profile-specific approaches to security risk management (SRM) are yet to be mainstreamed by all NGO security professionals. In this blog, Gavin Kelleher, summarises his research into the barriers preventing the wider adoption of this person-centred approach to SRM at the field level, and discusses ways to overcome these.

In 2018, GISF published a report called Managing the Security of Aid Workers with Diverse Profiles. This research demonstrated how specific profiles affect the risks aid workers face. However, security risk management professionals have known for much longer that profiles matter. From the earliest surveys of victims of crime, dating back to the 1970s, it has been obvious that possessing certain traits or characteristics can significantly alter the risks encountered by an individual.

There are a broad range of factors that make up an individual’s profile, including visible characteristics, such as gender, age or ethnicity, as well as their invisible characteristics such as mental health or sexuality. Profiles also include our behaviours and capacities, which can be applied to physical disabilities, health conditions or addictions, as well as our digital profiles. The profiles of aid workers are clearly not the determining factors in many types of indiscriminate attacks, including aerial bombardment, improvised explosive devices (IEDs), or armed attacks against compounds and convoys. However, in many other types of security incidents, individual profiles make a difference; especially when considering the risk of kidnap, theft, violent assault, sexual violence, blackmail, detention and extortion, alongside many other risks.

As violence against aid workers continues to increase, with 2019 reporting the highest volume of attacks against aid workers since 1997, I wanted to find out more about why so few profile-specific approaches to security risk management have been adopted in the field of NGO security. As part of my MSc research project, I surveyed 38 NGO security managers and undertook follow-up interviews with eleven of these to understand more.

Key Findings

NGO security managers know that profile-specific risks matter, but disagree about the importance of specific factors

92% of those surveyed agreed that an aid worker’s profile impacted the likelihood of them experiencing violence. 66% of respondents know an aid worker who has been targeted on the basis of their profile. Examples provided included case studies where aid workers had been killed, kidnapped, sexually assaulted, robbed, detained, physically assaulted, harassed or arrested because of an element of their profile.

However, when presented with ten example risk factors, the importance ascribed to each factor varied considerably. Among the factors ascribed, the most important were nationality, ethnicity, gender, religion, sexuality and mental health. Less value was placed on factors such as marital status or age, with 79% of respondents finding marital status not important or somewhat not important, and 50% of respondents reporting the same for age. In follow-up interviews, it became clear that perceptions about the importance of specific factors were impacted most by personal experience, and the field locations respondents had been operating in.

Risk factors should not be considered in isolation – profiles are intersectional

When discussing which profile risk factors respondents’ protocols already addressed, unsurprisingly ethnicity, gender and nationality were the highest scoring. However, some respondents felt that some risk factors were being prescribed too much importance in isolation. One interesting finding (although statistically insignificant given the limited sample size) was that gender was the only risk factor where respondents who self-identified with it were likely to ascribe it with less importance than those who did not.

This was backed up in subsequent interviews, where mostly female respondents argued that gender-based security protocols were often disproportionate to the risk level. According to them, this was especially the case when they were applied without taking into account whether the aid worker was a local or international employee – highlighting that gender can influence even more the risks faced by local staff. There was some disagreement with this stance by other respondents, although several male participants stated that because they had a lesser understanding of how gender alters the risk environment, they typically deferred to a lower risk tolerance level.

One area of agreement was that profile-specific approaches to risk management should not be prescriptive. As with the example of gender, this means that security managers should not be creating checklist policies that equate to ‘if this, then that’. Rather, more holistic approaches are required to ensure that policies are not overly restrictive, and that risk protocols acknowledge where one aspect of an individual’s profile may elevate risks towards them, another factor may also mitigate them.

Risk mitigation measures varied considerably and lack standardisation

When respondents were asked how they currently treated profile-specific risks, the majority of responses centred around training. This was either bespoke training courses or inclusion of risk factor awareness and mitigation into arrival briefings for new staff. Other mitigation measures included profile-specific travel restrictions, tailored journey management protocols, policies, or specific risk assessments being triggered. Individual respondents also mentioned variations in minimum accommodation security standards, different curfews, amended evacuation plans or adaptations to the organisation’s security statement.

Some personal characteristics appear to be more difficult to address than others. Mental health was identified as somewhat important or very important by 74% of respondents, but 44% of respondents declared that their existing security protocols didn’t address mental health at all.


Only 53% of respondents were confident that they had enough knowledge to make informed assessments about aid workers’ individual risk environments being influenced by their personal characteristics. While security managers with more experience in the field were more vocal about the need to apply a person-centred approach to SRM, their additional experience didn’t necessarily make them more confident in their ability to implement such measures. This indicates that experience alone won’t lead to adopting profile-specific approaches to SRM, and that proactive interventions are necessary.

The biggest barriers identified to adopting more profile-specific approaches to SRM were:

  1. A lack of training

74% of respondents identified this as a barrier, although the specific type of training requested was not defined. Follow up interviews suggested that practitioners would benefit from being more aware of their own biases; and accessing practical guidance on how to implement a person-centred approach within their existing security frameworks.

  1. A lack of knowledge:

Some respondents lack enough knowledge to be able to identify where risks related to an individual’s profile are elevated. Even when these risks are identified, many research participants declared ignoring how to treat them. An absence of best practice to refer to on this topic was repeatedly mentioned.

  1. Restrictive organisational cultures:

66% of respondents reported that their organisation’s culture did not value non-traditional approaches to SRM, making it more difficult for them to adopt profile-specific approaches. The absence of strong leadership to advocate for this approach within organisations was also identified as an obstacle by several respondents.

  1. Budget constraints:

58% cited budget constraints as a barrier to implementing a person-specific approach to SRM. This obstacle is linked to other barriers, limiting access to training, but also preventing staff from attending international conferences on the topic.  The lack of sufficient funding further translates into a lack of manpower within the security function, meaning that few security managers have the spare time needed to implement new approaches.

  1. Legal ambiguity:

This barrier was recurrently flagged during the follow-up interviews – almost all respondents stated that one reason they haven’t implemented specific protocols in response to individuals’ different risks, is because they fear being accused of engaging in discriminatory practices.


A broad range of solutions were suggested by respondents. 92% of survey respondents agreed that requests from donors to adopt profile-specific approaches to SRM would be an effective way to increase their implementation. A close second, the provision of technical guidance on how to implement this approach, was identified as a relevant solution by 91% of respondents.

Interviews suggested that the following measures also need to be undertaken to successfully mainstream this approach:

  • Greater collaboration: This includes between NGO security practitioners so that a best practice can be developed, but also with HR and legal professionals within organisations so that security managers better understand what measures they can take to mitigate risks.
  • Changes to incident logging: Incident logs need to begin accounting for the profiles of victims, including both visible and non-visible characteristics. This measure would enable organisations to identify trends in targeting, and to evaluate the success of profile-specific risk mitigation measures.
  • Advocacy from leadership: This includes both within organisations, where security managers who do have a strong motivation to adopt new approaches to SRM do not feel enabled to do so, but also within the aid sector more broadly. Organisations and individuals should champion the value of a person-centred approach and allocate sufficient resources so that the sector can continue to professionally mature.
  • Practical guidance: The development and dissemination of technical guidance on how to practically implement a person-centred approach to SRM is much needed. Respondents agreed that this guidance should be developed by a coordinated effort including multiple stakeholders, but should first and foremost, come from within the NGO community.



About the author:

Gavin Kelleher is a security manager currently covering the Asia Pacific region for Healix International, who has just completed an MSc in International Security and Risk Management. Gavin is particularly interested in humanitarian security, and in profile-specific approaches to security risk management. You can contact Gavin to request the full research thesis via LinkedIn, or on Twitter @Gavin_Kelleher


World Humanitarian Day and ‘Aid in Danger’: a hard-look at violence against aid workers

The aid sector will be ‘celebrating’ the World Humanitarian Day with four level 3 emergencies. On a day that commemorates the bombing of the Canal Hotel in Baghdad we should be asking ourselves, do we need more humanitarian heroes, or do we need better responses (and better security-managed assistance) to…


New Briefing Paper: Security Risk Management and Religion

GISF new briefing paper Security Risk Management and Religion: Faith and secularism in humanitarian assistance examines the impact that religion has on security risk management for humanitarian agencies, and considers whether a better understanding of religion can improve the security of organisations and individuals in the field.


Event report: humanitarian action in fragile contexts

On Tuesday 8th July representatives from academia, INGOs, the private sector, journalists and other interested parties gathered at King’s College London to discuss key issues around new actors and the changing humanitarian space and how they will impact on security risk management (SRM). The focal point of the evening was…