| Key Takeaways |
| Community risk assessment is a systematic process for identifying, analyzing, and evaluating hazards, vulnerabilities, and capabilities within a defined geographic area. It serves as the foundation for emergency management planning, resource allocation, and resilience building, particularly for populations with heightened vulnerability to disasters. |
| The United States has sustained 426 billion-dollar weather and climate disasters since 1980, costing over $3.1 trillion in total damages (Climate Central, 2025). In 2024 alone, 27 billion-dollar disasters caused $182.7 billion in damages and at least 568 fatalities. The average time between billion-dollar disasters has shrunk from 82 days in the 1980s to just 10 days in 2025. |
| FEMA’s Threat and Hazard Identification and Risk Assessment (THIRA) is the standardized federal framework for community risk assessment. The four-step process covers identifying threats and hazards, contextualizing them, establishing capability targets, and applying results to planning, mutual aid, and mitigation. |
| The CDC/ATSDR Social Vulnerability Index (SVI) uses 16 U.S. Census variables grouped into four themes (socioeconomic status, household characteristics, racial and ethnic minority status, and housing type/transportation) to identify communities most vulnerable to disaster impacts and most in need of pre-disaster support. |
| FEMA’s National Risk Index evaluates 18 natural hazards across every U.S. county and Census tract, combining Expected Annual Loss data with social vulnerability and community resilience metrics to produce composite risk ratings that drive Community Disaster Resilience Zone designations. |
| The CMIST framework (Communication, Maintaining Health, Independence, Support/Safety, Transportation) is the federal standard for identifying and addressing the functional needs of at-risk populations before, during, and after disasters. It replaces outdated label-based approaches with a function-based model that captures actual needs. |
| Community risk assessments must integrate stakeholder engagement from the start. Assessments conducted without input from community members, local government, healthcare providers, and community-based organizations produce incomplete vulnerability profiles and miss critical local knowledge about at-risk populations. |
Since 1980, the United States has sustained 426 billion-dollar weather and climate disasters with combined costs exceeding $3.1 trillion (Climate Central, 2025). The pace is accelerating: the average gap between billion-dollar disasters has collapsed from 82 days during the 1980s to just 10 days in 2025.
In 2024, the country recorded 27 such events costing $182.7 billion, with Hurricane Helene alone causing $78.7 billion in damage and becoming the deadliest mainland hurricane since Katrina (NOAA NCEI, 2025).
These numbers represent aggregate national damage. They do not capture what happens at the neighborhood level, where a single flood, wildfire, or severe storm can permanently alter the trajectory of communities that were already struggling with poverty, aging infrastructure, or limited access to healthcare.
Community risk assessment is the structured process that connects national hazard data to local reality.
It identifies which hazards threaten a specific geographic area, which populations and infrastructure are most vulnerable, and what capabilities exist to prepare for, respond to, and recover from disruptions.
This article provides a practitioner’s guide to conducting community risk assessments, with specific attention to at-risk populations, aligned with FEMA’s frameworks and connected to broader enterprise risk management and business continuity principles.
What Community Risk Assessment Actually Is
Community risk assessment is the systematic analysis of hazards, vulnerabilities, and capabilities within a defined geographic area.
Unlike enterprise risk assessment, which focuses on an organization’s objectives and operations, community risk assessment examines the broader ecosystem: the natural and human-made hazards that threaten an area, the social and economic conditions that amplify or dampen those threats, and the community’s capacity to prepare for and recover from disruptions.
The assessment produces the evidence base that drives emergency management planning, hazard mitigation investments, and resource allocation for at-risk populations.
At its core, community risk assessment answers three questions. First, what can go wrong? This covers the full spectrum of threats, from natural hazards (floods, earthquakes, wildfires, hurricanes) to technological hazards (chemical spills, infrastructure failures, cyber-attacks on critical systems) to human-caused events (active threats, terrorism).
Second, who and what are most vulnerable? This requires understanding not just physical exposure but social vulnerability: which populations lack the resources, access, or functional capacity to prepare for and recover from disruption.
Third, what capabilities exist to manage the risk? This includes government services, infrastructure, community organizations, and individual preparedness.
Community Risk Assessment vs. Enterprise Risk Assessment
| Dimension | Community Risk Assessment | Enterprise Risk Assessment |
| Scope | Geographic area (county, city, Census tract, neighborhood); all hazards and populations within that boundary | Organization’s objectives, operations, assets, and stakeholders |
| Primary stakeholders | Local government, emergency management agencies, public health departments, community organizations, residents, at-risk populations | Board of directors, management, business units, auditors, regulators |
| Hazard focus | Natural disasters, technological accidents, public health emergencies, human-caused threats affecting the community | Strategic, operational, financial, compliance, and reputational risks to the organization |
| Vulnerability analysis | Social vulnerability (poverty, age, disability, language barriers, housing type, transportation access); infrastructure exposure | Control environment weaknesses, process dependencies, technology vulnerabilities, supply chain risks |
| Key outputs | Hazard mitigation plans, emergency operations plans, resource allocation for at-risk populations, Community Disaster Resilience Zone designations | Risk register, risk appetite statement, treatment plans, KRI dashboards, board risk reports |
| Primary frameworks | FEMA THIRA, FEMA National Risk Index, CDC/ATSDR SVI, CMIST, CPG 201 | ISO 31000, COSO ERM, ISO 22301 (BCM), sector-specific regulations |
Federal Frameworks for Community Risk Assessment
The federal government has developed several interconnected frameworks and tools that form the backbone of community risk assessment in the United States.
Understanding how these tools fit together is essential for practitioners conducting or participating in community-level risk assessments.
FEMA Threat and Hazard Identification and Risk Assessment (THIRA)
The THIRA is FEMA’s standardized community risk assessment process, guided by Comprehensive Preparedness Guide 201 (CPG 201).
It provides the structured methodology that states, territories, urban areas, and tribes use to identify risks, set capability targets, and assess gaps.
The THIRA process is directly linked to federal preparedness grant requirements, making it both a planning tool and a compliance requirement.
THIRA Four-Step Process
| Step | Description | Key Activities | Output |
| 1. Identify Threats and Hazards | Determine which natural, technological, and human-caused threats pose a credible risk to the community | Review historical data; consult National Risk Index; engage local experts and stakeholders; consider emerging threats (climate change impacts, cyber threats) | Prioritized list of threats and hazards of concern for the community |
| 2. Give Context | Describe the impacts that each identified threat or hazard could have on the community, including affected populations, infrastructure, and geographic areas | Develop impact descriptions for each threat using worst reasonable case scenarios; specify affected areas, population counts, and critical infrastructure at risk | Contextualized impact descriptions showing how each threat affects the specific community |
| 3. Establish Capability Targets | Set the performance targets needed to manage the impacts described in Step 2, aligned with the 32 FEMA Core Capabilities | Determine required levels of prevention, protection, mitigation, response, and recovery capability for each impact; quantify targets (e.g., number of shelter beds, evacuation routes, medical surge capacity) | Measurable capability targets across all relevant Core Capabilities |
| 4. Apply Results | Use THIRA outputs to inform planning, resource allocation, grant applications, and mutual aid agreements | Integrate results into emergency operations plans, hazard mitigation plans, and Stakeholder Preparedness Reviews; identify and prioritize capability gaps | Capability gap analysis; informed planning documents; justified resource requests |
FEMA National Risk Index
The National Risk Index is an online tool that evaluates risk for 18 natural hazards at the county and Census tract level across all 50 states, territories, and tribal areas.
The December 2025 update incorporated the CDC/ATSDR Social Vulnerability Index as its social vulnerability component and uses the Baseline Resilience Indicators for Communities (BRIC) for community resilience measurement.
The National Risk Index formula combines Expected Annual Loss (the estimated dollar value of annual losses from each hazard) with a Community Risk Factor that scales risk based on social vulnerability and community resilience.
The 18 hazards assessed are: avalanche, coastal flooding, cold wave, drought, earthquake, hail, heat wave, hurricane, ice storm, inland flooding, landslide, lightning, strong wind, tornado, tsunami, volcanic activity, wildfire, and winter weather.
The Community Disaster Resilience Zones Act (signed December 2022) requires FEMA to use the National Risk Index to identify Census tracts most at risk, directing financial and technical assistance to the most vulnerable communities.
National Risk Index Components
| Component | What It Measures | Data Sources |
| Expected Annual Loss (EAL) | The estimated dollar value of damage to buildings, agriculture, and population (fatalities and injuries monetized) from each of 18 natural hazards, annualized over the historical record | FEMA, USDA, NOAA, USGS, Census Bureau; hazard-specific models for frequency, probability, and loss estimation |
| Social Vulnerability | The susceptibility of community populations to the adverse impacts of natural hazards, based on demographic and socioeconomic characteristics | CDC/ATSDR Social Vulnerability Index (SVI): 16 Census variables grouped into four themes (socioeconomic status, household characteristics, racial/ethnic minority status, housing type/transportation) |
| Community Resilience | The community’s ability to prepare for, adapt to, and recover from natural hazards, based on institutional, infrastructure, and social capacity indicators | FEMA-modified Baseline Resilience Indicators for Communities (BRIC): includes mitigation spending per capita, flood insurance coverage, disaster aid experience, and other resilience indicators |
| Risk Index Score | Composite score combining EAL with social vulnerability and community resilience to produce an overall risk rating (Very Low to Very High) for each Census tract or county | Calculated formula: NRI = EAL × f(Social Vulnerability / Community Resilience), where higher social vulnerability and lower resilience increase the risk score |
Assessing At-Risk Populations: The CMIST Framework
At-risk populations are groups whose needs are not fully addressed by traditional emergency service delivery and who require additional assistance before, during, and after a disaster.
The federal standard for identifying and addressing these needs is the CMIST framework, which categorizes functional needs across five domains. CMIST replaces outdated label-based approaches (which grouped people by demographic category) with a function-based model that captures what individuals actually need to maintain health and independence during a disruption.
This connects directly to the principles of business impact analysis (identifying critical functions and the consequences of their disruption) applied at the community level.
CMIST Framework: Five Functional Needs Domains
| Domain | What It Covers | Assessment Questions |
| C: Communication | Individuals who have limitations that interfere with the receipt of and response to information, including those with hearing, vision, speech, cognitive, or intellectual disabilities; those with limited English proficiency; and those with low literacy | What communication methods reach all community members? Are emergency alerts accessible in multiple languages and formats (visual, auditory, tactile)? What percentage of the population has limited English proficiency? |
| M: Maintaining Health | Individuals who require specific medications, supplies, equipment, or treatments to maintain health; includes those managing chronic conditions, dialysis, oxygen therapy, and pharmacological dependencies | What medical facilities and pharmacies serve the community? What is the prevalence of chronic conditions requiring ongoing treatment? How quickly can supply chains for critical medications be restored after disruption? |
| I: Independence | Individuals who function independently in their daily lives with the assistance of devices, equipment, personal attendants, or service animals; loss of these supports during a disaster threatens their ability to function | What support services exist for individuals with mobility, sensory, or cognitive needs? Are evacuation plans and shelters designed to accommodate assistive devices, service animals, and personal care attendants? |
| S: Support and Safety | Individuals who require personal care assistance, supervision, or specialized behavioral health support; includes those in congregate settings and individuals vulnerable to exploitation or abuse during emergencies | What behavioral health services are available? What safeguards exist for individuals in group homes, assisted living, or correctional facilities? How are unaccompanied minors managed during evacuations? |
| T: Transportation | Individuals who cannot drive or do not have access to a vehicle, including those who depend on public transit, paratransit, or specialized medical transport; transportation is often the primary barrier to evacuation and shelter access | What percentage of households lack vehicle access? What public transit and paratransit capacity exists? What evacuation transportation plans serve car-less populations? How are medically fragile individuals transported? |
The Six-Step Community Risk Assessment Process
The following process integrates FEMA’s THIRA methodology with social vulnerability analysis and CMIST-based population assessment.
Each step produces documented outputs that support both emergency management planning and compliance with federal preparedness requirements.
Step 1: Define Scope and Assemble the Assessment Team
Establish the geographic boundary (county, city, neighborhood, tribal area) and the hazard scope (all-hazards or specific threat focus). Assemble a multi-disciplinary team including emergency management, public health, law enforcement, fire services, public works, community-based organizations, healthcare providers, and representatives of at-risk populations.
The team composition directly affects the quality of the assessment: assessments conducted without community representation produce incomplete vulnerability profiles. This mirrors the stakeholder engagement requirements in enterprise risk management frameworks.
Step 2: Identify Hazards and Threats
Catalog the natural, technological, and human-caused threats that could affect the community. Use the National Risk Index for baseline natural hazard data. Supplement with local historical data, recent incident reports, climate projection models, and expert input.
Consider emerging threats that may not appear in historical records, such as compound events (simultaneous hazards), cascading failures (one hazard triggering another), and evolving risks from climate change or demographic shifts. Document each hazard with its location, potential magnitude, historical frequency, and future probability.
Step 3: Analyze Vulnerabilities and At-Risk Populations
This is the step that distinguishes community risk assessment from simple hazard identification. Map the social vulnerability of the community using the CDC/ATSDR Social Vulnerability Index at the Census tract level.
Overlay hazard exposure maps with SVI data to identify where high-hazard areas intersect with high-vulnerability populations. Conduct CMIST-based analysis to identify the specific functional needs of at-risk populations in each area.
This step requires primary data collection through community surveys, stakeholder interviews, focus groups, and analysis of local service delivery data.
Secondary data from the Census Bureau, health departments, and school districts supplements but does not replace direct community engagement.
Vulnerability and Hazard Overlay Matrix
| Hazard | High SVI / High Exposure Areas | At-Risk Population Needs (CMIST) | Critical Infrastructure at Risk | Current Capability Gaps | Priority Level |
| Example: Inland flooding | Census tracts 12.01, 14.03 (low-income, high minority population, older housing stock, limited vehicle access) | T: 38% of households lack vehicles; C: 22% limited English proficiency; M: 3 dialysis centers in flood zone | 2 hospitals, 1 water treatment plant, 14 schools, major highway interchange in 100-year floodplain | Insufficient evacuation buses for car-less population; no multilingual alert system; dialysis backup site not identified | Critical: immediate action required |
| Example: Wildfire | Census tracts 8.02, 9.01 (wildland-urban interface, aging population, limited road egress, volunteer fire coverage only) | T: single evacuation route; M: high proportion of oxygen-dependent residents; I: 15% of residents require mobility assistance | Power transmission lines, cell tower, community water supply in fire-prone corridor | Single egress road creates evacuation bottleneck; no backup communication if cell tower fails; insufficient shelter capacity for medically fragile evacuees | High: address within 90 days |
Step 4: Assess Capabilities and Resources
Inventory the community’s existing capabilities across prevention, protection, mitigation, response, and recovery (FEMA’s five mission areas). Document government resources (fire, EMS, law enforcement, public health, public works), community assets (hospitals, shelters, volunteer organizations, faith-based organizations), mutual aid agreements, and individual preparedness levels.
Map these capabilities against the hazard and vulnerability profiles from Steps 2 and 3 to identify gaps. The capability assessment should be honest about limitations: overstating capabilities in the assessment produces dangerous false confidence in the planning that follows.
Step 5: Evaluate Risk and Prioritize
Combine hazard, vulnerability, and capability data to produce a prioritized risk profile. Use a structured risk evaluation approach consistent with ISO 31000 principles: assess likelihood and consequence for each hazard-vulnerability combination, then compare against the community’s risk tolerance (analogous to risk appetite in enterprise risk management).
Prioritize risks based on the combination of Expected Annual Loss (from the National Risk Index), social vulnerability exposure, capability gaps, and the potential for cascading or compound impacts. Document the rationale for prioritization decisions.
Step 6: Document and Communicate Findings
Compile the assessment into a report that decision-makers can act on and community members can understand.
The report should include an executive summary with the top priority risks and recommended actions, the methodology used, hazard profiles, vulnerability analysis with SVI and CMIST data, capability gap analysis, and specific recommendations for mitigation strategies, resource allocation, and emergency preparedness improvements. Communicate findings to multiple audiences: elected officials (who approve resources), emergency management professionals (who develop plans), and community members (who need to understand their risks and how to prepare). Use FEMA’s Resilience Analysis and Planning Tool (RAPT) for map-based communication of results.
Stakeholder Engagement Best Practices
Community risk assessment is only as good as the input it receives.
Assessments conducted in isolation by government agencies miss critical local knowledge about where at-risk populations live, what barriers they face, and what community assets exist that do not appear in official databases.
Engagement Guide for Community Risk Assessment
| Stakeholder Group | What They Contribute | How to Engage |
| Local government officials | Authority, resource allocation decisions, regulatory context, cross-departmental coordination | Secure executive sponsorship early; brief elected officials on assessment purpose and expected outcomes; involve department heads in scoping |
| Emergency management and first responders | Operational expertise, historical incident data, capability assessments, mutual aid knowledge | Include in assessment team from the start; use their incident data as primary evidence; validate capability assessments against real response experience |
| Public health departments | Epidemiological data, chronic disease prevalence, healthcare facility mapping, access-to-care barriers for at-risk populations | Request population health data; involve in CMIST analysis; use their connections to healthcare providers and community health workers |
| Community-based organizations | Direct relationships with at-risk populations, cultural and linguistic competence, trust that government agencies may lack, awareness of informal support networks | Partner with organizations serving immigrant, elderly, disability, and low-income communities; compensate for their time; use their networks for primary data collection |
| Community residents and at-risk individuals | First-hand knowledge of vulnerabilities, barriers, assets, and priorities that no secondary data source captures | Conduct listening sessions and focus groups in accessible locations; provide interpretation services; use plain language; ask specific questions about CMIST functional needs |
| Private sector and utility providers | Critical infrastructure data, business continuity capabilities, potential resource contributions during response and recovery | Include utility companies, major employers, and healthcare systems in the assessment; request data on infrastructure vulnerabilities and restoration timelines |
Connecting Community Risk Assessment to Enterprise Risk Management
Community risk assessment and enterprise risk management address risk at different scales but share the same analytical logic.
Organizations operating within a community inherit the community’s hazard profile. A company cannot be resilient if the community it operates in cannot recover from a major disaster. This connection is especially relevant for organizations with physical facilities, employees who live locally, and supply chains that depend on local infrastructure.
Community Risk–Enterprise Risk Integration Points
| Community Risk Output | Enterprise Risk Application | ERM Framework Connection | Practical Action |
| Hazard profiles with frequency and magnitude data | Inform organizational risk identification for natural hazards, infrastructure failures, and supply chain disruptions | ISO 31000 risk identification; COSO ERM event identification | Update the enterprise risk register with community-specific hazard data; align organizational risk scenarios with THIRA outputs |
| Social vulnerability data (SVI by Census tract) | Identify workforce vulnerability: employees in high-SVI areas may face greater barriers to reporting to work after a disaster | Business impact analysis workforce dependency analysis | Map employee home locations against SVI data; develop workforce resilience plans for employees in high-vulnerability areas |
| Capability gap analysis | Reveal where community response capabilities fall short, meaning the organization cannot depend on public services for rapid recovery | ISO 22301 business continuity strategy; organizational resilience planning | Where community capability gaps exist, invest in organizational self-sufficiency: backup generators, water supply, communication systems |
| CMIST functional needs assessment | Inform organizational duty-of-care planning for employees and customers with functional access needs | Occupational health and safety; disability inclusion; customer service continuity | Incorporate CMIST domains into workplace emergency plans and customer continuity arrangements |
| National Risk Index ratings | Provide risk-based input for facility location decisions, insurance purchasing, and capital investment planning | Enterprise risk appetite; risk-informed capital allocation | Factor National Risk Index ratings into site selection, lease renewal, and capital expenditure business cases |
Implementation Roadmap
| Phase | Actions | Deliverables | Success Metrics |
| Days 1–30: Planning | Secure executive and political sponsorship; define geographic scope and assessment boundary; assemble multi-stakeholder assessment team; identify data sources (National Risk Index, SVI, local records); schedule stakeholder engagement activities; review CPG 201 and THIRA guidance | Assessment charter with scope and team; stakeholder engagement plan; data inventory and acquisition plan; engagement schedule published | Sponsorship secured; team assembled with community representation; all primary data sources identified; engagement sessions scheduled |
| Days 31–60: Assessment | Conduct hazard identification using National Risk Index and local data; perform SVI-based vulnerability analysis at Census tract level; conduct CMIST functional needs assessment for at-risk populations; inventory capabilities across five FEMA mission areas; conduct stakeholder listening sessions and focus groups; overlay hazard and vulnerability data to identify priority risk areas | Hazard profiles for all identified threats; SVI overlay maps; CMIST analysis for at-risk populations; capability inventory; stakeholder input documentation; vulnerability-hazard overlay matrix | All hazards identified and profiled; vulnerability mapped at Census tract level; CMIST needs documented; capabilities inventoried; community input collected and integrated |
| Days 61–90: Documentation and Action | Compile assessment report with prioritized risk profiles; develop specific recommendations for mitigation, preparedness, and resource allocation; present findings to decision-makers and community; integrate outputs into emergency operations plans and hazard mitigation plans; establish annual reassessment schedule and trigger criteria for interim updates | Final community risk assessment report; executive briefing; integration plan for emergency operations and hazard mitigation plans; annual review schedule; communication materials for community audiences | Report approved by decision-makers; resource allocation decisions initiated for top-priority gaps; assessment integrated into planning documents; annual review cadence confirmed; community briefing completed |
Common Pitfalls and How to Avoid Them
| Pitfall | Root Cause | Remedy |
| Conducting the assessment without community engagement | Time pressure; assumption that government data alone is sufficient; discomfort with community engagement logistics | Build stakeholder engagement into the assessment timeline from day one; partner with community-based organizations who already have trust and relationships with at-risk populations |
| Relying exclusively on historical hazard data | Assumption that past events predict future risk; failure to account for climate change, demographic shifts, and infrastructure aging | Supplement historical data with climate projections, population growth trends, and infrastructure condition assessments; consider compound and cascading events not yet experienced |
| Treating social vulnerability as a secondary consideration | Assessment led by engineers or emergency managers focused on physical hazard exposure; social science expertise not included on the team | Include public health professionals and social scientists on the assessment team; require SVI analysis for every identified hazard; use CMIST to assess functional needs of at-risk populations |
| Completing the assessment and filing it away | Assessment treated as a compliance exercise rather than a planning tool; no integration with ongoing emergency management activities | Assign ownership for assessment maintenance; define trigger events for reassessment (new hazard occurrence, demographic change, infrastructure modification); schedule annual review and update |
| Underestimating capability gaps | Political pressure to present a positive picture; lack of honest capability assessment methodology | Validate stated capabilities against actual exercise and incident performance data; benchmark against FEMA Core Capability targets; document gaps honestly with specific resource requirements to close them |
| Ignoring the connection between community risk and organizational risk | Community assessment and enterprise risk management treated as separate disciplines with no data sharing | Share community risk assessment outputs with major employers and critical infrastructure operators; encourage organizations to factor community risk data into their business continuity and site planning |
Looking Ahead: Community Risk Assessment Trends for 2026–2028
The acceleration of billion-dollar disasters (the three highest years on record are 2023, 2024, and 2025, with 28, 27, and 23 events respectively) is driving fundamental changes in how communities assess and manage risk.
Climate Central, which assumed stewardship of the billion-dollar disaster database after NOAA discontinued the program in 2025, reports that severe storms now dominate the disaster landscape, with a record 21 billion-dollar severe storm events in 2025 alone.
FEMA’s December 2025 National Risk Index update migrated to the CDC/ATSDR Social Vulnerability Index as its social vulnerability component, standardizing how social vulnerability is measured in federal risk assessments.
This alignment means that community risk assessments conducted using SVI data now connect directly to the National Risk Index’s composite risk ratings and Community Disaster Resilience Zone designations, creating a more integrated federal risk assessment ecosystem.
The Community Disaster Resilience Zones Act (2022) is shifting community risk assessment from an advisory process to a funding mechanism.
Census tracts designated as Resilience Zones receive priority access to federal financial and technical assistance.
This creates a direct link between risk assessment quality and resource flow: communities with better-documented risk assessments and vulnerability analyses are better positioned to receive designation and the associated federal support.
Compound and cascading events are emerging as a central concern. The 2024 hurricane season demonstrated how sequential disasters (Hurricanes Helene and Milton striking within two weeks) overwhelm response capacity and compound impacts on at-risk populations.
Community risk assessments that only evaluate individual hazards in isolation miss the compounding effect of sequential or simultaneous events. Leading practice now requires scenario analysis that considers multi-hazard interactions, an approach that parallels the scenario analysis and stress testing methods used in enterprise risk management.
For practitioners, the message is clear: community risk assessment is no longer an optional planning exercise.
It is the mechanism through which communities access federal resources, identify their most vulnerable populations, and build the evidence base for resilience investment. Organizations that connect their enterprise risk management programs to community-level risk data will be better prepared for the next disaster and better positioned to protect their people, operations, and reputation when it arrives.
Build community and organizational resilience together. Visit riskpublishing.com for risk assessment frameworks, business continuity resources, and practitioner guides. Need hands-on support? Contact our consulting team for tailored risk assessment and resilience planning.
References
1. Climate Central – 2025 in Review: U.S. Billion-Dollar Disasters – 426 disasters since 1980; $3.1T total costs; 10-day average between disasters in 2025; record 21 severe storms
2. NOAA NCEI – Billion-Dollar Weather and Climate Disasters – 403 events through 2024; $2.915T total; 27 events in 2024 costing $182.7B
3. NOAA Climate.gov – 2024 Active Year of U.S. Billion-Dollar Disasters – $140B annual average over last decade; Hurricane Helene $78.7B; Milton $34.3B
4. FEMA – National Risk Index for Natural Hazards – 18 hazards; Census tract and county level; Expected Annual Loss, Social Vulnerability, Community Resilience
5. FEMA – National Risk and Capability Assessment (THIRA) – Four-step THIRA process; Stakeholder Preparedness Review
6. FEMA – Resilience Analysis and Planning Tool (RAPT) – 100+ GIS layers; National Risk Index integration; Census tract mapping
7. FEMA – National Risk Index FAQ (December 2025) – December 2025 update; migration to CDC/ATSDR SVI; methodology details
8. FEMA – Community Disaster Resilience Zones Designations (January 2025) – CDRZ Act implementation; Census tract designation methodology
9. CDC/ATSDR – Social Vulnerability Index – 16 Census variables; four themes; Census tract level; methodology and database
10. FEMA – Risk Mapping, Assessment and Planning (Risk MAP) – Flood risk products; community resilience support; hazard mitigation planning integration
11. FEMA – Identify and Measure Risk – THIRA overview; Building Code Adoption Tracking; flood mapping
12. NOAA Coast – Hurricane Costs – Tropical cyclones: $1.5T total damage since 1980; 7,211 deaths; $23B average per event
13. PMC – Measuring Community Vulnerability: CDC/ATSDR Social Vulnerability Index – SVI methodology; validation; applications in disaster management
14. Federal Register – Community Disaster Resilience Zones and the National Risk Index – NRI methodology updates; SVI migration; public comment and stakeholder input 15. ISO – ISO 31000:2018 Risk Management Guidelines – Universal risk management framework applicable to community and enterprise risk
Chris Ekai is a Risk Management expert with over 10 years of experience in the field. He has a Master’s(MSc) degree in Risk Management from University of Portsmouth and is a CPA and Finance professional. He currently works as a Content Manager at Risk Publishing, writing about Enterprise Risk Management, Business Continuity Management and Project Management.