What long-term safety
implications are there for HR one year on from 11 September? In our two-part
report Cindy Elmore, Bo Kremer-Jones and Liz Simpson explore
In
the first of our two-part special one year after the terrorist attacks on the
World Trade Center in New York and the Pentagon, we look at what companies are
doing and how people have reacted, with changing priorities and new concerns
The
term ‘crisis management’ took on new meaning on 11 September 2001 when Al-Qaeda
terrorists hijacked four American planes, flying two of them into the twin
towers of New York’s World Trade Center and crashing another into the Pentagon,
with the fourth coming down in Pennsylvania’s countryside. Prior to this event,
crisis management had more to do with recalling contaminated or faulty
products, whistleblowing or environmental disasters – with the emphasis on
damage limitation after the event.
By
12 September last year, however, after major New York-based, US and global
financial services companies and trading exchanges lost key employees in the
attacks and smaller enterprises went out of business due to the loss of
essential corporate data, crisis management came to mean disaster preparedness
and recovery on a very different scale. Â
Since
11 September, the threat to businesses has shifted significantly, requiring an
equivalent shift in security and in disaster planning – a shift few firms are
apparently aware of or acting on. And where action is being taken, it is often
unnecessarily expensive, intrusive and misguided. Â
Clearly,
the events of last September were beyond the realms of understanding. An
executive vice-president at the American Stock Exchange admitted last October
that the damage to its facilities wasn’t something it had ever made plans to
deal with.
In
the intervening year, an abundance of advice has emerged on what to do in the
event of a similar attack and how to protect people, property and vital
business information. This advice has come from the likes of national
organisations such as the American Safety and Health Institute, which recently
released a ‘disaster preparedness’ video, as well as psychologists and
specialist consultants – many of whom are former military, law enforcement and
security personnel.
But,
as Larry Smith, president of the Institute for Crisis Management (ICM) based in
Louisville, Kentucky reports: "On 12 September, our phones were ringing
off the hook with people wanting information and to be involved in creating
crisis plans, but nobody wanted to spend any money. Over the past year we’ve
probably not done any more significant business than we did the year
before," says Smith.
"Forward
thinking executives and HR managers, who understand it’s not a matter of ‘if’
but ‘when’ their organisations will be struck by some kind of crisis, know the
better prepared they are the less damage they will suffer and the quicker they
will recover. But getting them to do something before an event is another
matter."
Indeed,
HR professionals in a variety of businesses across the US and Europe are
tight-lipped about the status of their corporate security. Outside the global
corporations, many groups are exasperated that corporate America is doing so
little – or focusing on the wrong things. Â
"In
general, companies are awakening to the fact that the ball game has
changed," says Lance Wright, a partner with global executive search firm
Boyden International and an expert on security issues. "Those who have
suffered bad PR in the past are probably further ahead than most – firms such
as oil companies, other large multinationals that have to deal with
environmentally sensitive issues and those with less favourable reputations,
such as the tobacco industry."
However,
even these companies, Wright believes, "have yet to reach the point where
there is strategic security function that operates at a top level and is
responsible to the board", a position that he regards as vital in today’s
world of changing priorities.
Building
tensions
Perhaps
the magnitude of 11 September was so overwhelming that companies are in denial
about something of that nature happening to them, says Peter Power, managing
director of Visor Consultants in the UK. "Too many companies are saying
‘If we haven’t got two big towers near us, then we’re OK’."
But
maybe it is just that firms are failing to appreciate the simple steps they can
take to ensure their people, property and corporate intelligence are protected,
and that business can continue to operate without undue loss of working days.
"Fear
brings business to a halt," writes Alexis D Gutzman in the opening chapter
of her book, Unforeseen Circumstances: Strategies and Technologies for
Protecting Your Business & People in a Less Secure World. Yet the knee-jerk
reaction of many US building owners and managing agents in increasing building
security to levels exceeding that of airports, says J Paul Beitler, constantly
reminds workers that they’re operating in a dangerous place.
Such
thinking plays into the hands of terrorists who are less concerned with blowing
up buildings or killing people than undermining the fabric of Western society.
According to Beitler, a Chicago-based real estate and asset management expert,
security costs in that city up to 11 September were running at 30 cents a
square foot. Now they’re $3 a square foot because of the installation of
detection devices and the small army of additional security guards. These
increased charges are likely to outrage executives and possibly cripple small
and medium-sized businesses in the city when companies receive their annual
bills. Yet most of that expense is being badly deployed.
"None
of the measures that have been installed in office buildings would have
prevented the events of 9/11," says Beitler. "Those terrorists didn’t
attack the World Trade Center because it contained corporate offices, but
because it was an icon of American capitalist society. It’s hard for me to
envision that somebody is going to die for Allah by crashing into the world
headquarters of Hyatt, for example."
Many
firms across the world already had in place emergency plans for if the building
caught fire, if a bomb went off, if someone entered the building with a gun –
but how many companies had prepared for a Boeing jet coming through the window?
The answer: Not many – if any at all.
Attempting
to predict possible terrorist or other attacks is an area that Lance Wright
thinks that HR should be involved in, given their "basic facilitation
skills to help others think the unthinkable".
But
given that bombing incidents do occur in buildings – for example, the
devastation of the Oklahoma City Federal office building in April 1995 and,
almost exactly two years earlier the massive IRA bomb in Bishopsgate, London
that killed one person and damaged 72 city buildings – what kind of security
does Beitler, a Vietnam veteran, recommend?
"I’m
not advocating no security," he answers. "But it should be reasonable
and not turn office buildings into armed campuses. Most office buildings today
put primary focus on the front doors, entrance hall and reception areas. Yet in
95 per cent of cases where theft or some traumatic event occurs the
perpetrators enter – usually unhindered – through the back of the
building. It’s ironic that the
strenuous screening of office workers’ bags is not being done for delivery
persons. And there’s often little or no security under the loading docks or
near dumpsters where vehicles carrying large bombs or weapons can cause real
damage to buildings."
Contingency
planning
The
fact is, says Beitler, most security measures that have been installed were
undertaken with no real mission or direction in mind. But to succeed at
disaster preparedness and recovery – whether caused by natural events such as
floods, earthquakes and snowstorms or man-made ones such as fires, chemical
spills or bomb threats – a plan is absolutely essential.
Indeed,
poor contingency planning is considered to be the reason why a third of the
costs attributed to major disasters like the 1993 World Trade Center bombing,
and those perpetrated by the IRA in London, are linked with the inability to
continue doing business And it’s not
just a plan that is necessary, it’s a whole new function with new skills and
competencies that firms need to consider (see right).
For
example, when Verizon Communications’ network went down after the lower
Manhattan attacks it took with it New York recruiting firm Digital Market
Research’s ability to communicate beyond its own four walls – despite the fact
that Digital is located midtown, some distance from Ground Zero. Only after setting up a duplicate network
infrastructure – something few companies based well away from key terrorist
targets would normally think of doing – could the company get back to
business. That loss of accessibility to
customers and potential clients is reported to have cost Digital $120,000.
But
others were more fortunate – or just more prepared. In a totally unplanned
move, a well-known asset management firm, for example, had within 48 hours
taken over two floors of one of the hotels of a large multinational chain and
was running business ‘as usual’ from there.
Using
former military and law enforcement personnel as consultants when drawing up a
disaster preparedness plan also produces previously unthought-of links between
IT and people. John Bucciarelli is president of WMD Task Force, a US
organisation whose subject matter experts have more than 500 years of
experience between them, covering terrorism, weapons of mass destruction and
disaster preparedness. Thankfully, they’re the good guys. Since forming earlier
this year, the WMD Task Force has worked with companies to help deter terrorism
and reduce vulnerabilities.
However,
not everyone with former military experience will be useful as a security
adviser, warns Visor’s Peter Power.
"In
my experience there are too many charlatans out there that say that just
because they defused a bomb 10 years ago during some war, they can deal with
the security implications of this kind of threat in Bruges, for example. It’s
not much good bringing in a bomb disposal expert when the ball game has so
clearly changed. We need to change with it," he says.
Awareness
is cheap but preparedness can be costly, adds Washington DC-based psychologist
and organisation development consultant Paul Camper, who specialises in the
area of HR-related disaster management. He says it is critical to devote more
time, energy and money to respond to the psychological and emotional
consequences of disasters – particularly technological disasters, which have
the greatest effect on worker productivity.
While
the Employee Assistance Programs in place in many organisations in the US have
been a boon for many company employees, particularly those who live alone and
don’t have the all-important emotional support outside of work, they are
generally not equipped to cope with crisis management and response, says
Camper. What is important, he adds, is for HR to partner with community-based
organisations and authorities that have established educational awareness
schemes to help employees understand what to expect and how to adequately
respond to disaster incidents.
Indeed,
companies such as Morgan Stanley – having devised a comprehensive disaster plan
and ensured that its employees rehearsed those measures regularly and had in
place no-cost ‘buddy systems’ – got many of its people out when terror struck
the twin towers in 2001. After all, it’s one thing to have a plan, but quite
another to ensure employees know what it’s like to walk down 50 flights of
stairs already crowded with panicked co-workers.
In
planning what needs to be done in a crisis, one communication factor frequently
overlooked is the importance of taking advantage of lower level knowledge.
"One
of the key people to get on board is the janitor, because they know what is
going on in the building whereas few high level folks would know where the
power switches are," says associate professor Bev Sauer, who runs crisis
management workshops at Johns Hopkins University and is the author of The
Rhetoric of Risk which studied crisis communication and planning in the coal
mining industry.
It
is difficult to engage employees in disaster preparedness if management doesn’t
understand what is needed or – as with the FBI operative’s memo warning of Middle
Easterners taking flying lessons which failed to reach senior levels prior to
9/11 – if important information is ignored, says Sauer.
Achieving
a balance between making people aware of potential crises and scaring them out
of their wits is also a consideration. And here it seems the Europeans have
developed considerably more resilience than their American counterparts.
Psychologists in the US have coined a new term, "anticipatory
anxiety", whereby individuals display symptoms of anxiety, stress and depression
to an event that hasn’t even occurred – such as the possibility of further
mainland terrorist attacks on the first anniversary of 11 September.
Indeed,
much of the American public’s super-charged reaction to 9/11 may have much to
do with their isolationist nature – and the insularity that exists even between
the different US states. The US populace is regarded as not being as well
versed in overseas issues as their European cousins and seem to have a short
memory when it comes to disasters that have occurred on US soil.
Ever-changing
terrorism
"I’ve
just finished a new book in which I make the observation that 11 September was
really nothing new," says the ICM’s Larry Smith. "When my editor
called to dispute that, I pointed out that hijackings have taken place in the
US since the 1970s. A US bomber crashed into the Empire State Building in 1945,
and a single-engine Cessna flown by a deranged man hit the west side of the
White House in 1994.
"In
the past 15 years, environmental accidents have dropped significantly because
of training after incidents such the explosion at a plant owned by Union
Carbide in Bhopal, India and the Exxon Valdez oil spill into the Gulf of
Alaska. So management can learn lessons from the past when it wants to,"
adds Smith. "However, from all we can tell from literature, news coverage
and anecdotal evidence, the majority of companies affected by 9/11 did not have
adequate disaster plans and, as a result, when their building collapsed, the
business collapsed with it."
Because
the business of terror has changed, Boyden’s Wright points out that businesses
may be threatened by terrorist activity that takes on ever-changing shapes,
depending on the nature of the business itself. "The concern now for, say,
burger chains such as McDonalds or Burger King is that some politically or
religiously motivated organisation traces their beef supplier and places a
contaminant in the beef in such a way that it undetectable for some time.
Imagine the amount of people they could affect with that," he warns.
Workplace
violence, however, has been all too familiar to the US, in which death and
injury have been caused by assailants no-one would have thought of barring from
the workplace. Such is the case of the fatal shooting of seven people –
including the HR director – by a co-worker on the morning after Christmas 2000
at Edgewater Technology, an internet consulting firm in suburban Boston,
Massachusetts. Larry Smith was called that day by a frantic woman who had been
directed to the ICM by the Society of Human Resource Management (SHRM), some of
whose employees had attended a workshop of Smith’s.
As
he recalls: "The week after, when Edgewater employees went back to work,
the company arranged for each one of them to see a critical incident stress
debriefing counsellor paid for by the company for as long as needed. The
corporate culture was excellent before the shooting, with the CEO Shirley
Singleton being a very people-oriented person," says Smith. "This was
an excellent example of employees, who had established a strong bond in the
years that they had worked together, wanting to get back to console each other
and grieve together. Their way of not letting that crazy gunman get the best of
them was to make the business productive again."
This
example of enlightened management behaviour, supported by creative HR systems,
is exactly the kind of approach that organisations need to take to ensure
employee loyalty and performance in these fearful times, according to Don
Christian, a partner in PricewaterhouseCoopers’ Global Risk Management
Solutions practice and the leader of their New York Operational Effectiveness
Team.
"Companies
that implement HR systems and methods which engender employee connectivity,
including helping people manage stress and change, will operationally win
consistently in the market, as opposed to only being successful as they ride a
wave," says Christian. "The human psychological and social impact of
rising safety concerns are still being understood. However, it is increasingly
important to focus on doing the right thing even if all the right methods are
unknown.
"Attitudes
are strongly linked to experiences. Given that 9/11 was our first major
experience, it is difficult to predict the lasting effect. However, fear for
safety and protection of family will continue to emerge and accelerate with
more provocation – real or perceived – until our expectation for fear and
concern reach another level."
By
Bo Kremer Jones and Liz Simpson
Changing
priorities: Reactions post 11 september
Since
11 September, many Americans have actively changed the way they work. According
to a Maritz poll conducted in January, 41 per cent of US employees said they
had reviewed their work-life priorities since the World Trade Tower attacks.
Of
that total:
–
52 per cent have chosen to work from home or ask for flexi-time arrangements to
have more time with their families
–
20 per cent planned to find another job or career path more personally rewarding
–
21 per cent planned to establish stronger relationships with their co-workers
In
addition, 28 per cent of Americans polled by Maritz Research planned to
participate in more community volunteer opportunities sponsored by their
employer.
Source:
Maritz Poll – www.maritzpoll.com or call (US only) 1-800 446 1690
A
national telephone survey on post-11 September reactions, conducted by the
sociology department of the College of William and Mary, a small public
university located in Williamsburg, Virginia found that:
–
More than one in three US workers (around 49 million) felt more stressed on the
job
–
One in four felt their jobs had become more dangerous
–
Around 33 per cent of workers polled reported that their workplaces had
implemented tighter security measures after the 9/11 attacks. However, of those
reporting higher security, 40 per cent said these precautions did not make them
feel any safer, although the majority felt they were necessary measures
Full
report available at: http://faculty.wm.edu/jtrobe
What
about the disabled?
"What
many of us realised after 9/11 was that while for the past 50 years we have
been focused on getting people with disabilities into the workplace, we had
overlooked how to get them out in a disaster situation," says James
Williams, president and CEO of Easter Seals, a US-wide voluntary organisation
that has provided services to children and adults with disabilities since 1919.
Finding
a solution for the safe evacuation of the 13 million Americans in the workforce
who have disabilities, plus the additional 25 per cent with special needs, is
critical, says Williams.
"Immediately
after the disaster, President Bush’s speech to the joint session of Congress
included reference to a worker with disabilities who didn’t make it out of one
of the towers, and another who did. That elevated interest in this issue and
led to our Safety First campaign, encouraging communities to work together to
help find necessary solutions."
Indeed,
the issue concerning co-workers with mobility problems, who might find it
difficult to walk down 18 floors in a crowded stairwell – such as a pregnant
employee or someone with epilepsy that might be triggered by a warning system’s
flashing lights – was addressed recently by Easter Seals, given that the
company is housed in a Chicago high-rise.
The
HR director asked all employees to communicate, strictly confidentially, if
they wanted to be identified as needing special assistance in the event of an
emergency. Many more than had been expected did so – including one with severe
diabetes. Â
"Don’t
assume that the solution to these issues needs to be high tech or high
cost," says Williams. Something as simple as a buddy system can make all
the difference for a person who is hearing-impaired and may not pick up clues
from an auditory alarm system," he adds.
In
addition, the organisation has bought two ‘evacu-chairs’ with tracks that grip
the stairs, enabling those with mobility problems to safely descend at the same
speed as someone walking.
"These
evacu-chairs are situated at the entrance to each stairwell and everyone has
been shown where they are and how to use them. Aside from planning what you
need to do in a crisis, the other advice is to practice, practice,
practice," says Williams. "We’ve had three or four drills since 9/11,
most of which called for a complete evacuation of floors 18-24 using the
stairwells."
Such
drills have the added benefit of highlighting the employees who need special
assistance, even those who don’t look as if, or admit that, they do.
Taking
on the terrorists
How
can firms cope in this new unsafe world?
In
the post-11 September world, says Boyden International’s Lance Wright,
"there is no such thing as business and then security as a separate
issue".
What
today’s organisations must have, he says, is "a strategic security
function operating at the top level of business. Whoever fills this role must
be responsible to the board".
"They
must have a strategic focus rather than an operational focus," he says.
"It’s not about ‘guns and badges’ anymore."
The
events of 11 September have forced security issues further into the boardroom
than ever before. To deal with these new risks effectively takes a whole new
way of thinking – and a new set of skills. Before, business continuity was very
much an IT issue – getting the machines back up and running – but with 11
September, HR has very much come to the forefront of the security issue.
Not
only must a high-level corporate security expert interact with and advise the
board, but also with HR, IT and other critical departments. They should be
someone with experience in handling this sort of role in a large organisation.
And that, he points out, "doesn’t necessarily mean that it should be
someone from the military".
When
looking for these new skills, Wright suggests that former intelligence
organisation operatives might produce the right candidate. "They have to
have emotional intelligence too," he believes. "They have to be able
to read the signals that people are sending out, both inside and outside the
organisation in terms of important issues. In addition," he adds, "it
has to be a top-notch manager who understands data and can manage
effectiveness. They should be a change agent, someone who is comfortable with
the new paradigm we live in."
Wright
offers other suggestions about seeking this skilled new employee. "What
about an MBA," he asks, "who has two languages and a background in
data analysis? Individuals with technical depth and who have demonstrated an
organisational and strategic capability are probably the most likely
candidates. You can then quickly get them up to speed on the ‘guns and badges’
aspect of all this."
People
– your most important assets?
"Companies
are paying more to secure their IT systems because that clearly has an impact
on how you continue to operate. But we challenge clients to give some time and
thought to their most important resources – the individuals who work for
them," says Mallary Tytel, head of ETP, the Connecticut, US-based non-profit
HR and management consulting firm.
She
reports that for several months following 9/11 she met with a corporate client
located at Ground Zero and on asking the senior management team how things were
going, was told: "Great – we’ve been able to get our IT systems up and
running." Yet when Tytel dug deeper she discovered this company of 100
people had a 12 per cent turnover rate, compounded no doubt by managers who had
begun counting their employees’ changed priorities – like going home on time to
be with families – as lost productivity.
Which
raises the question: is HR up for the stepped-up challenge of 21st century
crisis management?
Few
companies in the US have taken succession planning into account, adds Tytel,
meaning they are ill prepared for the loss of key personnel, by whatever means.
The picture is not much brighter in Europe. In Germany, for example, recent
research suggests 80 per cent of its small and medium-sized enterprises have no
successor to the CEO.
Achieving
a balance between the cost of increased security measures, training and
counselling and the potential risks is tricky, she admits, given that the US
economy took a nosedive – due in part to 9/11. And the US was not alone, the
ripple effects of America’s economic slump were felt the world over.
"Often
what we see with our clients is that the moment the economy takes a dip, HR and
training programmes are cut because senior management doesn’t recognise that
these functions are protecting tangible and extremely valuable assets,"
says Tytel.
Some
solutions, however, cost nothing. One third of all terrorist incidents involve
hostages and while your organisation may have chartered private planes for
senior personnel or reduced executive air travel since 9/11, have you ever
considered how your corporate website might be part of your threat
assessment? John Bucciarelli has.
"We
advised a top 10 Fortune 500 company with worldwide offices to think about how
wise it was to list the addresses and locations of their critical operations on
their website," says Bucciarelli. "Then there’s the seemingly
harmless executive biographies with details of where someone lives, together
with names of family members.
"HR
professionals need to reorient themselves with the way we think about what we
put on the internet so that key employees don’t become targets." If they
don’t they will miss a serious opportunity and will undoubtedly be reduced once
more to simply carrying out more mundane administrative tasks.
Boyden
International’s Lance Wright, adds: "Suddenly, HR is in a business it’s
not had to be in before. HR should be in a critical advisory capacity. HR
professionals should be key players in managing the strategic security process,
and they should be involved in revisiting the approach to competencies and
skill sets to understand what is needed of a strategic risk manager. If the
skills are not in the company already, someone needs to say so." And
Wright believes that someone should be HR.
Tom
Major, regional security director EMEA and CIS with International SOS, sees
HR’s role more as being involved in communication. "In a crisis, HR are
the communications line through which the rest of the company has to
mobilise," he says.
New
concerns
A
Harris Interactive survey conducted for Privacy and American Business
(P&AB), an activity of the non-profit public policy think tank the Center
for Social and Legal Research, shows "signs of new post-9/11
concerns".
A
majority of employees feel that their employers should be strengthening ID
procedures for entering premises and accessing computer systems, and doing more
detailed background checks on job applicants. The report also says that 35 per
cent felt their employer should do more detailed background checks on current
employees.
Indeed,
adds P&AB: "This attitude, formed by recent events, may explain to
some extent why Americans in this survey seem more accepting and open-minded
about their employer practices as they relate to privacy."
A
clear example of this in the report notes that "four out of five employees
and managers say they would be willing to have an ID card issued by their
employer that would have on it their photo, basic personal information and a
biometric identifier, such as a finger print to enhance workplace
security".
Further
information
–
Institute for Crisis Management 950 Breckenridge Lane, Suite 140 Louisville,
Kentucky 40207-4687, US www.crisisexperts.com Tel: +1 502-891-2508
–
The American Safety & Health Institute 4148 Louis Avenue Holiday, Florida,
34691, US Tel: +1 800 246 5101 www.ashinstitute.com
–
Unforeseen Circumstances: Strategies and Technologies for Protecting Your
Business & People in a Less Secure World Alexis D. Gutzman, AMACOM 2002
–
WMD Task Force: www.wmdtaskforce.com    Toll Free (US only) :Tel: 1 888 401 3136
–
Vanguard Integrity Professionals HQ: 2950 E. Flamingo Road, Suite D-1, Las
Vegas, Nevada 89121, US. The company maintains R&D centres in California
and Canada, as well as a wholly-owned subsidiary in the UK. www.go2vanguard.com
–
Another company that largely comprises professionals with federal and local law
enforcement or military and security backgrounds is Talon www.talonexec.com
–
The Beitler Company has produced two booklets: A Practical Guide to Tenant
Safety and Practical Security Guidelines for Building Managers. www.beitlerco.com
–
For details of the Easter Seals’ new ‘Safety First’ programme or to request a
Safety First kit, visit www.easter-seals.org or call toll free (in the US) 1
866 BE SAFE5
–
The Rhetoric of Risk: Technical Documentation in Hazardous Environments by
Beverly Sauer of Carnegie Mellon University, published by Lawrence Erlbaum
Associates, 2002
–
For details of surveys and publications on IT security offered by the Information
Technology Association of America, go to: www.itaa.org/infosec/surveys.htm
–
www.boyden.com
–
www.internationalsos.com
–
www.dti.gov.uk
–
www.watsonwyatt.com
–
www.crisis.fr
–
www.crisis-management-and-disaster-recovery.com
Sign up to our weekly round-up of HR news and guidance
Receive the Personnel Today Direct e-newsletter every Wednesday
–
www.law-now.com
–
www.pandab.org (Privacy and American Business)
