Crafting a “Yes, But” Travel Security Program
There is a dangerous misperception among many corporate leaders that security and business are antithetical. Unfortunately, in many cases this belief is due to interaction with security directors who overplay the “no card” when business decisions are being made, to include those relating to corporate travel. Don’t misunderstand me, the “no card” is very important for any security director to possess, but it must be used sparingly if it is to carry any weight and not be overridden when it is truly needed. Indeed, overplaying the “no card” has resulted in many security directors losing their jobs.
In my opinion, it is far wiser to play the “yes, but” card when responding to a trip request rather than to simply say “no” in most situations. The “yes, but” answer recognizes the risks at hand, but also includes suggestions to help mitigate the threats and ensures that travelers have the proper level of security coverage in place. There are obviously some trips that should be avoided, but in most cases, a little thought and creativity can help a security department craft a “yes, but” solution to almost any travel situation.
For example, not long ago, I had a client inquire about a proposed CEO trip to Istanbul to attend a conference. He advised that some of his counterparts had told their CEOs that the trip was too dangerous. He was looking for validation of his instinct to follow suit based on an understanding of the capabilities and target selection of the terrorist groups operating in Istanbul. The Islamic State tends to strike soft targets in Istanbul and the Kurdish Freedom Hawks and Marxist Revolutionary People’s Liberation Party-Front (DHKP-C) favor government targets. I advised the client that the CEO should be able to take the trip safely as long as he was picked up by a security driver at the airport, stayed at a hotel with good security (the conference was at a very nice hotel with a good security program) and refrained from tourist activities that could place him in harm’s way. The conference was ultimately cancelled, but my client gained stature in the eyes of his CEO for presenting a prudent and defensible security plan that for the trip rather than just saying “no.”
Other examples of “yes, but” travel plans, include:
- “Yes, you can vacation at the Four Seasons in Punta Mita, Mexico – but you need to arrive at the airport during daylight hours and use the pre-arranged ground transportation that we will coordinate.”
- “Yes, you can visit Erbil, Iraq, but we will set up a security driver and low-profile armored vehicle to meet you, and we’d like you to stay at the Divan or another of our approved hotels there.”
Building a corporate security team to the point where “yes, but” solutions can be proposed and executed takes time and effort. It requires leadership that is able to effectively communicate with the C-suite to ensure they understand the logic behind the security measures being proposed. It also means solid training and briefings for travelers; an adaptive and agile executive protection team; and a robust protective intelligence program. Such teams require regular training, to include tabletop exercises simulating crisis events. Such exercises do require a significant time investment – to include the time of relevant executives outside of the security department – but that investment is easily recouped when an actual crisis situation arises.
Independent protective intelligence products help security teams understand the threat posed by a specific actor in a particular location and provide security teams the capability to craft “yes, but” solutions. But quite frankly, unless a security department possesses the ability to digest such material and effectively distribute it to the proper users, a company can subscribe to every protective intelligence service available and still end up with people in the dark. Information dissemination is a critical component of an effective security program, and this is not just about sharing information within the security department, but providing relevant and actionable intelligence to executives and travelers.
Security teams that are capable of devising and executing “yes, but” solutions to corporate travel do not inhibit business operations. In fact, they make a corporation more robust by enabling business travelers to operate safely in challenging environments and by equipping expatriate staff to live safely overseas. Just as importantly, they play a critical role in helping corporations continue operations in the midst of a travel-related crisis, whether that is a medical emergency, natural disaster, attack or kidnapping.
It is very powerful when a CSO can convince the C-suite that he or she understands the business and realizes that executive travel equals income and profitability. If the CSO can make a business case as to how he is helping the company be profitable and robust through “yes, but” security programs, it helps ensure a long lasting and sustainable corporate security department that is appreciated (and ultimately funded) by the board and other key stakeholders.