Foreseeability, Duty of Care, and Security Posture for California Houses of Worship

A Comprehensive Analysis of Premises Liability, Negligent Security, and Wrongful Death Standards for Nonprofit Religious Institutions Under California Law

EXECUTIVE SUMMARY

This article provides a California specific analysis of foreseeability, negligent security, and wrongful death considerations for nonprofit houses of worship. It integrates federal threat assessments from the Cybersecurity and Infrastructure Security Agency (CISA), California duty of care principles, and practical security expectations for faith based venues. The analysis includes premises liability foreseeability frameworks, jury accessible explanations of legal standards, nonprofit corporate governance responsibilities, and comprehensive safety plan implementation guidance. This examination serves both as expert witness foundation and practical risk management resource for California religious institutions, their boards of directors, and their legal counsel.

A Comprehensive Analysis of Premises Liability, Negligent Security, and Wrongful Death Standards for Nonprofit Religious Institutions Under California Law

I. FOUNDATION FOR CALIFORNIA VENUES

A. Federal Threat Assessment and National Incident Trends

Federal threat assessments and national incident trends demonstrate that targeted violence against houses of worship constitutes a foreseeable risk requiring institutional response. The Cybersecurity and Infrastructure Security Agency (CISA) has documented a decade of attacks on faith facilities, including arsons, bombings, armed assaults, and mass shooting events. CISA’s comprehensive analysis concludes that such attacks represent a real and potentially growing problem requiring houses of worship to adopt comprehensive, multi layered security postures to mitigate foreseeable harm.

The FBI’s Hate Crime Statistics provide additional documentation of persistent threats against religious facilities, demonstrating that houses of worship across all faith traditions face elevated risk environments. This federal data establishes the foundation for foreseeability analysis in California premises liability cases involving religious institutions.

B. California Duty of Care Framework

California Civil Code Section 1714 establishes a broad duty of ordinary care for property owners and occupiers, including religious institutions. This statutory duty requires that everyone is responsible, not only for the result of willful acts, but also for an injury occasioned to another by want of ordinary care or skill in the management of property or person. The duty applies with full force to houses of worship operating as property owners and occupiers of premises open to the public.

When a pattern of similar criminal acts exists, whether documented locally or nationally, California courts recognize that such acts may be foreseeable, thereby triggering a duty to implement reasonable security measures. The critical inquiry focuses on whether the specific harm that occurred was sufficiently foreseeable to impose a duty to guard against it through reasonable precautions.

C. Standard of Care for Religious Institutions

In the context of documented national threat environments affecting houses of worship, the absence of basic security planning, access control procedures, trained personnel, and emergency response protocols constitutes a foreseeable and unreasonable risk of harm. California courts evaluate whether property owners exercised reasonable care under the totality of circumstances. For houses of worship operating in the current threat environment, reasonable care requires documented safety programs appropriate to the organization’s size, resources, and specific risk profile.

CISA’s published security guidance for houses of worship establishes baseline expectations including vulnerability assessments, emergency planning, physical security measures, and coordination with law enforcement. While these federal recommendations do not create legal duties standing alone, they inform the standard of care against which institutional conduct may be evaluated in California negligence actions.

II. GOVERNANCE JUSTIFICATION FOR SECURITY FUNDING IN CALIFORNIA

A. The Documented Threat Environment

California houses of worship operate in an environment where targeted violence against faith facilities is a documented and increasing threat. CISA’s national analysis demonstrates a multiyear rise in attacks on houses of worship across all faith traditions and recommends layered security measures including vulnerability assessments, emergency action planning, physical security enhancements, and cybersecurity protections. This threat environment is not theoretical or speculative but is established through federal agency analysis of actual incidents.

California has experienced high profile attacks on religious and community venues, reinforcing the foreseeability of similar incidents statewide. These documented incidents, combined with federal threat assessments, establish that religious institutions can no longer reasonably claim that targeted violence is unforeseeable or outside the scope of ordinary operational planning.

B. Legal Duty Under California Civil Code Section 1714

Under California Civil Code Section 1714, organizations must take reasonable steps to protect people on their premises when harm is foreseeable. Given the documented threat environment established through federal assessments and actual incident data, it is no longer reasonable for a California house of worship to operate without a defined security posture addressing foreseeable risks. The duty of ordinary care requires reasonable measures, not perfect security or unlimited expenditures, but it does require documented planning and implementation of protective measures appropriate to known risks.

C. Nonprofit Board Fiduciary Responsibilities

California nonprofit corporation directors bear fiduciary duties to the organization and its stakeholders. Under California Corporations Code Section 5231, nonprofit directors must perform duties in good faith, in a manner such directors believe to be in the best interests of the corporation, and with such care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances.

Establishing a funded safety program is an act of stewardship, risk management, and compliance with California’s duty of care framework. Church boards, trustees, and leadership bodies bear fiduciary responsibilities to protect congregants, staff, and visitors. Allocating resources to security programs demonstrates fulfillment of these responsibilities and provides documentation of reasonable care in the event of litigation. Conversely, failure to allocate resources to address documented and foreseeable risks may constitute breach of fiduciary duty and expose both the institution and individual directors to negligent security claims.

The investment in safety programs should be viewed not as discretionary enhancement but as essential infrastructure comparable to fire safety systems, emergency egress, and building maintenance. Just as organizations would not operate without fire extinguishers or emergency exits, they should not operate without documented security protocols addressing the documented threat environment affecting houses of worship.

III. CALIFORNIA NEGLIGENT SECURITY ANALYSIS

Negligent security claims in California require proof of duty, breach, causation, and damages. Each element presents specific considerations for nonprofit houses of worship operating in the documented threat environment.

A. Duty

California Civil Code Section 1714 imposes a general duty of ordinary care on property owners and occupiers. This duty applies to houses of worship in their capacity as property owners and occupiers of premises open to congregants, visitors, and the public. The duty is not absolute but requires reasonable care under the circumstances. Courts determine the existence and scope of duty based on policy considerations including foreseeability of harm, certainty of injury, closeness of connection between conduct and injury, moral blame, policy of preventing future harm, burden on the defendant, and consequences to the community.

For houses of worship, the duty to protect invitees from third party criminal acts depends on whether such acts were reasonably foreseeable. Foreseeability may be established through prior similar incidents at the property, documented threats against the institution, crime patterns in the surrounding area, or national trends affecting similarly situated properties.

B. Foreseeability

Foreseeability constitutes the critical element in negligent security claims against houses of worship. Multiple sources of information establish foreseeability in the current environment:

CISA National Data: CISA’s comprehensive analysis demonstrates increasing attacks on houses of worship across the United States, establishing that targeted violence against faith facilities is a documented national trend rather than isolated or unforeseeable occurrence.

Federal Agency Identification: Federal agencies including CISA, FBI, and Department of Homeland Security have identified faith communities as persistent targets for various forms of violence including hate crimes, domestic terrorism, and targeted attacks. These official threat assessments put religious institutions on notice of foreseeable risks.

California Specific Incidents: California has experienced high profile attacks on religious and community venues including houses of worship, demonstrating that the threat is not limited to other jurisdictions but exists within the state. These incidents reinforce foreseeability statewide.

Industry Standards and Best Practices: Security industry organizations have published comprehensive guidance for house of worship protection, establishing baseline security expectations that define reasonable care in the current threat environment.

California courts evaluate foreseeability based on the totality of circumstances rather than requiring identical prior incidents at the specific property. When documented patterns of similar criminal conduct exist regionally or nationally, and when federal agencies have issued threat warnings, courts may find that harm was sufficiently foreseeable to trigger duties to implement reasonable protective measures.

C. Breach

A breach of duty occurs when a venue fails to implement reasonable security measures appropriate to foreseeable risks. For houses of worship, breach may be established through evidence demonstrating absence of fundamental security protocols:

• Lack of access control procedures during services and events

• Absence of trained safety volunteers or staff

• Failure to develop or implement emergency action plans

• No threat reporting processes or incident documentation systems

• Lack of coordination with local law enforcement

• Failure to conduct vulnerability assessments

• Absence of communication systems for emergency notifications

• No documented training for staff or volunteers on emergency response

• Failure to implement environmental security measures (lighting, sight lines, access points)

The reasonableness of security measures must be evaluated in context of the institution’s resources, size, location, and specific risk profile. Courts balance the foreseeability and gravity of harm against the burden of implementing precautions. However, fundamental measures such as emergency planning, basic access awareness, and coordination with law enforcement impose minimal burdens while addressing serious foreseeable risks.

D. Causation

Causation in negligent security cases requires showing that the absence of reasonable security measures increased the likelihood or severity of harm. Plaintiffs need not prove that proper security would have prevented the incident entirely, but rather that reasonable measures would have reduced the risk or mitigated the harm. Evidence supporting causation may include:

Expert testimony that reasonable access control procedures would have detected or deterred the threat actor before violence occurred.

Evidence that trained safety personnel following established protocols would have identified concerning behavior and taken protective action.

Demonstration that emergency action plans and communication systems would have enabled faster evacuation or lockdown, reducing casualties.

Proof that coordination with law enforcement would have resulted in quicker response times or pre incident intervention based on prior threat reports.

If the absence of reasonable security measures demonstrably increased the likelihood that harm would occur or the severity of harm once it commenced, causation may be established even if the measures would not have guaranteed prevention of all harm.

IV. WRONGFUL DEATH CONSIDERATIONS IN CALIFORNIA

In wrongful death actions arising from attacks on houses of worship, plaintiffs must establish duty, breach, causation, and damages under California Code of Civil Procedure Section 377.60. Wrongful death claims brought by surviving family members or heirs of deceased victims present the same elements as underlying negligence claims but carry heightened stakes due to the irreversible nature of the harm.

A. Foreseeability in Wrongful Death Context

CISA’s findings that attacks on houses of worship are increasing and require layered mitigation strategies substantially strengthen the foreseeability element in wrongful death cases. When federal agencies have documented the threat, published protective guidance, and warned religious institutions of persistent risks, defendants cannot credibly argue that targeted violence was unforeseeable or outside the scope of reasonable planning. The existence of comprehensive federal threat assessments and security recommendations establishes constructive notice to all houses of worship operating in the United States, including California.

B. Breach and Causation in Wrongful Death Claims

A failure to adopt reasonable security measures appropriate to documented threats may be viewed as a contributing factor to resulting deaths. Plaintiffs will present evidence that implementation of industry standard protective measures would have reduced the likelihood of the attack occurring or mitigated its lethality. This causation analysis focuses on whether reasonable security planning would have:

• Detected the threat actor during approach or entry through access control procedures

• Identified concerning pre attack indicators through trained observer awareness

• Enabled earlier warning and faster protective response through communication systems

• Facilitated quicker evacuation or effective lockdown through documented emergency procedures

• Resulted in law enforcement intervention based on prior threat reporting and coordination

• Reduced casualties through environmental design limiting concealment and maximizing escape routes

Expert witnesses in wrongful death cases will testify regarding the standard of care for house of worship security, the specific deficiencies in the defendant institution’s security posture, and the causal connection between those deficiencies and the deaths that occurred. The availability of federal guidance establishing clear security expectations provides plaintiffs with authoritative support for their claims that reasonable measures were both feasible and necessary.

C. Organizational and Individual Liability

Nonprofit religious institutions may face both organizational liability and potential individual director or officer liability in wrongful death cases. While California provides some protection for nonprofit volunteers and directors acting in good faith, these protections do not extend to gross negligence or willful misconduct. Directors who deliberately ignore documented threats, refuse to allocate resources to foreseeable risks, or fail to exercise reasonable oversight may face personal liability.

The organization itself faces liability for institutional failures including inadequate policies, insufficient training, failure to conduct risk assessments, and absence of emergency planning. In wrongful death cases involving multiple fatalities, damages can reach millions of dollars, potentially exceeding the organization’s insurance coverage and threatening its financial viability.

V. PREMISES LIABILITY FORESEEABILITY ANALYSIS CHART

The following chart illustrates how security posture affects legal exposure across key liability elements for nonprofit houses of worship:

Risk Factor	Low or No Security Posture	Reasonable Security Posture
Foreseeability	HIGH due to national and federal threat data establishing documented patterns of attacks on houses of worship	Foreseeable but mitigated through documented action demonstrating reasonable response to known risks
Duty of Care	Likely unmet given absence of measures addressing documented threats	Strong evidence of meeting duty through implementation of reasonable measures
Breach	Easy for plaintiffs to argue based on absence of fundamental security protocols	Harder for plaintiffs to argue when documented measures were implemented
Causation	Increased likelihood or severity of harm due to absence of protective measures	Reduced likelihood and severity through implemented controls
Board Liability	HIGHER risk for directors who ignored documented threats and failed to allocate resources	LOWER risk with documented good faith efforts to address foreseeable risks

VI. EXPLANATION OF FORESEEABILITY

Foreseeability is a legal concept that determines whether a reasonable person or organization should have anticipated the possibility of harm based on available information. In simple terms, foreseeability asks: Should they have seen this coming?

When federal agencies such as the Cybersecurity and Infrastructure Security Agency publish comprehensive reports documenting that houses of worship across the country are being targeted for violence, and when such incidents continue to occur with documented regularity, it becomes reasonable to expect that similar harm could occur at any house of worship in California. Foreseeability does not require that the exact incident be predicted. Rather, it requires that the general type of harm falls within the range of what a reasonable organization should anticipate and guard against.

A jury can understand foreseeability through this principle: When danger is known, responsible people and organizations take steps to protect others. Just as we expect buildings to have fire exits because fires are a known possibility, we can expect houses of worship to have security plans when federal agencies warn that such facilities face documented threats. The question is not whether the specific attack could have been predicted with certainty, but whether attacks on houses of worship were sufficiently common and well documented that reasonable organizations should prepare for such possibilities.

If an organization receives warnings, has access to threat information, and knows that similar facilities have experienced violence, but chooses not to implement basic protective measures, that organization may be found to have failed to act reasonably in the face of foreseeable risks. The jury’s role is to evaluate whether a reasonable organization, knowing what this organization knew or should have known, would have taken steps to protect people from the type of harm that occurred.

VII. HOUSE OF WORSHIP SAFETY PLAN IMPLEMENTATION OUTLINE

A comprehensive safety plan for houses of worship should address the full spectrum of foreseeable risks while remaining appropriate to the institution’s size, resources, and specific circumstances. The following outline provides a framework meeting both legal duty requirements and practical operational needs:

A. Purpose and Mission Statement

Clearly articulate that the safety program exists to fulfill the organization’s duty of care to congregants, staff, and visitors while maintaining the welcoming and open nature of religious worship. The purpose statement should align with both legal requirements and faith based values.

B. Roles and Responsibilities

Define specific roles and responsibilities for safety personnel including team leadership, communication coordinators, medical response personnel, evacuation coordinators, and liaisons with law enforcement. Ensure all volunteers understand their duties and limitations. Document training requirements for each role.

C. Access Control Procedures

Establish procedures for monitoring and managing access to facilities during services, events, and off hours. This includes greeting protocols, visitor check in for children’s areas, locking secondary entrances during services, and maintaining awareness of who is present on premises. Implement Crime Prevention Through Environmental Design (CPTED) principles to enhance natural surveillance and territorial reinforcement.

D. Emergency Action Plans

Develop detailed plans addressing medical emergencies, fires, severe weather, earthquakes, utility failures, and active threat scenarios. Plans should specify evacuation routes, shelter locations, communication protocols, and specific actions for various emergency types. Ensure plans comply with NFPA Life Safety Code requirements.

E. Communication Protocols

Establish clear communication systems and protocols including internal communications during emergencies, notification systems for congregants, procedures for contacting emergency services, and media response protocols. Ensure communication systems are tested regularly and accessible to those who need them.

F. Coordination with Local Law Enforcement

Develop ongoing relationships with local law enforcement including facility tours for officers, sharing of emergency plans and facility diagrams, regular communication regarding concerns or incidents, and participation in community policing initiatives. Document all coordination activities.

G. Training Schedule

Implement regular training for volunteers and staff covering CPR and first aid, emergency evacuation procedures, communication system use, threat recognition and reporting, de-escalation techniques, specific emergency action plan implementation, and roles and responsibilities. Document all training with dates, attendees, and topics covered.

H. Incident Reporting and Documentation

Establish procedures for reporting and documenting all incidents, threats, concerning behavior, and safety related observations. Maintain incident logs, analyze patterns, and use documentation to improve safety planning. Ensure incident reports are preserved and accessible for legal and insurance purposes.

I. Annual Review and Improvement Process

Conduct annual reviews of the entire safety program including assessment of emerging threats, evaluation of training effectiveness, review of incident reports, updates to emergency plans, facility security assessments, and revision of procedures based on lessons learned. Document all reviews and improvements to demonstrate ongoing commitment to reasonable care.

VIII. CONCLUSION

California nonprofit houses of worship operate in a documented threat environment where targeted violence against faith facilities is foreseeable based on federal assessments, national incident data, and California specific attacks. This foreseeability triggers duties under California Civil Code Section 1714 to implement reasonable security measures protecting congregants, staff, and visitors. The absence of fundamental security planning, access control, trained personnel, and emergency procedures constitutes unreasonable exposure to foreseeable harm.

For purposes of expert witness testimony, board governance decisions, negligent security litigation, and wrongful death claims, the current threat environment is sufficiently documented that houses of worship can no longer credibly claim that security planning is unnecessary or that targeted violence is unforeseeable. Federal agencies have provided comprehensive threat assessments, security guidance, and protective recommendations establishing baseline expectations for reasonable care.

Nonprofit boards of directors bear fiduciary responsibilities to protect their institutions and stakeholders. Allocating appropriate resources to documented safety programs fulfills these duties while reducing both legal exposure and actual risks. Religious institutions must balance open welcoming environments with reasonable protective measures. This balance is achievable through documented safety programs focusing on awareness, planning, training, and coordination rather than fortress approaches.

The frameworks, analyses, and implementation guidance provided in this article serve both defensive and proactive purposes. Defensively, they enable institutions to demonstrate reasonable care in the event of litigation. Proactively, they provide roadmaps for actually protecting congregations from foreseeable harm. California law requires reasonable care, not perfect security, but it does require that known risks be addressed through appropriate measures. Houses of worship implementing the outlined approaches will substantially reduce both their legal exposure and the actual risks facing their communities.

For assistance with vulnerability assessments, safety plan development, training implementation, or expert witness services for California houses of worship, contact Kearnan Consulting Group, LLC.

Citations:

Cybersecurity and Infrastructure Security Agency, Mitigating Attacks on Houses of Worship, https://www.cisa.gov/houses-of-worship (last visited Mar. 10, 2026).
Federal Bureau of Investigation, Hate Crime Statistics (2023) (documenting attacks on religious facilities).
Cal. Civ. Code § 1714(a) (West 2026) (establishing general duty of ordinary care).
Delgado v. Trax Bar & Grill, 36 Cal. 4th 224, 235 (2005) (foreseeability based on prior similar incidents).
Rowland v. Christian, 69 Cal. 2d 108, 113 (1968) (factors for determining existence of duty).
CISA, Security Planning for Houses of Worship Security Guide (2023).
CISA, Protecting Faith Based Communities: Security Resources and Guidance (2024).
Cal. Corp. Code § 5231 (West 2026) (duties of directors of nonprofit corporations).
Cal. Civ. Code § 1714 (West 2026).
Ann M. v. Pacific Plaza Shopping Ctr., 6 Cal. 4th 666, 674 (1993) (duty to protect invitees from foreseeable third party criminal acts).
ASIS International, Protection of Assets: Physical Security (5th ed. 2021).
Sharon P. v. Arman, Ltd., 21 Cal. 4th 1181, 1188 (1999) (foreseeability of third party criminal conduct).
Wiener v. Southcoast Childcare Centers, Inc., 32 Cal. 4th 1138, 1145 (2004) (balancing factors in determining duty of care).
Cal. Code Civ. Proc. § 377.60 (West 2026) (wrongful death cause of action).
Restatement (Second) of Agency § 219 (1958) (vicarious liability for acts of servants and agents).
U.S. Dep’t of Homeland Security, Guide for Developing Emergency Operations Plans for Houses of Worship (2013).
Crime Prevention Through Environmental Design, National Institute of Crime Prevention (2024).
National Fire Protection Association, NFPA 101 Life Safety Code (2024 ed.).