Meredith Wilson, founder and CEO of Emergent Risk International, sits down with Security magazine to talk about her journey into security and how to address geopolitical risks, should they arise. She also discusses the recent withdrawal of U.S. troops from Afghanistan and the aftermath of that decision.
Security magazine: Could you tell me a bit about your journey into security and what led you to your current position?
Wilson: It was a very circuitous journey, as many tend to be. I started out in government intel and spent about the first three [or] four years of my career with the Defense Intelligence Agency, eventually moving on to work in oil and gas. I spent most of my career — before I had my own company — with ConocoPhillips and then with a smaller oil and gas company out of Dallas. Then I started [Emergent Risk International] about seven and a half years ago. [It] was just me when we started and [now] we've grown to about 25 people. We anticipate we'll be close to double that by the end of the year.
Security magazine: I know the primary focus of your work is to help companies understand and address the impact of geopolitical events on their business. How would you describe geopolitical events?
Wilson: Usually, the easiest way to describe that is just to give an example. When we talk about geopolitical risk, it could be anything from a political risk — such as a government changing regulation overnight and harming a business that way — [to a] security risk, [to] something like what’s happening in Afghanistan today*. All of those things would fall under [the] umbrella of broad geopolitical risks that [could] impact private sector companies.
Security magazine: What makes a geopolitical risk different than a security risk? Are they different or do they kind of overlap?
Wilson: As with all risks, it entirely depends on how you look at it. All of these risks are intricately connected, so if it’s a geopolitical risk that turns into a physical security risk, it’s still a security risk. If it is a geopolitical risk that turns into a business continuity risk, there are still potential security risks associated with that. For example, even something like a government regulation where maybe the government [has] decided that they want to nationalize a company; that can very quickly turn into a security risk, particularly when I think about things like Venezuela where sometimes that turns into the military expropriating something, going through documents or anything like that. Virtually any of these risks can have a security impact, which is one of the reasons we cover them.
Security magazine: What are some examples of current or future geopolitical risks a security leader might face?
Wilson: Every day, we put out two different daily products that run through all the different geopolitical risks that could affect a company over the course of the day. Different things that have happened overnight or different things that are related to government relations. For example, most people are talking about Afghanistan today because it’s been so dramatic over the last 24 hours. If you’re a company in Afghanistan right now — and there are plenty of U.S. companies over there, defense contractors in particular — your major security risk is protecting your people. That’s all fallout from the U.S. government decision to leave Afghanistan and the very quick advance of the Taliban, which I think surprised virtually everybody. On a less dramatic scale, even things like different regulations related to COVID-19 from one country to the next, or even in the United States from one state to the next, can have security implications. You look back at all of the changes to where you can fly, when you can fly, how far you can fly; all of those things that have happened over the course of the last year. Some of those have been geopolitical risks in terms of being related to government relations, but virtually everything that we look at kind of falls under that category in some way or another.
Security magazine: Why is it important for security leaders to address geopolitical risks and what are some possible consequences if they don't?
Wilson: The way we look [at] these types of things is “[An] ounce of prevention is better than a pound of cure”. Our focus and our intention is to try and identify these things as early as possible so that mitigation plans can be formed and problems can be solved — or at least planned for — before they happen. I keep going back to Afghanistan because it’s just such a mess but even with that, we've been writing papers on that for months: This is what's going on, this is what’s likely to happen. It happened, again, quicker than we expected but hopefully, every company that is there had already formulated a plan about when they would leave, how they would leave and all of that. Within the last week, those plans have probably changed dramatically because it moved so much faster, but not having a plan would be the worst place to be. Anticipating what’s going to happen in these situations, whether they’re highly dramatic like that or they’re a little bit more mundane, like changing regulations around wearing masks and how a retailer [is] going to deal with that. Having plans to deal with that is how we prevent some of the worst of the security impacts that come with these types of events.
Security magazine: So having a plan in place even before any of these risks happen is how to address geopolitical risks head on?
Wilson: Well, it’s more of political risk and security risk intelligence. That piece should be a part of every security group’s [operations] — their security plan should be formulated on really good information. If you are working in Tunisia and you are the security manager for Tunisia, then you would hope that that manager would have a very good grasp on what’s going on politically, what's happening regionally and how those issues could impact the company, should they go bad. Any good security group should have some kind of intelligence function or some kind of intelligence coming to them. A lot of the smaller ones are going to vendors and having them provide some kind of subscription intelligence, but where [they] want to get to eventually is having somebody internal that can actually interpret all [of] that information and understand how that's going to impact them so they can formulate better mitigation plans.
Listen to this episode of Security's Women in Security podcast now:
The above transcript has been edited for clarity.
* As reported by the Associated Press on August 15, 2021: Following the U.S. decision to withdraw troops from Afghanistan and the collapse of the Afghan government, the Taliban has gained control over the capital, Kabul. This episode of the Security Podcasts was recorded shortly after, on August 16, 2021.