Brussels Airport ceased operations for 12 days after a coordinated improvised explosive device (IED) attack by suicide bombers in March 2016, demonstrating that critical transport hubs can be disrupted for significant durations by terrorists. Designers of critical infrastructure need to consider countermeasures to such attacks, reducing a target's attractiveness and improving opportunities for business continuity. This can be achieved by considering the cost–benefit of potential countermeasures during the design phase for infrastructure. This paper uses a probabilistic risk assessment (PRA) model for IED attack to assess the costs and benefits of using distributed security queuing at airport terminals. Our results demonstrate that the use of distributed security queuing will offer casualty reductions when used in preference to centralized security queuing. However, when considering the cost–benefit of introducing distributed security queuing, on the basis of a single small to medium IED attack, it is likely that implementing this countermeasure would not be deemed cost-effective from a purely financial perspective, particularly when the threat likelihood is very low.