How emotions are changing the security requirements for corporations and the security professionals charged with mitigating risk
Emotions have significantly increased the security requirements for corporations and the security professionals charged with mitigating risk. Moreover, with the increase in protests, socially driven change and the increased influences by outside entities, these risks continue to evolve.
The new age of emotion, coupled with the speed of information, offers a highly complex new phenomenon.
Emotions have become a driving force in the decision-making process, and security professionals must ask important questions. Looking through the lens of emotional driving factors, questions like “What will be the public reaction to this decision?” become critical to the success of an organization’s protective measures.
This article discusses several topics that revolve around emotions and how they present themselves in corporate America.
For many in the security profession, COVID-19 and a remote workforce have led to major shifts in day-to-day work streams from the physical to the intellectual. What was once done in person is now performed on Microsoft Teams.
In the case of executive protection, with many principals working predominately from home and the cessation of travel, work has shifted from protective details to redoubled efforts in the areas of protective intelligence to identify and evaluate threats and documenting processes.
Protests resulting from the tragic and deeply disturbing death of Mr. George Floyd on May 25, 2020, have started a national conversation that is having a profound impact beyond law enforcement, into businesses and society. Through a lens of social responsibility and social justice, businesses are being held accountable for the actions of employees, their attitudes towards and support for the needs of their customers and their impact on the community – now more than ever.
How this accountability manifests may range from adverse comments on social media, to boycotts and full-blown protests with associated acts of targeted vandalism. These manifestations, both planned and unplanned, aim to influence companies to adopt positions or take actions favorable to those who undertake them. Instances of rioting and associated acts of vandalism targeting businesses can represent, in some cases, “street justice”; they can also be instances of opportunistic looting, or in other instances, explicit targeting.
Regardless of motivations, many retailers and businesses with large footprints in the geographies where civil unrest is a continual concern have stood up crisis management teams (CMTs). Beyond the physical damage and associated costs of vandalism, these events represent a significant reputational risk for corporations.
Everyone has an innate desire to be valued, respected and liked. The same is true for businesses that often are initially founded by like-minded persons with shared values.
Through ideas, services or products, the businesses become extensions of their founders as a collective expression of shared values. In turn, they attract employees and customers alike that believe in the kinds of things they do.
Companies become the company they keep.
Companies become a personification of and inseparable from those who create and run them. Many CEOs are altruistic and motivated to do the right thing for the good of their customers, employees and the public.
Some are self-made and never forget the humble beginnings they come from. To them, profitability is viewed as a side benefit to always doing the right thing.
Despite good intentions, the actions of corporations are often misinterpreted with degrees of suspicion by customers, the general public and even politicians. Points are not scored when a company does good, but rather lost. Judgment is passed, based on a perception of what the company is not doing, or not doing enough. When discourse no longer suffices, threat streams may manifest with CEOs as the focal point.
A CEO may become a potential target for embarrassment, fraud, extortion, mailed improvised explosive devices or hazardous substances, or, at the extreme, physical attack. Several factors may increase the likelihood of such a threat.
- Ethnicity: We see this in incidents of racism and prejudice. Other examples include anti-Semitism and perceptions of corporate greed, or islamophobia and feelings of fear or mistrust.
- Wealth: This manifests as a message of “they deserve what you have.” If you were really a good person, you would give them what they want, so the thinking goes. This factor also includes income inequity between management and employees.
- Power: Critics claim that, as the head of a global company, you and your business can be a force of good, or that you are responsible for any number of things. This factor also includes the perception of hurting employees through downsizing or termination.
Principals often incorrectly assess their own risk and threat profiles, basing them largely on how they see themselves. They forget that others will not necessarily see what they see, i.e., the “good.” Outsiders may, in fact, see the “bad” and the “ugly.”
Threat profiles are based not upon on how principals perceive themselves but on how others perceive them and what they represent. Accurate or not, perception becomes reality, and CEOs become the face of their brands.
Consumers cannot help but think of Steve Jobs when discussing Apple Inc. His politics became those of his customers, and vice versa. In corporate terms, no matter what a business does, the result depends largely on how customers respond and not just on what the company did or its motivation. Doing the right thing can still have adverse consequences.
“Being Liked Means a Vigilant Passive Defense”
Just because a company or its leadership focuses on being liked doesn’t mean the door to security is closed. Maintaining positive public opinion means all the above scenarios require adaptive defensive postures.
Instead of rigid standard operating procedures that dictate Step A precedes Step B, a focus on flexibility is essential. Building multiple preplanned and legitimate options into the organizational response structure provides viable alternatives for the security professionals to execute a successful response.
Some of the best response options coalesce across an organization’s operational framework. Reaching into an organization’s supporting role functions provides more solutions to continuously changing situations. Cross-functional response options are generally “soft” and do not always line up well as a direct response to threats.
Regardless of the name in your organization, predrafted and preapproved press releases or statements minimize the time between a threat materializing and a “public” response. This isn’t to say that companies don’t have these already in place.
The question is: Are they just the safe ones? Taking the time, for example, to have the legal team review an 80% response to what might seem extreme, means that when it happens it is not the first pass; it also means that the values and intent so important to the organizational leadership are reviewed with a clear and deliberate thought process.
Assigning alternate or tertiary tasking authorities allows for what most likely will occur. Bad things never arrive when staff is sitting at their desks and prepared to solve anything that comes into the corporate 24/7 operations center.
Stressors arrive at 2 a.m. when the director with decision-making authority is over the Pacific Ocean returning from an overseas meeting.
A centralized decision-making process is safe and reliable and leaves the leadership with a process that provides expected results. It also reduces the flexibility of fully capable subordinates when faced with problems outside of that formal process.
Formalizing decentralization allows for multiple team leaders to make time-sensitive decisions.
The “art” is taking the best of all available options and applying them in a deliberate and effective manner to follow the leadership’s desires to be “liked.” It’s not about having the right answer ready at all times.
More likely, winning is the successful application of a myriad of options that have been socialized with multiple levels of leadership.
Companies Are “People” Too!
Customers have choices. Retail spending with customers voting with their purchases is intrinsically linked to shared values between them and the corporations they patronize. A purchase is more than a purchase representing a morality of sorts, and customers hold their patrons accountable. Recent uses of deadly force by police throughout the U.S. have led to a nationwide movement for social justice with associated calls to defund the police.
Numerous Fortune 100 and 500 corporations have made significant monetary donations to several community-based organizations aligned with this social justice effort. Although generally seen as “doing the right thing,” there is a perception that, by doing so in such public ways, these corporations are merely “virtue signaling.”
The belief is that these companies are purchasing “brand protection” from potential protests that turn violent and or destructive – in effect, telling protest entities, “we’re on your side” and “don’t hurt us.”
The death of Mr. George Floyd has had a cataclysmic impact not just in the U.S. but globally. Numerous national brands have been called to account for everything from their support of specific presidential candidates to donations to law enforcement related foundations. One even had a store burned down to the ground after a 911 call for an unresponsive person led to a physical confrontation with police and ultimately their use of deadly force.
Mitigating the “Company” as a “Person” Threat
This statement is difficult to quantify for several reasons, and unfortunately the most important reason leaves us without a qualified answer. The “company is a person” concept is essentially new. Historically companies simply represented what they produced. A successful beer company made you want their product when you were presented their logo.
In today’s corporate environment, that same beer company is attempting to show that it wants to improve the lives of the disadvantaged, make a statement on society or even speak out about a divisive incident. When the company becomes a force that stands up or speaks out, it leaves the security professionals within it with a new and challenging set of variables. Managing that problem set requires some inventive and increasingly risky or more accurately stated, expensive hurdles to navigate.
- “Think” like the person your company wants to be when planning for threats. Most likely, where your company is vulnerable is where “it” as a “person” holds value. For example, if a company leans forward and publicly donates to a movement, a likely negative response is when that movement speaks out against the same company that donated. It’s human nature to improve one’s fighting position. Speaking out against a high-profile company is free publicity, and it’s easy to vilify the “corporate” enemy.
- Act like your company has its own personality every day, and especially when decisions are made. When a trying time or a potentially divisive decision must be made, if the history of the company’s choices aligns with the difficult stance taken, competing arguments lose some validity. This leaves the security professional with a problem they can profile. Knowing where you stand and that the stance is steadfast provides a steady view into what most likely will end up at the front door.
- Expect your company or the brand to react like a human (emotionally), and therefore expect emotional, potentially irrational actions against it. No matter if it’s an alley fight between two lawyers in a courtroom, a combatant can be expected to pick an irrational line of effort if others are failing. Desperate measures for desperate times. Planning for the most dangerous, even if unlikely, course of action is where security professionals stand out from their peers that only plan for the most likely.
Incident-driven CMTs tend to share one commonality: assessing the impact of an incident or event on a brand. The focus tends to be less on the precipitating event but on managing the impact to reputational risk. Oftentimes, the cost of reputational damage far exceeds that of the physical losses.
A physical act, intentional or not, or through negligence, that results in the death of employees or customers can be as costly to a brand as a policy that only allows customers to use the restroom. The policy, driven by any number of reasons, is good until it isn’t. The one time an employee, unable to discern a situational exception and follows a policy to the letter, can be fatal at the point of sale.
While the precipitating incident is bad enough, the public will always judge the response. Boycotts and protests, by their very nature, even if peaceful, can harm a brand if the company is perceived to be on the wrong side of an issue. Arriving late to a consensus with those holding an opposing point of view has consequences, too. Protesters may perceive validation of their efforts: “See, I told you so; they only changed when we forced them to.”
After several recent protests by a group in Seattle, Washington, the same group expressed on social media their surprise at the unexpected and immediate success they had obtaining some concessions from the city on their issue of concern. Emboldened by that success, follow-on postings encouraged members to redouble these protest efforts.
Protests that target the face of the brand, the CEO or the CEO’s family at their residence, are even more coercive with an extortion aspect to them that implies, “We know where you and your family live” and “You will not be safe until you do what we want you to.” A case in point was the multiyear international animal rights campaign to close down Huntingdon Life Sciences by Stop Huntingdon Animal Cruelty.
Companies can try and do everything right for the right reason and the result can still be perceived by adversarial entities (groups or individuals) as not enough. There is a famous quote from the French Revolution that says it best: “Like Saturn, the Revolution devours its children.” CMTs need to recognize this, and those serving on them should be limited to only those persons deemed essential.
Defining who is essential can be challenging and is situationally dependent. Like the U.S. Marine Corps principle of task organization for missions, the team stood up should reflect the disciplines needed to appropriately respond to that incident or situation. As noted before, that may mean subordinates not normally assigned but with unique perspectives or skills that when considered may add considerable value to decision making. Too many members, each with different opinions, can overwhelm a decision maker (often not a subject matter expert, but ideally a good leader).
Allowing everyone to have a voice risks the dilution of points of view, may make obtaining a consensus for critical decisions difficult and may lead to unintentional misrepresentation of facts. An example is the listening and comprehension test where a story is repeated within a group, one person at a time. Each person, focusing on and hearing different things, retells it. As the story is retold, by the time it reaches the last person, or in this case the leader, it is no longer the same story.
Additionally, subordinates may for a variety of reasons, both good and bad, reframe facts to minimize adverse perceptions and potential worst-case outcomes for the brand and/or themselves. The crisis is one thing; making it worse by an inappropriate response is another. A lifetime of experience and perspective results in a bias that distorts facts and the truth.
In addition to bias, it is critical that CMT members as well as the leaders they serve recognize the impact of the cognitive dissonance on decision making. The late psychologist Leon Festinger defined cognitive dissonance as the mental conflict that occurs when beliefs or assumptions are contradicted by new information. The incidents that crisis management team respond to will always evolve as new details come to light – details which may or may not affect (just noise) the overall impact of the incident. It is easy to default to existing positions of thought, but it takes greater effort to remain open-minded. In doing so, the path forward will likely be the one to making better decisions.
CMTs should be especially cautious in reacting to first reports of a potentially impactful incident. An initial report should lead to a fact gathering phase before critical decisions are made. In an era where news and social media appear to race to be first versus accurate, initial reports may be sketchy, lack actionable detail, and even be false. A tragic example was the Aug. 4, 2020, warehouse explosion in Beirut, Lebanon.
In the context of frequent overflights by the Israeli Air Force, it was rumored that when the incident occurred, Hezbollah mistakenly believed that the city had been the subject of an Israeli airstrike. Having access to thousands of surface to surface missiles, Hezbollah supposedly began to mobilize for a retaliatory counterstrike. If launched based upon this erroneous belief, a major conflict could easily have resulted.
In a perfect world, emotion should not play a part in crisis management, but it does. Humans by nature involve emotion and bias both intentionally and unintentionally in everything they do. Training and experience can minimize the potential impact but never completely. Some, and we are guilty too, want to be the hero, the one with the idea or solution that saves the day.
Informed leaders make informed decisions. Their ability to do so and transform an informed decision into a good one is an art and in large part based upon the quality of the input they receive.
Crisis Management and Emotions
Security professionals around the world plan for crisis management. This is what the books are written on, the courses teach and the stories are told over. It’s the “There we were, just us against the…” scenario that wrote the rules and drives the organizational knowledge companies operate on. Crisis management is also something that some security people hide in. It’s the darkness that the rest of the company doesn’t want to deal with because it doesn’t immediately affect the bottom line.
With that, there are many professionals who hear the statement “We’ve got it covered!” and who should leave asking “How?” Too often, the collective accepts that the guard dog is there to protect without wondering how good their dog is. A colleague in the industry refers to this as the “empty suit” syndrome in which persons present an image through titles and education but lack the substantive competency obtained by real experience.
- A crisis can be planned for, and it’s not crazy to think about the craziness that the world can produce. Every country in the world, no matter where they stand on the GDP measuring tape, plans against all manners of ridiculous threats. Planning for an earthquake in California, for example, is mandated by state law; however, that planning is rarely coupled with the fires that often follow, and adding preparations for a mass casualty event on top is seldom the standard. Unfortunately, when a crisis like an earthquake occurs, rarely do the 30 seconds of shaking represent all the threats that are likely to manifest. Owning the crazy side of crisis management means that when the insane happens, someone is there with the right mindset.
- Everyone can judge your “person,” and you must plan for it. The company is exposed 24 hours a day and seven days a week, and there is no place to hide it. Much like a super freighter, turning is slow and stopping is even harder, so there is nothing a press release really can provide in time of crisis. What that means is a long game when these scenarios occur. Expect to take blows, and on top of that expect to have to take them or come off as petty or weak. Taking the blows does not mean there is not a requirement for self-protection. A solid, blatant and brutally honest self-assessment from the perspective of those who throw those blows is critical. As much as we want to believe in times of crisis the company position is correct and just, the reality is that is only one perspective.
- Innovation is key, and throughout history and periods of crisis, it forces growth and expansion of thought. Critical innovative growth very rarely comes from comfort, security and complacency; it usually comes from pain and loss of capital and on the heels of failures from the usual packaged answers. What flourishes, if not stymied by organizational culture, is an uneasy set of educated guesses leading an organization into something it has not seen before. What comes out of innovation is a growth in organizational and institutional knowledge and understanding of what it is.
Summing it up
Emotions drive both actions and reactions. Being “liked,” thinking about the organization as a “person” and expecting possible emotions through the crisis management process are critical in today’s highly-charged environment.
Looking through the lenses of both the individual intending harm and a company that has evolved to have its own personality is critical in the planning process. Keeping a close finger on the pulse of both keeps the security professional keenly aware of possible threats before they present themselves and proactively implementing mitigating defenses.
About the authors:
Steve Powers (PPS, EMT-B, ISDA Secure Transport Provider, Tier 1) is a manager of global protective services for a Fortune 500 company with 25 years of executive protection, threat management and travel risk mitigation experience, including remote medic work.
Will Plummer is the chief security officer at RaySecur, where he heads EODSecur remote support operations. He previously had a 25-year career with the U.S. Army and the U.S. Department of Defense as a master explosive ordinance disposal technician. He holds a master’s degree in national security and irregular warfare.
Disclaimer: The views expressed in this article are those of the authors alone. They do not purport to reflect the opinions or views of their present employers.