Over-Reliance of Technology in Corporate Travel Risk Management
The over-reliance of a large number of organizations on Travel Risk Apps, SOS alert technology, and 24/7 Global Operation Centers fosters a false sense of security among travelers. Even though they are a crucial part of a comprehensive risk management plan, the vast majority of SOS alert Apps, traveler monitoring tools, and travel risk management technologies are reactive in nature and therefore, when deployed as standalone solutions, detract from more pro-active means of avoiding dangers and mitigating risk.
The term ‘duty of care’ has developed in recent years as a buzzword. There is also a certain amount of fear-mongering and clever marketing around this term from the industry and it seemingly has organizations rushing to initiate a Travel Risk Management Program, sometimes with little forethought or poor counsel. App-based services and GSOCs absolutely play a vital role in a travel risk management plan but they are for the most-part responsive in nature and therefore primarily most useful once something has gone wrong.
A vast amount of money and effort is spent on 24/7 Global Security Operations Centers (GSOCs) and Intelligence monitoring to let people know within a few seconds that an incident has occurred or to answer a call from anywhere in the world at any time to assist travelers. Organizations often operate them independently with little consideration to pro-active risk avoidance measures. This reactive service focus poses a significant risk to the well-being of travelers and the efficacy of a travel risk management program due to the potential for travelers to either be misled as to their actual security or by leaving a critical skills and awareness gap.
Travel Risk Management Scenarios
Two scenarios will be utilized as a backdrop to aid the discussion:
A C-Suite executive is conducting a business trip in Santiago, Chile. She is walking down a busy road from a meeting to her dinner rendezvous when suddenly a moped with two assailants approaches, the two assailants jump off and threaten her trying to get her Rolex and other valuables. She resists and over complicates the situation and gets beaten badly. They take her watch, phone, wallet, and folder. After regaining her composure she stumbles back to her hotel, they call the Police, she gets into her room a couple of hours later and emails her assistant. Her company’s GSOC is currently unaware of the incident.
A business traveler is in Nairobi, Kenya shopping in a Mall when he hears gunfire. He remembers he has an SOS app and was briefed to use it in an emergency, so he pushes the SOS button and then hides in a corner and waits for assistance. The gunfire continues, he is panicking and awaits his call. The GSOC of his company calls him back to find out how they can assist and his phone rings loud. He explains the situation and the call assistant (an intelligence analyst untrained in security response counsel) identifies that they will call the local police and that he should try to remain calm.
Scenario one identifies that the C-Suite female executive could have all the technology and back-office GSOC support in the world, but if she walks through the city at night, rather than take secure transportation, and resists a mugging, rather than comply (because she has received no training) then her safety is compromised. As soon as she is separated from her phone the response system fails. Without it she cannot summon assistance, and even if she could, it would not turn back time and prevent the injuries and psychological trauma of the attack.
Scenario two identifies that even with a cell-phone App and a GSOC with 24/7 Analysts on-call, an over-reliance, or false sense of security from an App can lead to either indecision, delay, or incorrect decision when an actual incident occurs. An analyst trained to assess geopolitical and social issues and report accordingly is unlikely trained or experienced to triage an emergency and offer subject matter advice in a timely and relevant fashion. How many GSOCS have trained security professional’s on-call 24/7 able to provide diligent, timely, and relevant advice during an incident? The majority of GSOCS have at best intelligence analysts, or more likely call-center type personnel with flow chart response protocol.
Self-reliance is key
In a serious incident, a travelers first focus is on the there and now, surviving and/or moving to safety, then likely establishing communication with family and loved ones. It is rarely their employer that springs to mind and without training the initial reaction may not be a measured and effective one. Once a traveler has established a safe place and ability to call or communicate and they need assistance, that is most likely when they do so.
A traveler must be prepared accordingly and be provided the training and resources to develop, and be responsible for, their own security because when a situation occurs they will likely be the only ones able to make informed decisions that better increase their chances of a favorable outcome.
The current emphasis in the corporate risk management world seems to be post-incident support services, where in-fact it should be on training and development. Then, establishing protocol and process and emboldening the traveler to best utilize the support services to facilitate.
Facilitating and Supporting Travelers
Time and time again the words echo among clients and service providers:
- ‘travelers need to know if there is an incident where they are traveling’
- ‘travelers need to check-in when there is a problem’
- ‘travelers need to be tracked’
Less so within corporates and organizations is the focus on how to better prepare travelers to take responsibility for their own safety as well as be better trained to identify danger, avoid it, and minimize risk.
Asking the right questions
An organization should be asking:
- Do my travelers have a sound understanding of the risks aligned with their itinerary and destination/s?
- Are my travelers trained to the best of our realistic capability and budget to manage and mitigate risk?
- Do my travelers have enough support on the ground?
- Have pro-active emergency medical contingencies been put in place?
To complement this there should be a robust support culture that acknowledges the need for on-the-ground support services such as secure transport.
Travelers need to better understand the actual threats of their destination/s and their travel itinerary, and the risks to those threats. They must then be trained and supported with on-the-ground services to better mitigate and manage the risks to an acceptable level commensurate to risk and aligned with the clearly communicated and understood (by all stakeholders) risk tolerances of the organization.
What does this mean in actual, realistic, and achievable terms?
What are the top 6 ways to manage travel security for employees?
- Provide a travel itinerary specific risk assessment or empower the traveler to carry one out pre-departure.
- Obtain timely and relevant ground truth of the locations to be visited, avoiding generic and ’50,000 ft view’ country assessments.
- Provide the ability to liaise with subject matter experts with local knowledge to align in-country advice and support services.
- Provide travel security training to all travelers at least annually and ensure that it aligns with the risk of the travel destination/s and scope of work.
- Provide travelers secure ground transportation and security consultation services if commensurate with the risk.
- Ensure emergency medical contingencies are in-place.
The above 6 points are all pro-active threat avoidance and situational awareness related. If implemented correctly they will significantly improve the security of travelers but also very likely reduce anxiety, improve mental wellness (associated with stresses of travel safety) of travelers, and reduce the occurrence of minor incidents and therefore the burden on GSOC services. The range of technical and post-incident services then align perfectly to deliver a holistic and comprehensive travel risk management program.
This article was originally published in the Security Magazine and is written by Mark Deane, the CEO of ETS Risk Management Inc. Mark has planned, implemented, and managed risk management services for a range of Fortune 500’s, Ultra HNWIs, VIPs, and Celebrities around the globe. He focuses ETS’s service around the mantra of enabling client operations with a simplified process and intelligence-led risk management strategy that is commensurate with risk.