The over-reliance of a large number of organizations on Travel Risk apps, SOS alert technology and 24/7 Global Security Operation Centers (GSOCs) foster a false sense of security among travelers. Even though they are a crucial part of a comprehensive risk management plan, the vast majority of SOS alert apps, traveler monitoring tools and travel risk management technologies are reactive in nature and therefore, when deployed as standalone solutions, detract from more pro-active means of avoiding dangers and mitigating risk.
The term “duty of care” is now an industry buzzword. There is also a certain amount of fear mongering and clever marketing around this term from the industry, and it seemingly has organizations rushing to initiate a Travel Risk Management Program, sometimes with little forethought or poor counsel. App-based services and GSOCs absolutely play a vital role in a travel risk management plan, but they are for the most-part, responsive in nature and therefore primarily most useful once something has gone wrong.
A vast amount of money and effort is spent on 24/7 GSOCs and intelligence monitoring to let people know within a few seconds that an incident has occurred, or to answer a call from anywhere in the world at any time to assist travelers. Enterprise security teams often operate them independently with little consideration to pro-active risk avoidance measures.
This reactive service focus poses a significant risk to the well-being of travelers and the efficacy of a travel risk management program due to the potential for travelers to either be misled as to their actual security, or by leaving a critical skills and awareness gap.
Two scenarios will be utilized as a backdrop to aid the discussion.
A C-Suite executive is conducting a business trip in Santiago, Chile. She is walking down a busy road from a meeting to her dinner rendezvous when suddenly, a moped with two assailants approach. The two assailants jump off and threaten her, trying to get her Rolex and other valuables. She resists, complicates the situation and is badly beaten. They take her watch, phone, wallet and folder. After regaining her composure, she stumbles back to her hotel, where the police are called. Once she gets into her room a few hours later, she emails her assistant. Her company’s GSOC is currently unaware of the incident.
A business traveler is in Nairobi, Kenya shopping in a mall when he hears gunfire. He remembers he has an SOS app and was briefed to use it in an emergency, so pushes the SOS button and then hides in a corner and waits for assistance. The gunfire continues, and he is panicking but awaits his call. Security from his company’s GSOC calls him back to find out how they can assist. He explains the situation, and the call assistant (an intelligence analyst untrained in security response counsel) identifies that they will call the local police, and that he should try to remain calm.
Scenario one identifies that the C-Suite female executive could have all the technology and back-office GSOC support in the world, but if she walks through the city alone at night, rather than take secure transportation, and if she resists a mugging, rather than comply (because she has received no training), then her safety is compromised. As soon as she is separated from her phone, the response system fails. Without it she cannot summon assistance, and even if she could, it would not turn back time and prevent the injuries and psychological trauma of the attack.
Scenario two identifies that even with a cell-phone app and a GSOC with 24/7 Analysts on-call, an over-reliance, or false sense of security from an app can lead to either indecision, delay, or incorrect decision when an actual incident occurs. An analyst trained to assess geopolitical and social issues and report accordingly may not be trained or experienced to triage an emergency and offer subject matter advice in a timely and relevant fashion. How many GSOCS have trained security professional’s on-call, 24/7, who are able to provide diligent, timely and relevant advice during an incident? The majority of GSOCS have intelligence analysts, of course, or more likely call-center type personnel with flowchart response protocol.
In a serious incident, a traveler’s first focus is on the there and now, surviving and/or moving to safety, then likely establishing communication with family and loved ones. It is rarely their employer that springs to mind, and without training, the initial reaction may not be a measured and effective one. Once a traveler has established a safe place and ability to call or communicate and they need assistance; that is most likely when they do so.
A traveler must be prepared accordingly and be provided the training and resources to develop, and be responsible for, their own security because when a situation occurs they will likely be the only ones able to make informed decisions that better increase their chances of a favorable outcome.
The current emphasis in the corporate risk management world seems to be post-incident support services. Instead, it should be on training and development. And after that, on establishing protocol and process and emboldening the traveler to best utilize the support services to facilitate.
Time and time again the words echo among clients and service providers:
- Travelers need to know if there is an incident where they are traveling.
- Travelers need to check in when there is a problem.
- Travelers need to be tracked.
Less so within corporates and organizations is the focus on how to better prepare travelers to take responsibility for their own safety, as well as be better trained to identify danger, avoid it and minimize risk. An organization should be asking:
- Do my travelers have a sound understanding of the risks aligned with their itinerary and destination/s?
- Are my travelers trained to the best of our realistic capability and budget to manage and mitigate risk?
- Do my travelers have enough support on the ground?
- Have pro-active emergency medical contingencies been put in place?
To complement this, there should be a robust support culture that acknowledges the need for on-the-ground support services such as secure transport. Travelers need to better understand the actual threats of their destination/s and their travel itinerary, and the risks to those threats. They must then be trained and supported with on-the-ground services to better mitigate and manage the risks to an acceptable level commensurate to risk and aligned with the clearly communicated and understood (by all stakeholders) risk tolerances of the organization.
What does this mean in actual, realistic and achievable terms?
- Provide a travel itinerary specific risk assessment or empower the traveler to carry one out pre-departure.
- Obtain timely and relevant ground truth of the locations to be visited, avoiding generic and 50,000 feet view country assessments.
- Provide the ability to liaise with subject matter experts with local knowledge to align in-country advice and support services.
- Provide travel security training to all travelers at least annually and ensure that it aligns with the risk of the travel destination/s and scope of work.
- Provide travelers secure transportation and security consultation services if commensurate with the risk.
- Ensure emergency medical contingencies are in place.
The above six points are all pro-active threat avoidance and situational awareness related. If implemented correctly, they will significantly improve the security of travelers but also very likely reduce anxiety, improve mental wellness (associated with stresses of travel safety) of travelers and reduce the occurrence of minor incidents and the burden on GSOC services. The range of technical and post-incident services then align perfectly to deliver a holistic and comprehensive travel risk management program.