Protection against terrorist threats has become an integral part of organisational
and national security strategies. But research on adversarial risks is still
dominated by approaches which focus too much on historical frequencies and which
do not sufficiently account for the terrorists motives and the strategic component of
the interaction. In this paper we model the classical risk analysis approach using a specific
variant of adaptive play and compare it with a direct implementation approach.
We find that the latter allows for a more purposeful use of security measures as
defenders avoid to get caught in a “hare-tortoise-trap”. We specify the conditions
under which the direct implementation outperforms adaptive play in the sense that it
lowers the cost of defence at a given rate of deterrence.We analyse the robustness of
our results and discuss the implications and requirements for practical application.