After the Islamic State launched a series of attacks across Paris in November, the possibility of a similar type of terrorism left the world on edge. While these fears are understandable, automobile use is more of a daily risk to people than terrorism in a European capital. In the last decade, just two terror attacks resulted in 10+ civilian deaths within the EU: the 2015 assault on Charlie Hebdo and the 2005 London transit bombings (though these were shortly preceded by the 2004 Madrid train bombings).
Half of MAPI members expressed concerns about business travel in the Middle East in a fall 2014 survey of 72 companies; slightly more than half reported restricting travel in the region. This is likely because of security concerns related to ongoing urban and suburban warfare in many countries. In contrast, only 10% of companies rate travel to Europe as risky. Looking at a broader range of developed countries, 5% of people killed by terrorism between the years 2000 and 2013 were in OECD countries.
The Paris attacks are a valuable reminder that employees can face danger in seemingly safe regions, however. The fallout begs several questions:
How prepared is your company to respond to a Paris-type attack?
A November 2015 OSAC survey (site restricted to OSAC members) asked ~150 companies to assess their security and business continuity planning preparedness for this type of attack. The majority said they were at least well prepared. In an August survey of MAPI members, however, only 32% of the 47 respondents said they include terrorist attacks in their business continuity planning. These companies are much more likely to plan for natural disasters (87%), fire (85%), and IT outages (81%).
What should your company do to navigate the aftermath of an attack?
Quickly identify in-region staff. A centralized travel management system is a critical tool for assessing in-region employee exposure to any event. After the Paris attacks, 93% of the companies OSAC surveyed made immediate contact with their people in France and 77% sent security updates to personnel. As of our fall 2014 survey, 83% of companies had travel protocols in place, with many tracking employee movement via a travel agent or a centralized internal database.
Implement a safety check-in process. Confirming employee status is a key component of a successful crisis management program. Companies with a global operating presence should take a page from Facebook’s Safety Check and put a similar mechanism in place. This can be achieved using a traditional internal communication tree or a third-party provider.
Employ agile travel protocols. If your company doesn’t already have risk assessment matrices or programs to quantify regional security risks, start by aligning travel protocols with country risk profiles. Acts of terrorism in low-risk regions highlight the need to have travel protocols that can adapt along with risk levels.
Simulate disaster scenarios in low-risk regions. September 11 marked the beginning of rapid change to enterprise risk management. Crisis management is a staple on board agendas, yet our awareness of potential risks and our preparedness haven’t improved our ability to forecast specific threats. To remain vigilant, stage regular drills for threats inherent to the business and the location. Make your program scalable by grouping risks and developing common responses. Participation-driven simulations may be effective.
Develop crisis communication channels. Consider channels for informing employees of ongoing developments. One option is to work with a third-party provider such as International SOS, iJET, or Control Risks to text employees; another is to use integrated cellphone contact information to send out emails or texts.
Look for a white paper in the coming weeks about MAPI company responses to the Paris attacks. In the meantime, check out the agendas and register for our two upcoming forums on crisis management and corporate security.