Australia's intelligence agencies are busier than ever. Twenty-three people have been charged with terrorist offences since September 2014, 288 people have been prevented from leaving Australia to fight in the Middle East, and in the last three months 18 Australians have had their passports cancelled.

For Australia's intelligence agencies, preventing current or future travel doesn't free up resources. Investigation of those individuals will continue and potentially increase. And as investigations generate multiple intelligence leads, they can quickly mushroom. For agencies attempting to balance existing operations against new leads, there's a danger that even despite recent funding increases, they will reach information overload.

The public wants to be reassured that the intelligence agencies are doing everything they can to prevent an attack. But it's possible that external pressure is increasing the likelihood of an attack by increasing the risk aversion of intelligence and law enforcement organisations.

Why is risk aversion important?

Well, because for budget reasons the intelligence agencies need to reduce the number of investigations they are resourcing. Or at a minimum, they need to reduce the speed at which the number of current investigations grows.

There are long-term ways for the Government as a whole to achieve this, including through countering violent extremism (CVE) and de-radicalisation programs. But in the short term, this happens when a target is 'disrupted', either through the criminal justice system or, as may recently have occurred, death overseas. Most importantly, you also need to rule out those targets who have extremist views but lack the intent or capability to act upon them.

Unfortunately, this is difficult in the current counter-terrorism context. The primary issue, given ISIS's calls for 'lone wolf' attacks against the West, is the ease with which a small-scale unsophisticated attack can be carried out. Assessing that an individual does not have the capability to conduct this type of attack is next to impossible. Even in the absence of identifiable extremist activity or behaviour indicating intent, how do you weigh that against intelligence of extremist beliefs? The absence of corroboratory intelligence doesn't necessarily mean it doesn't or won't exist. Should you stop looking, or look harder? And how long do you wait before you move on? Days? Weeks? Months?

This is where it is important to have a rigorous risk assessment process. Based on what we know, can we categorically rule out this person as posing a threat? How do you prove a negative?

This dilemma is not unique to counter-terrorism. But where, for example, a criminal investigation seeks out the perpetrator of a crime that has already occurred, counter-terrorism is usually an attempt to predict future behaviour. It's no easy task. To overcome these challenges, intelligence agencies need to work better and smarter. And importantly, I think the public needs to recognise that good risk assessment isn't just about getting the right answer (although that is clearly the aim), it is about making an assessment that is correct based on the available information, and doing so in a systematic and repeatable way.

Sydney Siege gunman Man Haron Monis is a case in point. It's entirely possible that the numerous assessments stating that he did not pose a threat were correct at the time they were made. Circumstances and people change, in this case tragically.

We want our intelligence agencies to be risk averse, given the potential consequences of things going wrong. My concern is that the (justified) scrutiny of the Monis case, the desire to apportion blame and political commentary in the aftermath of the attack, could push the intelligence agencies towards risk avoidance. In future, will intelligence agencies make a similar assessment based on similar information as they did with the Monis case? How comfortable will they feel ruling out an individual as an ongoing target? 

The consequences of increased risk aversion are easy to imagine. Intelligence agency target lists will grow and resources will be stretched. Perversely, risk aversion could thus increase the chances of an attack. In practical terms, the coverage needed to 100% prevent these types of attacks is incredibly resource intensive. Monitoring every individual posing a possible threat is simply not feasible nor desirable.

It is important that intelligence agencies are scrutinised, particularly following a terrorist attack. But effectiveness in the current environment requires them to make well-informed risk assessments based on incomplete information. To stop their workload from becoming untenable, we need them to rule people out as well as rule people in. And we also need to recognise that the types of attack being encouraged by ISIS make it possible that if an attack occurs in Australia, it may have been unpreventable.