For C-Suite Leaders, 9/11 Continues To Offer A Framework For Organizational Change

Two decades after 9/11, American business leaders once again find themselves reshaping their role in order to tackle a new set of operational and security risks.

Bill Udell, CEO – Americas, Control Risks

There’s no doubt that the 9/11 attacks left a lasting footprint on the U.S. national consciousness and priorities, touching on everything from immigration to air travel to security and privacy. 9/11 also left an indelible impact on American business leaders, who in its wake, found their scope of responsibility dramatically expanded as they were suddenly faced with a new risk consciousness and new challenges related to geopolitics, security, and business continuity.

In many ways, modern global risk management was born out of 9/11, as companies sought out deeper levels of intelligence to protect their assets from external, internal, and third-party threats, as well as deeper connections to the geopolitical forces at play in their operating universe.

Now, two decades later, the C-suite continues to navigate a rapidly-evolving and multifaceted risk landscape that presents a high volume of information and potential threats around which to strategize. This crowded landscape is the one in which U.S. businesses entered the COVID-19 pandemic last year – a crisis that not only threatened employees’ physical health and safety, but also posed serious risks to companies’ global operations. While the lessons learned from 9/11 offered a framework for addressing the challenges of COVID, the C-suite again found itself reshaping its role in order to tackle a new range of operational and security risks.

Although the business risk ecosystem was already expanding pre-9/11, the terror attack, others that followed, and the subsequent wars in the Middle East brought a heightened awareness to the vast amount of information business leaders needed to track in order to operate in a volatile world. For the first time, terrorism developed into a business risk that could directly impact employees’ well-being within and outside of the workplace.

The idea that employees could be touched by terrorism any time and anywhere – including when traveling and when working in the office – was a new idea for employers, and it caused many companies to take on a new sense of responsibility to create a safe workplace for all employees. As a result, threat monitoring quickly became a key component of the day-to-day consciousness for C-suite executives. Travel security programs took on new forms and many companies refreshed their global threat assessments, developed a deeper reliance on local partners for business operations, and many bolstered insurance policies and security plans against terrorism.

Similarly, although companies were already facing a new set of modern risks and risk mitigation methods, COVID-19 brought a heightened awareness to vulnerabilities as organizations became more interconnected than ever before. From an external perspective, business leaders were forced to look critically at their supply chains, with a new awareness around the impact of localized and global impacts. Within their own organizations, the C-Suite faced a new set of responsibility related to remote work and employee well-being. Without having a direct insight into the daily lives of employees, it became easier to excuse certain threat indicators as pandemic-related stress or miss typical red flags entirely in the virtual environment.

At the same time, the C-suite’s idea of duty of care expanded to mental well-being and looking after employees’ personal and professional interests. Mass remote work also created a new set of challenges: With company networks and information more spread out and vulnerable than ever, IT and threat monitoring teams were forced into overdrive. The elevated consciousness brought about by COVID elicited a call for the C-suite to rethink risk, similar to the way they needed to do so in the wake of 9/11.

While the collective shift in risk consciousness was elevated after both 9/11 and the onset of COVID, one major point of differentiation for the C-suite to contend with is the drastic change in the global operating environment and the impact of geopolitics. In the period immediately following 9/11, geopolitics and transnational security was suddenly a central concern for U.S. companies, with all eyes hyper-focused on the U.S. and how the world’s superpower would respond to the attacks. Terrorism became a threat that employers not only needed to actively prepare for and respond to, but also proactively strategize around. Nonetheless, business leaders still viewed the world – and the issues under their purview – through a somewhat unilateral lens.

Prior to the onset of COVID, companies and specifically the C-Suite were being called on by their employees and stakeholders to align corporate values and action to social causes. COVID intensified this trend as the global pandemic was accompanied by racial and social justice protests around the world. Companies were challenged to navigate activist expectations across various environments, while their operational business risks were simultaneously becoming more universal due to intertwined supply chains governed by fragmented political regimes.

These factors combined gave global businesses a much wider range of considerations to take into account. Furthermore, the blurring of personal and professional lives amid remote work – and increased activism from key stakeholders and shareholders – combined to form an environment in which social issues in particular became vital considerations for C-suite leaders.

Just as employers needed to adapt the lessons learned from 9/11 to meet the challenges of the COVID era, it’s critical that employers continue to remain flexible in this ever-changing business environment to ensure employees are protected and feel safe in the remote and physical workplace. Much like post-9/11 changes to the C-Suite’s purview of risk and its impact on business, the changes brought about by COVID will have a lasting impact on business operations, expanding risk from a singular function to an ecosystem that requires every department within an organization to have a seat at the table when preparing for and responding to vulnerabilities.

As businesses grow fatigued of change and seek a return to normalcy, the anniversary of 9/11 serves as a reminder that the road ahead will be the “new normal,” and the new risk consciousness is now our benchmark from which to grow.