Security operations

Predictive risk starts with understanding the past

Every security plan starts with the same question. What could disrupt us before it happens? 

That assessment often draws on historical alerts, local reporting, static risk ratings, and analyst judgment. However, the sources for this analysis age at different speeds and rarely line up neatly. At the same time, the environment they describe keeps shifting. The World Economic Forum’s Global Risks Report 2026 found that 50% of surveyed experts expect the next two years to be turbulent or stormy.

Security teams already recognize the need for better foresight. In an ASIS International study, 52% of security professionals rated risk-escalation forecasting as highly important, while 39% said their organization had fully developed that capability. The same research found that 69% had only partial or no capability for automated situational and risk-report generation.

Predictive risk helps close that gap by turning incident history into a clearer view of future exposure.


Building a baseline before plans become fixed

Predictive risk brings together historical patterns, recent activity, location, and operational context. It shows where disruption has concentrated, which risks recur, and how conditions are changing over time.

An executive protection team can review incidents around a hotel, venue, and travel route before approving an itinerary. A physical security team can compare exposure across facilities before setting investment priorities. Or a travel risk team can examine recent activity around the places a traveler will actually visit.

This creates a baseline for the decision. Teams can see which conditions deserve attention, identify relevant thresholds, and plan appropriate safeguards while routes, schedules, and resources can still be adjusted.

Within the ADAR operating model, this work strengthens Anticipate. The team begins with a clearer understanding of what could affect the organization and where closer monitoring may be required.


Risk can change from one street to the next

Country and city ratings help orient a security team. They're useful for orientation. They're rarely enough for operational decisions. Operational decisions usually happen at a smaller scale, considering a specific hotel, office, airport, transport corridor, distribution center, or event venue.

Risk can vary materially within the same city. A 2026 study across five US cities found that half of reported crime occurred on just 2.2% to 5.1% of street segments. Although this study focuses only on crime, its findings still illustrate the importance of historical geographic details in decision-making. 

Teams need to examine incident history around a specific address, within a defined radius, across a custom area, or throughout a portfolio. That accuracy can reveal recurring hotspots, differences between nearby locations, and patterns hidden inside broad regional summaries.


AI makes historical analysis practical at scale

Historical assessments take time to build. Analysts have to search previous alerts, local reporting, internal records, weather data, transport updates, and regional assessments, and then reconcile different formats, identify relevant incidents, and turn the findings into a briefing.

The process becomes difficult to sustain across hundreds of sites, frequent travel, and repeated leadership requests.

Historical context isn’t only useful for planning. It also improves live decision-making. also improves live operations. When a new incident occurs, analysts can compare it with the established baseline to determine whether conditions are changing. That context helps shorten the decision gap between receiving an alert and understanding its operational significance.

AI-powered analysis compresses that work. It can:

  • Identify concentrations, spikes, recurring patterns, and changes in exposure

  • Compare locations, regions, routes, and asset groups consistently

  • Turn historical incidents into decision-ready summaries

The analyst still sets the scope, reviews the underlying incidents, applies organizational context, and owns the recommendation. AI accelerates the research and reporting work, so more time can be spent assessing impact and deciding what to do.


Carrying context through ADAR

Predictive risk becomes most useful when historical and real-time information support the same operating cycle.

  • Anticipate: Review previous incidents, recurring exposure, seasonal conditions, and planned activity.

  • Detect: Use real-time monitoring to identify new incidents and changes in the operating environment.

  • Analyze: Compare current activity with historical patterns and connect it to people, assets, routes, and operations.

  • Resolve: Turn the assessment into travel changes, mitigation plans, leadership briefings, or automated workflows.

Context carries forward from one stage to the next. Analysts enter a developing event with an established baseline, which makes it easier to assess relevance, identify escalation, and communicate what has changed.

This addresses one of the central weaknesses in traditional security alerting whereby an incident can arrive quickly and still leave the team without enough context to act. This issue is explored further in The hidden gaps in traditional security alerting.


Looking back to plan forward with samdesk

Predictive risk isn’t about predicting the future with certainty. It’s about entering decisions with a stronger understanding of what has happened before. The samdesk dashboard provides real-time visibility into emerging incidents. Predictive risk modeling with Atlas adds the historical view required for forward planning.

Security teams can use Atlas to examine all-hazards incident history around an address, across a custom area, within a region, or throughout a portfolio. They can compare exposure, identify recurring patterns, investigate changes, and ask questions about the underlying data in plain language.

AI reads the incidents behind the reporting, surfaces relevant findings, and helps analysts develop decision-ready summaries. The analyst remains in control of the scope, evidence, and final assessment.

Predictive risk gives security teams a stronger basis for preparation. Looking back reveals where exposure has concentrated, how conditions have changed, and which decisions deserve attention before the pressure to act narrows the available options. Because the best decisions rarely begin with today’s first alert. They begin with yesterday’s lessons.

See how Atlas helps security teams use incident history to anticipate risk, analyze exposure, and plan ahead. Request a demo.

Featured Resources

Insights on the future of security operations.

Explore our guides, case studies, and research on the latest trends in security operations.


Featured Resources

Insights on the future of security operations.

Explore our guides, case studies, and research on the latest trends in security operations.


Featured Resources

Insights on the future of security operations.

Explore our guides, case studies, and research on the latest trends in security operations.