This study examines risk in higher education and research on the basis of a classification into three domains. The practical utility of this division into three domains is that it makes it easier to see what risks are unique to higher education (custodianship of knowledge), what risks are dependent on developments in society (microcosm of society) and what risks faced by an educational establishment are no different from those facing any other organization (education as an organization). The results of a survey of the field (through questionnaires, meetings and interviews) show that higher education institutions still do not routinely have an integrated policy on safety, security and crisis management. Within individual institutions, there is little communication between the three. Institutions, staff and students have limited awareness of the range of risks to which they and their environment are exposed. At the same time, establishments tend not to share their experiences in this field with others. Even within individual institutions, there is often little involvement of staff and students in safety and security policy and its implementation. © 2006 Blackwell Publishing Ltd.