The scene: outside the United States Embassy in Jakarta, Indonesia, on July 29, 2002, four years after the fall of the dictator Suharto, which left the Muslim country in an uneasy state on the road to democracy. “Reebok are killers! Reebok are exploiters!” chanted 1,000 Indonesians who worked in the city of Bandung making shoes for Reebok, the world’s second largest athletic shoe maker. The protesters gathered to oppose a cut in orders that left some 5,400 workers without jobs. During the course of the demonstration-their fifth of the year at the embassy-they set fire to a giant cardboard model of a training shoe.
It was a vulnerable moment for the giant corporation, and Reebok executives had to move quickly to protect their corporate image. They opted to offer the workers full severance payments, which they felt was a step toward securing goodwill, says Doug Cahn, vice president of Reebok’s human rights program, which doles out grants for health and safety training and strives to improve working conditions. Reebok was also seeking to improve the safety of thousands of employees at production facilities scattered throughout Asia, including Indonesia, where a nightclub in Bali became the target of a terrorist bombing just a few months later, killing nearly 200 people.
The Reebok experience, and the heightened awareness of the possibility of terrorist attacks against American corporations at home and abroad in the wake of September 11, has put CEOs on notice that they have to take personal responsibility for creating a plan to manage potential security crises.
“A CEO of a major publicly traded company must be personally involved with corporate security issues,” says C. Michael Armstrong, former chairman of AT&T. “CEOs are accountable for protection, defense and recovery in light of a disaster, natural or man-made.” Armstrong should know. He rushed technicians and communication equipment to restore phone service for Manhattan business customers after the collapse of the Twin Towers.
“Until recently, most general managers did not care about corporate security,” says Bruce Blythe, CEO of Atlanta-based Crisis Management International, whose teams of former FBI agents and counselors have advised more than 200 companies on security risks, most of them since September 11. Today, he notes, more and more managers realize that they need to provide at the very least “emotional first aid” during crises.
“This issue has definitely registered on the radar screens of CEOs,” says Gary Lynch, vice president at Booz Allen Hamilton in New York. “It’s gone beyond the enlightenment to €˜How do I prioritize the operational risks?'”
Two months after 9/11, Booz Allen surveyed 72 chief executives of companies with at least $1 billion in revenues and found that fewer than half were evaluating alternative plans in case normal business operations were interrupted. If the study were repeated today, Lynch says, “there would be a tremendous pickup” in the percentage of executives saying they are now adequately prepared. Lynch heads a newly formed group of 50 consultants who have worked with 75 to 80 corporate managers on security since the World Trade Center and Pentagon attacks. His consulting company has also logged hours overseas, where it has staged security drills and assessed risks.
In Indonesia, Booz Allen’s security consultants advised a prospective client to lower its profile by removing signs, information on Web sites and the names and locations of staff members. In another instance, they advised an automotive manufacturer overseas and a U.S. consumer products company (Lynch would not disclose specific names or locations) to invest in X-ray machines to scan containers shipped to certain ports. Seaports are particularly vulnerable to terrorist attacks, Lynch says, because they are exposed. He adds that corporations should also make sure their shippers run background checks on dock workers and limit access to cargo-loading sites.
Mock drills inevitably turn up surprises. During one drill, an asset management company in the northeastern United States discovered it could not transfer funds electronically to another bank because the code used to authenticate and execute the transfers (codes are changed daily) was left on a slip of paper in a drawer in a building that had been evacuated in the drill.
“In some areas of the world, such as Southeast Asia, you need to have someone assigned to corporate security,” Lynch advises. In areas where a corporation cannot afford a full-time security person, it should still appoint a key official to coordinate with local law enforcement or with a security consulting firm. This especially applies to Africa, Southeast Asia, the Middle East and other high-risk regions that are far from U.S. corporate headquarters. He also recommends that top executives arrange to have personal protection from a private concern like Kroll, a security consultantcy whose cases include investigations of reports that Philippines President Ferdinand E. Marcos and his wife, Imelda, secretly amassed millions of dollars while in office. The firm also advised the Port Authority of New York and New Jersey on security measures and evacuation procedures at the World Trade Center after the 1993 terrorist bombing, measures that Kroll says enabled thousands to evacuate the towers in 45 minutes on September 11.
But not all CEOs have followed Lynch’s advice. One chief executive of a major U.S. financial firm with global operations and prior links to the Middle East says he does not hire a security detail for himself or other top managers for fear of drawing attention. He chooses not to fly by private jet overseas as he does in the U.S. for the same reason.
Certainly, not all CEOs are security conscious or have taken security measures. For some, it may be a matter of economics: Their company may feel squeezed during the current economic malaise. A survey last October of 230 CEOs of larger American companies by the Council on Competitiveness, a private nonpartisan forum seeking to drive U.S. economic competition in world markets, found that 90 percent did not believe that their company was a potential target for terrorism. Almost half had not made significant changes to security policies since 9/11. Additionally, more than half said they were not spending any more on security today than they did a year ago.
Experts in crisis consulting warn that CEOs may regret such complacency.
“Another mass casualty is a 100 percent certainty,” predicts L. Paul Bremer III, chairman and CEO of Marsh Crisis Consulting (a division of Marsh & McLennan) in Washington, D.C. He is also chairman of the National Commission on Terrorism and served on the President’s Homeland Security Advisory Council. If Bremer’s prediction sounds self-serving, given that his firm advises companies on security, consider the figures he cites from the State Department’s annual Report on Global Terrorism for 2001: Over the past 30 years, 80 percent of all terrorist attacks at American targets were aimed at businesses. In the event of another catastrophe, CEOs who did not “get crisis ready” will face certain criticism about not having prepared a response plan, says Bremer. Shareholder value will likely be wiped out in the short term and the company could suffer long-term reputation damage.
Armstrong of AT&T is making sure that CEOs take security risks seriously. He has signed up 43 CEOs to become members of a security task force of The Business Roundtable to help businesses anticipate and detect threats, and assess and improve security. The group has set up a secure telephone connection to exchange information during a crisis. A trial run took place on September 11, 2002 and a real exercise was triggered at an undisclosed date shortly thereafter. Nearly all CEOs in the 146-member Business Roundtable are trained to use the system, which is activated by the U.S. government. “The government wants to make sure that CEOs understand the threat and what each should be doing and how extensive the threat is by geographic and specific cities,” Armstrong explains.
The task force also has prepared a crisis communications tool kit, listing best practices for crisis planning and prevention (see sidebar). Armstrong says AT&T revised its policies when technicians ordered to fly to ground zero could not get airborne because of airport closures. Now, AT&T has factored that contingency into its risk plans. The company conducts a mock security drill every quarter where trailers are loaded with communications equipment, bandages, flashlights, raincoats and other gear needed at the scene of a disaster.
Patricia DeGennaro, director of a new Conference Board initiative called the Corporate Preparedness, Security and Response Network, reports that seven major corporations have signed up for the network’s services, which cost $10,000 a year and provide CEOs with information on best corporate security practices as well as a chance to exchange security ideas through conferences and an online network.
Hail the security chief
At Levi Strauss & Co., David Saenz, vice president of worldwide security, recently briefed the company’s chairman, Bob Haas, on the growing number of security threats to the company’s operations abroad. After 9/11, he compiled a four-minute video of television footage of attacks against Levi operations overseas, including a labor protest at its European headquarters in Brussels and bombings in Athens and Barcelona.
After showing the tape to Haas and other executives, Saenz reports, Levi Strauss increased its security budget and implemented a corporate security program that entails safeguards like electronic-only access to corporate facilities.
Today, more and more multinational corporations employ a chief of security like Saenz, who coordinates security measures and policies throughout the organization and often reports directly to the CEO. The managing director of the recruitment firm Heidrick & Struggles, Peter Metzger, says his firm is working on two searches now for senior-level security officers at major U.S. companies.
A full 63 percent of the companies surveyed by the Council on Competitiveness have a chief of security. Most security officers hold the title of vice president and 33 percent of them report directly to the CEO. Those with higher titles and access to the CEO and board of directors have more ability to positively effect change within companies, says Deborah Wince-Smith, president of the Washington-based council.
At Colgate-Palmolive, Patrick Keefe, vice president of global security, reports directly to the chairman and CEO, Reuben Mark. Mark heads a seven-member group of senior managers who meet every quarter to assess risks and evaluate safety programs. Keefe meets with Mark two to three times a month.
“To sell the program internally,” Keefe says, “you must have visible senior management support.” Keefe oversees everything from simulated emergency evacuations to written policy guidelines and procedures for reporting security incidents and getting feedback on what worked and what didn’t. Keefe says that many corporate security programs fail to ensure good communications from the field to the headquarters. The Colgate plan includes procedures for overseas managers to contact corporate headquarters with a situation alert as soon as it is safe or within two hours after the incident.
Keefe emphasizes the CEO’s role in making employees feel safe, even when it comes to smaller-scale risk. Mark, for example, has made sure that fluorescent, slip-proof paint has been put on Colgate stairwells and that magnetized cards with emergency phone numbers have been distributed to employees. He also has supported a program called KISS-Colgate shorthand for keeping safe and connected. KISS is basically a magnetic card for employees that displays emergency contact phone numbers and procedures. “It doesn’t cost much, but it shows we care,” says Keefe, who is now rolling out the program overseas.
Travel restrictions are among the most common security precautions that large multinational corporations are taking for overseas operations. At Avon Products, countries are classified into A, B or C categories based on State Department advisories and internal information, with A as the highest security risk. Currently, the A category includes Indonesia and the Philippines, considered hotbeds of Al Qaeda activity, as well as Argentina, where kidnapping is the primary threat. Travel is restricted there. Senior managers who have urgent business in these locations must get permission to travel there so that proper security can be arranged at the airport and hotels, says Robert Littlejohn, Avon’s vice president of global security. Avon is currently evaluating whether senior-level executives should travel on U.S. airlines rather than a foreign carrier.
At Philip Morris, about half a dozen countries, including Colombia and Indonesia, are on the no-go list. American Express Travel Service, which books tickets for Philip Morris senior executives, will not issue them to these locations until managers are advised of the risks, says Gregorie Bujac, vice president of Philip Morris corporate security.
Bujac, who oversees a staff of 25 security officers worldwide, is directly involved in security details at company headquarters near Grand Central Terminal in New York. The list of precautions there includes shatter-resistant windows, fluorescent stripping on floor borders, stairwell emergency lighting, security guards, bag checks, weekly alarm tests, off-site mail screens, remote back-up data centers, emergency power and water supplies and even whistles for employees to blow in case of injury or entrapment. Safety drills occur once a quarter and have whittled exit times from the building down to 14 minutes from 25 minutes, Bujac says. Similar measures have been installed overseas.
Despite the safeguards, Bujac acknowledges that such measures “won’t stop a terrorist attack,” but they do give employees “assurance.”
Eric Otts, a professor of political studies and management at the University of Pennsylvania’s Wharton School, says “the war on terrorism and the anti-globalization movement have further exposed some of the important connections between political and corporate risk.” Besides developing a risk management plan, he advises executives to pay special attention to ethical considerations, making sure that overseas employees are paid fairly and that workplace conditions are safe. Senior-level managers also should carefully assess with whom they do business to make sure that none are associated with the Al Qaeda network, he says.
“In times of uncertainty, people place a premium on openness, transparency and integrity,” says Joe Forehand, CEO and chairman at Accenture. “Organizations that reflect these qualities have a natural advantage over those that don’t. And while a good corporate reputation alone will not insulate you from political tension, it will give your company the benefit of any doubt in a controversy.”
Few workers are as visible as the 370,000 brown-uniform-clad employees of United Parcel Service, who serve 200 countries and territories and deliver more than 13 million packages every day.
UPS encourages its overseas workers to become involved in the community, a measure that has helped UPS avoid “any negative associations with being a U.S. company during more than 40 years in Asia,” says Charles Adams, president of the Asian Pacific region of UPS. He tells of three schools that UPS has established in Thailand, China and the Philippines and a computer center that 30 UPS managers from various worldwide locations built in central China.
That strategy of “think global, act local” is also paying safety dividends for Starbucks in China, says David Sun, chairman of the 29-store Starbucks franchise in Beijing.
While Starbucks coffee is too pricey for most Chinese consumers, locals buy Starbucks-made moon cakes for celebrations of the annual mid-Autumn Moon Festival. “Starbucks really wants to position itself as a member of the community,” Sun says, “and when incidents occur, it helps.” Sun recalls that when protests broke out in 1999 in response to a mistaken U.S. bombing of a Chinese embassy in Belgrade, student protestors took a short cut through a local Starbucks outlet to reach the U.S. embassy. “They were coming in and buying coffee and our sales actually went up,” Sun says.
“People want to have a relationship with their company, they want to believe in it. Having goodwill built into the brand is how Starbucks has built the business.”
Best Practices for
Source: From the Business Roundtable security task force and security consultants’ advice
Send comments to email@example.com.