The six Ws of security policy-making
by Christina Wille, Insecurity Insight July 2010

On 29 October 2008, a vehicle loaded with explosives forced its way into the UN compound in Hargeisa, the capital of the breakaway republic of Somaliland. The detonation killed two employees of the UN Development Programme (UNDP). Across town, further bombs targeted the presidential palace and Ethiopia’s diplomatic representation. Another two bombs exploded in the semi-autonomous Puntland region. The attacks occurred as leaders from Kenya, Uganda, Djibouti and Ethiopia met in Nairobi to discuss the Somali issue. Islamist groups with links to Al-Qaeda are believed to have been responsible.

The events made headlines around the world. Images of broken windows, damaged walls and dead civilians inevitably shape our opinion of the dangers and threats associated with delivering aid in a volatile and ungoverned country like Somalia. In the absence of foresight, accounts of past events are the best available sources to gain an overview of the specific dangers in a particular environment. However, the media’s focus on selected attacks is not a guarantee that our attention is drawn to the most frequent or the most dangerous situations that aid workers confront. Moreover, such reports do not tell us what can be done to make people and their work less vulnerable.


The six ‘W’s

This article describes a new project that highlights patterns of violence drawing on analysis of data providing detailed information on the nature of the event. This is based on the six ‘Ws’: who did what to whom, where, when, why and with what weapons. Such analysis can provide vital information for designing an effective policy response. Insecurity Insight, in partnership with humanitarian agencies and umbrella organisations, collects information on a wide range of incidents covering both the most devastating attacks and near-misses. By applying an innovative approach to data analysis, we can generate insights into common factors underlying these attacks, which can then be used by the project’s members and the broader humanitarian and policy-making communities.

The project combines information from media reports with internal security monitoring by humanitarian agencies. Partner agencies, including Care International, International Medical Corps, Oxfam and Save the Children, submit detailed descriptions to Insecurity Insight of security incidents affecting their staff or work. The definition of security incident is as broad as the spectrum of events affecting the delivery of aid. It covers murders and kidnappings of aid workers, as well as the less severe but more frequent robberies, injuries, threats and expulsions.[1] It also records information on the impact of security events on the ability to deliver aid, for example in cases where security concerns or ambient violence have resulted in staff being withdrawn, or operations being suspended or cancelled.

Humanitarian agencies have long recognised that cooperation in sharing security information benefits everyone. Yet legitimate concerns regarding data protection responsibilities towards the victims and differences in the way organisations’ reporting mechanisms work in the past made sharing information on a global scale very difficult. However, the work of specific information-sharing and coordination mechanisms, such as the Afghanistan NGO Safety Office (ANSO) and the NGO Safety Program (NSP) in Somalia, has shown that cooperation can work. In the project described here, Insecurity Insight functions as a clearinghouse, managing submissions from partner agencies in a confidential manner and making the information available in an aggregate and anonymised format that no longer identifies a specific victim or agency.

Such cooperation has wide benefits. Organisations gain access to information on security developments directly affecting aid organisations around the globe without having to spend resources on monitoring incidents beyond those affecting their own organisation. Information about what is happening to other agencies is particularly useful when organisations are taking decisions about whether to open (or reopen) operations in a country. Such data can also be readily used to demonstrate to directors, board members and donors the need for adequate financial investment in security measures.

An important added value of this project lies in its unique and sophisticated approach to event processing. The concept is based on the Taback-Coupland method of violence analysis. The thinking is inspired by public health methods. Information is coded, stored and retrieved in a specifically designed relational database. The aim is to generate findings akin to the kinds of recommendations used by public health specialists seeking to prevent disease by advising people to avoid or adopt certain practices. Applied to security thinking, this means looking for those aspects of security incidents that can be affected by a change in people’s behaviour or controllable elements in the environment.

Information on the six ‘Ws’ draws attention to the role various factors may play in shaping the outcome of an event, helping to identify where policy measures are required. The aim is to reduce the vulnerability of victims and the potency of perpetrators in order to limit the impact of violence. The objective of such a database is not to describe the magnitude of the problem by attempting a full count of all violent events and numbers of affected people. Public health experts teach us that the search for the factors that influence the spread of a disease, which is the information needed to identify counter-measures, does not require information on the total number of people affected by a disease. Instead, a sample of relevant events can provide these answers.


Case example: kidnapping in Somalia

The example of Insecurity Insight data on kidnappings of humanitarian staff in Somalia illustrates the approach and outputs. At present, the database, which is continually updated and backdated, contains 115 events reported from Somalia for the period July 2008 to December 2009. These events describe the death of 52 humanitarians, the kidnapping of 50 employees and ten threats to organisations. This is not a complete list of events, and does not provide a full count of the number of aid agencies affected or staff killed, kidnapped or threatened. The total count is, without a doubt, higher. Even so, enough events exist to start looking for patterns.

All 50 kidnapping victims worked for humanitarian agencies, whether non-governmental or UN-related. Of these, 27 were expatriates and 21 were Somalis.[2] However, this does not show that expatriates are at a higher risk of kidnapping than Somali employees. Such a conclusion could only be drawn with the knowledge that the sample accurately reflects the proportion of expatriates and Somalis kidnapped and the total numbers of expatriate and national staff in the country. The approach here treats groups of events with distinct characteristics as separate samples. In the example here, these are the sample of events in which expatriates were kidnapped and the sample of events in which locals were kidnapped. Both samples are examined for differences that are unlikely to be the result of biases within the data.

All but two of the 27 expatriates kidnapped in Somalia were released following an average of 100 days in captivity (mean 100 days, median 67 days). Two other victims are missing without any information available as to their whereabouts. Of the 21 kidnapped Somalis who worked for humanitarian agencies, five were killed, and 15 were either freed or managed to escape, usually on the day of the kidnapping itself (median 0 days in captivity, mean six).[3] The exception was the kidnapping of Somali Hassan Mohammed Ali, the head of UNHCR in Somalia, who was held for 67 days.

The differences in the example from Somalia are interpreted based on qualitative information with a view to identifying areas for policy measures. The conclusion based on this comparison is that expatriates and Somalis are treated differently when kidnapped and may behave differently as well. Ransom demands for kidnapped expatriates tend to be addressed to the organisation they work for or the state of origin. Lengthy negotiations often follow that may or may not include the payment of a ransom. For many Somalis ransom demands appear to be made to their families, some of whom may pay up quickly. It is also likely that the amount of money demanded is higher when demands are addressed to an organisation or state, rather than a local family (although this information is not systematically available). The length of time that the head of UNHCR was held may differ from the general pattern of kidnapped Somalis because his captors may have regarded him as higher value due to his senior position within a UN agency.

Few expatriates attempted to resist their kidnappers, perhaps because this is the general advice given. A number of Somali victims, by contrast, attempted to overpower their abductors. Some succeeded and managed to escape, while others were killed. This raises the question whether agencies provide local employees with the same type of kidnapping awareness and behaviour training as expatriates. If so, it could be worth finding out why such advice is not adhered to. If the right answers and policy responses to these differences in behaviour are found, it might be possible to reduce the proportion of Somali humanitarians killed during a kidnapping.

This is just one example of how consumers of the information from this project could use it. The aim is to identify entry points for measures that might make a difference. Training on how to react in the event of a kidnapping might be the ‘seatbelt’ which, while not able to prevent the car crash, might make the difference between life and death.

The project is looking for more agencies to work with us. Becoming a partner is simple. Following a memorandum of understanding, the partner agency forwards information about security events in its preferred format to Insecurity Insight. Agencies can then take part in seminars that look at patterns within the data, and possible implications. There are also plans to develop online access to summary data for partners, for which funding is being sought. For more information see the Insecurity Insight website at


Christina Wille is co-director of Insecurity Insight. Her email address is


[1] Ss toh,during a kidnapping. igh lia

rity Insight website at afety incidents such as road accidents are not included.

[2] For two kidnapping victims no information was provided as to whether they were Somalis or foreigners.

[3] There is no further information on the whereabouts of the 21 kidnapped Somalis.