Fear for one’s own safety can quite palpably cut the personal links that are the tangible essence of open economic networks. “The basest of all things is to be afraid,” William Faulkner said when he accepted the Nobel Prize in 1950, at the dawn of the Cold War and amid the threat of nuclear annihilation. With threats more fragmented than they were at that time — and with interdependence risks prompting fears that few employees ever entertained before — today, strategic security must begin with freedom from fear in the work space itself.
Growing numbers of organizations have engaged in risk-mitigation exercises to address the increasing threat to their personnel. Oil companies and other firms operating in hostile countries have maintained protected compounds and transported employees to and from facilities in armored vehicles. After a spate of bombings at its domestic facilities in the late 1980s, the International Business Machines Corporation (IBM) created crisis management teams at every one of its sites in every region. These teams now train weekly and link closely to local law enforcement. From an operational point of view, they help institutionalize the company’s rapid and orderly response to threats or attacks; from a personnel perspective, their presence is a regular reminder of the company’s commitment to the safety and security of its people.
In a world that has grown increasingly and unfortunately violent in recent years, total risk avoidance is not a viable option: The costs would be too high, and clearly people are willing to accept some risk, or else no one would drive a car or open a piece of unfamiliar mail. Moreover, different individuals have different levels of risk tolerance and allow for adjustments in their own market value relative to the particular type of risks that they bear.
But the perception of risk is clearly undergoing a shift. Prompted by media coverage of workplace violence, harassment, environmental illnesses, and the recent air disasters and anthrax attacks, employee insecurity is rising. The implications for recruitment, retention, and productivity are real.
By having high safety standards in place, organizations increase the possibility of self-selection, so that the right kinds of people will still be attracted to the firm and remain willing to be deployed where they are needed. If a company cannot close the gap between risk and protection, it needs to rethink its strategy and assess whether it should operate in a particular environment or determine if alternatives are available. (We at Booz Allen Hamilton have closed offices when we determined we could not adequately protect employees.)
Corporate management will also need to scrutinize anew the balance between efficiency and risk. For example, companies for years have put up with the productivity deterioration associated with rampant air travel, on the theory that face-to-face meetings are crucial for maintaining internal cultures and external relationships. With the added reluctance of employees to fly in today’s environment, the opportunity cost embedded in business travel may, for some companies, simply be too high, particularly after the economy recovers and working conditions again become a point of competitive advantage in attracting and retaining talent.
Securing the Core Business
One step beyond securing its people, the company has a responsibility to protect and maintain the continuity of the core business — the systems, facilities, infrastructure, and processes within the reach and control of senior management. Broadly speaking, core-business risks fall into five categories: strategic risks, operating risks, financial risks, information risks, and the previously referenced personnel risks. In most companies, these management areas are currently overseen by several senior executives, necessitating an integrated approach to security planning, under the aegis of the CEO, to make certain that all risks to the business are addressed. (See Exhibit 2.)