“I Just Received a Bomb threat . . . what do I do?”

“I Just Received a Bomb threat . . . what do I do?”

Does your company have a bomb threat policy and procedure? If you don’t know, or if you have one but have no real idea what it says, you are not alone.

Along with conducting workplace investigations for businesses, I also provide physical security consulting for businesses, organizations, and even some individuals. I have been surprised to learn than many businesses and organizations do not have any meaningful bomb threat management plan.  Even in companies and organizations that have a written bomb threat management plan, I have discovered that many key employees have no real idea what the policy and procedure is and the policy has not been reviewed or updated in many, many years. To put it bluntly, this is not good. Not good at all.

Bomb Threat Data 

Accurate statistics on bomb threats in the US are limited because there is no single data accumulator for them and many bomb threats are not reported to authorities. But experience tells us that the vast majority of bomb threats are false in that there is no explosive device. The Hartford Insurance Company conducted an analysis of bomb threats and concluded that only about 5 to 10 percent of bomb threats involve real bombs. From my experience in law enforcement responding to numerous bomb threats, I suspect that much less than 5 percent of bomb threats involve real or hoax device bombs.

If the chance of a bomb threat being real is so small, why should a company or organization take the time to create a bomb threat policy and train employees on bomb threat procedure? If a bomb threat comes in via phone – just hang up. If a bomb threat is received by email or twitter – just hit the delete key. If a bomb threat comes in the mail – just throw it in the trash.

Well . . . that’s exactly what some companies and organizations do. Again, this is not good. Not good at all.

While most bomb threats are pranksters, persons with mental problems, disgruntled employees seeking to cause panic or disrupt operations, or someone else with no intent or ability to plant a real bomb anywhere, occasionally these bomb threats are real. The consequences of simply ignoring a bomb threat and then having a bomb explode are too horrible to contemplate. The Committee on the Protection of Federal Facilities against Terrorism said it more eloquently:  “The risk may appear low or even negligible, but the consequences of even one severe occurrence are so great that appropriate mitigating measures must be considered.”

Aside from the horrific consequences of a bomb exploding, it is also a Federal Crime to make a bomb threat. Making a false bomb threat is a federal offense punishable with a penalty of up to 10 years in prison, a $250,000 fine or both. This penalty also applies to juvenile offenders. In most jurisdictions, making a false bomb threat is also a state crime and many state laws do not distinguish between false bomb threats and real bomb threats. The take away is that any bomb threat, real or fictitious, is a crime.

Why it is important to have a bomb threat management plan?

According to the United States Bureau of Alcohol, Tobacco, and Firearms, about 25 percent of all bombings are carried out against commercial establishments. Although only a small percent of all bomb threats are real, even false bomb threats can cause disruption to business activities, anxiety to workers, and cost employers valuable time and money. Even when bomb threats turn out to be false, having a meaningful bomb threat policy and procedure and training employees on the policy and procedure demonstrates that management cares and provides a sense of security and safety to employees. If a bomb threat turns out to be real, preparedness can reduce injuries and property damage, reduce fear and panic, and help to reduce civil liability.

Creating a bomb threat management plan which includes policy and procedure and meaningful training to employees is not an overly complicated task, but it should be customized to the individual business. A one-size-fits-all policy copied from some template is not adequate. Also, creating a policy and procedure and training personnel requires some subject matter expertise. Ideally, a bomb threat management plan should not be a standalone policy but part of an overall Emergency Management Action Plan.

Basic elements of a bomb threat policy

Everything that should be included in a written, well thought out bomb threat management plan is beyond the scope of this article but the basic elements include:


Having established protocols for an employee to follow when a bomb threat is received whether it comes by telephone, letter, email, or some form of social media like Twitter or Facebook is essential. An employee who receives a bomb threat should know, without hesitation, what to do and who to notify. This can only be accomplished by establishing well thought out and practical threat reception protocols and training key personnel to the protocols.


A threat assessment is the process of evaluating the threat in light of all the available evidence and judging the probability that the threat is likely to be carried out. A good threat assessment protocol involves coordination with local authorities, i.e., police and fire.

All threats, regardless of their apparent initial credibility, should be assessed based upon a systematic and quantifiable assessment methodology. Regardless of how improbable the bomb threat might seem, simply dismissing a threat without conducting a systematic threat assessment because it “sounded like a prank” or seemed to be “crazy talk” from a mentally ill person is not acceptable.


Once the threat has been properly assessed, the appropriate response can be enacted. In some cases, the response might be:

  1. Document the threat but take no action.

This response would be used when the threat assessment concluded that the threat was completely not credible.

  1. Limited physical search of facilities without evacuation.

This response would be appropriate when the threat cannot be judged totally bogus, but there is a remote possibility that the threat might be credible. In these cases, the protocol could involve designated supervisors or senior employees checking certain predetermined areas (i.e., bathrooms, break rooms, lobbies, parking structures, etc.) where a bomb could be more easily deposited. It is important that anyone conducting searches be trained on how to conduct these searches and how to report and document their actions.

  1. Personnel Relocation.

This involves moving personnel from an area deemed “vulnerable” to a safer area where they can shelter in place. It is akin to a partial evacuation. For example, if the threat assessment concludes that there could be a bomb inside a building, personnel might be temporarily “sheltered” in a parking structure or work yard.

  1. Full Evacuation.

This action is the most disruptive and involves moving all personnel completely out of the suspected target area until authorities can determine that all premises are safe. Such an evacuation plan can also be used in cases of fire, earthquakes, and other natural disasters. Any full evacuation plan must include a plan to ensure that people with disabilities can evacuate the premises in a timely manner along with the able bodied.


 It is absolutely vital for all companies and organizations – even small companies and organizations, to have a practical bomb threat management program. Ideally a bomb threat management program should be a part of an overall Emergency Management Action Plan, but a standalone plan is better than no plan at all. Failure to have a written bomb threat management program and failure to train personnel can cause unnecessary disruption in operations and anxiety among employees and customers. Moreover, the lack of a meaningful bomb threat management program can also increase liability if something happens.

Plain and simple: a well developed bomb threat management plan which includes meaningful training for all personnel, can save lives and is just a good business practice.


George W. Babnick, is a 34 year law enforcement veteran with an extensive background in physical security, criminal and administrative investigations, training, school policing, supervision and management, and criminal forensics. He retired as a Captain in the Portland Oregon Police Bureau where he managed the Training, School Police, and Forensic Evidence Divisions. He holds criminal justice degrees from Portland Community College and Portland State University and a law degree from Northwestern California University School of Law, Sacramento California. Mr. Babnick is a longtime member of the Western Society of Criminology and is the author of articles on security and law enforcement, investigations, supervision and management, and risk management related to these subjects. As a physical security expert, George Babnick provides private physical security consultations across the United States and consults with clients outside the United States. He specializes in assessing security problems for small and medium businesses as well as select individuals. He offers independent, honest advice and expertise, with the goal of providing all clients with practical and cost-effective security solutions to enhance security and effectively manage business and personal security risks. Mr. Babnick is also a licensed Private Investigator and conducts investigations for attorneys, businesses, and individuals throughout the State of Oregon. To learn more about security consultation and investigative services offered, please visit http://babnickandassociates.com Disclaimer: Nothing in any article on this blog should be construed as legal advice. Persons seeking legal advice should seek the counsel of an attorney licensed in their state.