What Federal Data and Incident Patterns Reveal About Church Security Risk

Contributed by Jim Brigham, LCG VP of Risk Management, Former Operations Chief, State of Vermont, Office of Safety and Security

Series context. This three-part series examines church security and house-of-worship safety through a risk-management lens. Part 1 defines the national threat landscape using federal data and documented incidents. Part 2 addresses training, liability, and governance structure. Part 3 focuses on implementation and sustainment for ministry leaders. [1]

The Risk Environment Facing Houses of Worship

Church security is no longer a peripheral discussion. It is a governance issue grounded in foreseeable risk.

The Federal Bureau of Investigation documented 24 active shooter incidents in the United States in 2024. Houses of worship continue to appear among location categories in federal reporting. [2] While active shooter events remain statistically rare, their consequences are severe and nationally visible.

The Department of Justice reported 2,699 religion-based hate crime incidents in 2023. Religious institutions remain among commonly targeted property categories. [3] Even incidents that do not result in casualties cause operational disruption, reputational damage, and psychological harm within congregations.

The Cybersecurity and Infrastructure Security Agency has issued federal guidance specifically addressing the mitigation of attacks on houses of worship. [4] Similarly, the Federal Emergency Management Agency provides structured Emergency Operations Plan guidance tailored for faith-based organizations. [5]

These publications exist because vulnerability patterns are recognized at the national level.

LCG perspective. Under ISO 31000 risk management principles, risk reflects both likelihood and consequence. Effective governance requires evaluating both dimensions rather than focusing solely on probability. [6]

Why Churches Present Unique Risk Characteristics

Risk management begins with exposure analysis.

Houses of worship typically share five characteristics:

1. Publicly predictable schedules
2. Open access entry models
3. Volunteer-based staffing structures
4. High symbolic and cultural visibility
5. Limited physical hardening compared to government or corporate facilities

The U.S. Secret Service National Threat Assessment Center has documented that attackers frequently select targets based on accessibility and symbolic significance. [7] In many public attacks studied, advance-warning behaviors were observed prior to violence.

The relevant leadership question is not whether violence is common. The question is whether vulnerability is foreseeable and whether proportionate controls have been considered.

Learning from Federal Research

Research on mass attacks consistently demonstrates compressed timelines. Many incidents conclude before law enforcement’s arrival. [2]

This operational reality shifts responsibility toward immediate on-site capability. Capability does not necessarily mean armed volunteers. It means:

• Defined communication protocols
• Documented emergency procedures
• Trained medical responders
• Leadership clarity during a crisis
• Familiarity with facility layout and access points

The national Stop the Bleed program recognizes that immediate hemorrhage control by bystanders significantly increases survivability in trauma events. [8] Medical readiness, therefore, is not optional equipment placement. It is training aligned with realistic response windows.

Preparedness must match operational reality.

Data Does Not Support Complacency

Lifeway Research reported that 81 percent of Protestant pastors state their church has some form of security measure in place. However, far fewer report structured drills or formalized response exercises. [9]

The gap between nominal security presence and operational readiness creates governance exposure.

FEMA’s planning doctrine for houses of worship outlines a structured approach to developing emergency operations plans, defining roles, coordinating with responders, and conducting exercises. [5] CISA provides mitigation checklists, vulnerability assessment tools, and partnership guidance. [4]

These are federally endorsed planning instruments designed specifically for faith-based institutions.

Preparedness is not alarmism. It is structured stewardship.

Governance and Fiduciary Responsibility

Nonprofit leaders are expected to exercise reasonable care in addressing foreseeable risks.

The Nonprofit Risk Management Center emphasizes documentation, screening practices, policy oversight, and training records as core components of defensibility. [10]

Boards that formally review and document security oversight demonstrate proactive governance. Boards that avoid the discussion may later face questions regarding reasonable foreseeability and duty of care.

Risk governance does not require fear-based messaging. It requires structured decision-making, documented review, and proportionate controls aligned with the mission.

Quick Checklist

1. Review current federal threat and hate crime reporting relevant to houses of worship. [2][3]
2. Conduct and document a vulnerability assessment using federal guidance. [4]
3. Ensure board-level oversight and formal review of emergency planning responsibilities. [5][10]

Final Thought

Preparedness is stewardship expressed through planning.

Churches exist to welcome. Leadership exists to protect. These responsibilities are not in conflict.

Understanding the threat landscape is the first step toward a proportionate response. In Part 2, we will examine liability exposure, insurance considerations, certification standards, and governance structures that allow churches to build safety programs that are lawful, documented, and defensible.

Preparedness is not alarmism. It is care expressed through action.

References

[1] LCG Discovery, Faith Under Fire Series Overview, 2026.

[2] Federal Bureau of Investigation, Active Shooter Incidents in the United States in 2024, 2025.
https://www.fbi.gov/file-repository/active-shooter-incidents-in-the-us-2024.pdf

[3] U.S. Department of Justice, Bureau of Justice Statistics, Hate Crime Statistics 2023.
https://www.justice.gov/hatecrimes

[4] Cybersecurity and Infrastructure Security Agency, Mitigating Attacks on Houses of Worship Security Guide, 2024.
https://www.cisa.gov/resources-tools/resources/mitigating-attacks-houses-worship-security-guide

[5] Federal Emergency Management Agency, Developing High-Quality Emergency Operations Plans for Houses of Worship.
https://www.fema.gov/sites/default/files/2020-07/developing_eops_for_houses_of_worship_final.pdf

[6] International Organization for Standardization, ISO 31000:2018 Risk Management Guidelines.
https://www.iso.org/standard/65694.html

[7] U.S. Secret Service National Threat Assessment Center, Mass Attacks in Public Spaces, 2023.
https://www.secretservice.gov/sites/default/files/reports/2024-01/NTAC_Mass_Attacks_Public_Spaces_2023.pdf

[8] Stop the Bleed, National Bleeding Control Program.
https://www.stopthebleed.org

[9] Lifeway Research, Most Protestant Pastors Say Their Church Has Security Measures in Place, November 13, 2023.
https://research.lifeway.com/2023/11/13/most-protestant-pastors-say-their-church-has-some-type-of-security-measure

[10] Nonprofit Risk Management Center, Risk Resources for Nonprofits.
https://nonprofitrisk.org

This article is for general information and does not constitute legal advice.