10 reasons we aren’t better at preventing sexual abuse

If you ask a room full of people if they agree we should be doing everything possible to protect children and vulnerable adults from sexual abuse, the answer will undoubtedly be, “Yes, of course!”

But the fact is that most youth-serving organizations are still using protection practices designed twenty years ago that haven’t been best practices for at least ten years. And we know they’re not best practices.

So why are we still using basic “safe environment” measures (see 5 below) to address the risk of sexual abuse?

We likely won’t get better at preventing sexual abuse until we understand what has stopped us from upgrading, so maybe the better question is, “How did we convince ourselves that we didn’t need to adapt our practices?”

Here are the ten reasons we believe sexual abuse protection hasn’t yet been upgraded. We have grouped the reasons into categories: people, tools and resources, and the progress we could make if people have the right tools and resources.

People: How people think about sexual abuse prevents effective prevention

Cognitive biases impact how we think about sexual abuse, we make assumptions, and we avoid engaging with the subject.

1. Many people believe their prevention efforts are already good enough

When we start talking to people working with minors and vulnerable adults about improving their sexual abuse prevention, one of three comments is often made:

  • “I’ve been here for five (or ten or twenty) years and sexual abuse has never happened.  We’re good.”
  • “We know everyone here.  Sexual abuse couldn’t happen here.”
  • “We don’t work with children, so we have no exposure.”

The first two are examples of the most common cognitive biases people have about sexual abuse.  The third is the often-heard assumption that sexual abuse only impacts children.  They all reflect a version of the idea that, while better prevention is needed, it isn’t necessary “here.”  

People start to change their views when we talk about how adult-on-child sexual abuse has doubled in the last ten years, and child-on-child abuse has increased five times.  More are convinced when we talk about how fast the costs of failing to prevent sexual abuse are rising, and yet more when we show how little protection they have from those costs.  When we show how they, like 95% of organizations, are using twenty-year-old practices at least ten years past being best practices, most no longer have any reservations. 

When we finish talking to the people closest to children and vulnerable adults, they are ready to change how they prevent sexual abuse.

2. Many people believe safe environments and insurance will protect them if sexual abuse happens

Anyone still to be convinced to change readily understands when we show how unprotected current practices leave them and their organizations.

Safe Environments

The safe environment framework most organizations use to prevent sexual abuse contains some legal protections if organizations comply with the requirements.  Unfortunately, plaintiffs’ attorneys have had twenty years to figure out how to circumvent the protections, even if an organization meets all the requirements.  For instance, there was a list of twelve allegations of negligence against the Boy Scouts of America in a recent open letter to Congress, only four of which were “in safe environment territory.”  

As a result, safe environments provide little or no protection to organizations today.


Because of rising sexual abuse and increasing costs, insurance for sexual abuse is now much harder to find, difficult to buy, covers much less, and costs much more.  If current market trends continue, there is a foreseeable future when sexual abuse insurance will only be available as a stand-alone policy at a much higher cost and with much less coverage than has traditionally been available.  Some organizations can’t afford adequate insurance already, and affordability will deteriorate further unless more carriers can be encouraged into the market.  

Even if insurance remains as it is today, it doesn’t cover the non-financial costs of failing to prevent sexual abuse.  Unfortunately, these have also risen sharply.  

  • Twenty years ago, an allegation of abuse led to lawyers huddling to agree on a settlement covered by an NDA.  Then, disruption to organizations, personal lives, and reputations was minimal.  
  • Today, an allegation of sexual abuse will be followed by a criminal investigation that could last up to two years.  Then, if the allegation is upheld (and sometimes even if it isn’t), up to five years of civil litigation can follow.  The disruption to organizations and personal lives is significant, and reputations can be destroyed.   

3. Too few people have yet to engage with sexual abuse.

No one likes thinking, talking about, or engaging with the idea of sexual abuse.  But to prevent it effectively, we must find a way to engage with it.

With engagement as one objective, risk management best practice defines risk as “the effect of uncertainty on objectives.”  The broader approach to managing uncertainty around organization objectives (instead of trying to prevent adverse events) actively encourages engagement with risk because people actively engage with activities designed to help them achieve their objectives.  

The culture that results from engagement produces powerful results.  For example, organizations using risk management best practices achieve their objectives more often, have fewer and less costly adverse events, and are more highly trusted and valued than organizations using traditional risk management.    

Compared to the engagement involved in risk management best practices, most organizations look at the controls involved in creating safe environments as something that must be “done.”  It is a “check-box” process and rarely engaged with beyond that.  Since most people don’t like thinking or talking about sexual abuse, safe environment controls enable disengagement.  For instance, it is much easier to focus on the mechanics of background checks than to think about what the check is trying to prevent.

Tools and Resources: We are using the wrong tools to prevent sexual abuse

The next four reasons deal with how we cannot keep using the same prevention tools and resources if we want to achieve a different and better result.  

There is best practice for preventing risks like sexual abuse (ERM), but we haven’t decided to use it.  It may be because it is considered too complex, though it isn’t. 

Collaboration and data management are the other two tools; they will make ERM easier to use and much more effective.  

4. We have yet to accept the need to use risk management best practices to prevent sexual abuse.

The belief persists that the best way to prevent sexual abuse is to focus on preventing sexual abuse.  This sounds reasonable, except it is far from risk management best practice.  It also sounds a bit like how the sports world once thought about training.  

Once upon a time in swimming (other sports would work just as well for this example), the conventional wisdom was that more and more swimming produced ever-better swimming performance.  The result was that athletes swam length after length for hours.  However, it was later recognized that “return-on-lengths” diminished and eventually turned negative.  A more rounded approach that involved swimmers participating in other sports benefited swimming performance more than endless lengths.  

Recognizing the benefits of a broader perspective, risk management best practice focuses on achieving organizational objectives, not just preventing adverse events.  Risk management best practice is an approach called enterprise-wide risk management or ERM.  The recognition in ERM is that prevention practiced as part of a system seeking positive outcomes produces better prevention outcomes than when prevention is practiced as a stand-alone activity.  The results outlined in 3. above speak for themselves.  

If risk management best practice has successfully moved beyond a prevention-oriented approach, why wouldn’t we do the same for sexual abuse risk? 

5. There is a perception that risk management best practice is too complex for most youth-serving organizations

The four controls of most safe environment frameworks are:

  • Criminal background checks
  • SAM-related training
  • Policies around 1-to-1 interactions
  • Mandatory reporting

It has been suggested that one reason the four safe environment controls have not been added to since they were originally selected twenty years ago is that asking youth-serving organizations to do more is too complex or demanding for them.  However, I suspect it is more likely that, because potentially millions of organizations need to be verified for compliance with these controls, it is easier to verify compliance if there are only four controls to verify. 

In fact, contrary to the idea that best practice is too complex or demanding, we find that when organizations are guided through best practices and shown all that they can do to protect children, they choose to implement more controls (about five times more) than are currently required of them.  They are also grateful that protecting children well is made easy for them.  

6. We have yet to accept we cannot prevent sexual abuse without collaboration.

The sexual abuse prevention world is siloed; religious organizations don’t discuss sexual abuse with sports organizations.  Unfortunately, it is also part of the broader risk management world, famous for its silos; insurers, brokers, consultants, lawyers, etc.  The combination of cross-sector and cross-discipline silos prevents data sharing, which minimizes analysis.  

Silos are particularly damaging to improving sexual abuse protection because sexual abuse is a relatively rare risk.  In analytical terms, the rarer a risk, the more data you need to understand it.  Significant amounts of the right kinds of data (see 7. below), drawn from across sectors and disciplines, will need to be analyzed if we are going to uncover new and better ways to protect children (see 6. below).   

Information silos must be eliminated, and collaboration must occur automatically to improve child protection.

7. We have yet to acknowledge the central role data will play in preventing sexual abuse

Data and its management will be central to successful abuse prevention; ERM cannot be delivered, complexity simplified, or collaboration managed without effective information management. 

Currently, we don’t collect the right data or analyze it in ways that enable us to do any more than improve sexual abuse protection slowly and incrementally.   We must implement a fundamental change in how we manage sexual abuse information.  

The data we collect now is almost exclusively about sexual abuse events.  This is essential data, but on its own, it is not enough to develop a comprehensive view of how sexual abuse is being prevented and how we could improve that.   In the future, we must collect risk, management, and performance data; event data is only a fraction of the required performance data.

The current primary analysis tool is root cause analysis.  This has been a trusted and valuable tool for hundreds of years; the entire specialty insurance industry has been built on it, but it is hardly cutting-edge.  Instead, we must apply a range of approaches to the combination of risk, management, and performance data to identify what is predictive of both positive and negative performance.

Identifying the data we need to collect and analyzing it when we have it are not the most significant data challenges.  Collecting the data is the challenge; convincing organizations to share data of the quality needed to improve abuse protection.  That level of collaboration requires incentivizing, which we think will happen from a combination of enabling any organization to:

  1. use risk management best practices so they can be confident they are protecting children and vulnerable adults as well as possible from sexual abuse
  2. record how conscientiously they are protecting children so, combined with prevention best practices, they also protect themselves from the consequences of failing to prevent sexual abuse
  3. accurately signal how well they are protecting children enabling reward, and
  4. constantly improve protection as best practices change and expectations evolve.

As valuable as these incentives are, they will also need to come with the promise that the data shared will only be used to improve sexual abuse protection and for no other purpose.

Progress: With the right tools and resources in place, we can start to make real progress

The next two reasons deal with how, by using ERM, collaboration, and always current and reliable information, we can start to make real progress in expanding and refining sexual abuse protection.

8. We are not actively searching for improvement beyond current practices.

If we only keep using the four-control framework – even with all the hard work that goes into refining it – we are locking ourselves into an echo chamber that prevents the search for new and better approaches beyond the four controls.

Risk management best practice is a systematic approach to managing risk involving steps that result in organizations choosing the set of controls and activities that is practical for them from a broad array of possibilities.  Enabling organizations to select their controls results in a wide variety of approaches.  We can then identify the most helpful practices beyond the four controls by measuring performance across all the resulting control sets.

To alleviate concerns over organizations choosing “enough” controls, we have found that when we guide organizations through risk management best practices and let them select controls that work for them, they exclusively choose far more controls than are required by the safe environment requirements.  

9. There is currently no way to incentivize better behaviors.

Some will say, “protecting children from sexual abuse is its own reward,” and I sympathize with that.  But I also think providing incentives for superior protection will likely make children and vulnerable adults safer.

You can’t reward someone for being compliant with rules they must be compliant with.  For this reason, the safe environment rules include legal protections for their use, but as noted (in 2. above), plaintiffs’ attorneys have nullified them.  As a result, the only direct incentive for organizations to follow the rules is to avoid punitive action for failing to follow the rules.  If you don’t think sexual abuse will happen anyway (see 1. above), and you don’t think anyone will notice how you are complying (see 8. below), that isn’t much of an incentive.  

The challenge with sexual abuse is its threat in many different types of organizations in many different contexts.  As a result, what’s rewarding to one stakeholder or organization may be quite different from another.  So, instead of direct rewards, we need a reliable signal of how well an organization is preventing sexual abuse, so stakeholders and organizations can agree on what a valuable reward looks like to them.  

Last, we know we haven't been using best practices for ten years and should act without further delay

10. We have yet to accept that change is needed urgently.

Without rehashing the story about the frog in steadily heating water, we can only keep ignoring increasing sexual abuse, the rising costs of failing to prevent sexual abuse, persistent sexual abuse scandal headlines eroding trust, a challenging economic environment and consequently reduced risk-bearing capacity, and the insurance situation for so long.  

What do you think about these ten reasons?  Please let us know in the comments below.

Creating and Maintaining a Sexual Abuse Risk-Aware Culture: A Free Ten-Step Guide

Developing a sexual abuse risk-aware culture is the single most valuable thing you can do to protect the children and vulnerable adults in your care from sexual abuse.

Our free Ten-Step Guide is a practical introduction to the system that enables any organization to establish and maintain a sexual abuse risk-aware culture. 

Leave a comment

If you like this article, please share it!

Post Author

Tim Jaggs

I am a Brit who now lives just outside San Francisco.  Though I have given up arguing for “football,” not “soccer,” I am still trying to decide whether football is better to watch than rugby – it’s a very close call – and if it’s OK to admit I enjoy baseball almost as much as cricket.

I have worked with organizations managing sexual abuse risk for over 15 years. 

I created BOKRIM to help people working with children, who often have little risk management experience, to use risk management best practices to protect children from sexual abuse and protect themselves from the consequences of failing to prevent sexual abuse.