The Target Is Us, The Job Is Ours - Corporate Leaders' Responsibility for Security
June 27, 2002 — Speech delivered by Dr. Ralph Shrader (Booz Allen Chairman & Chief Executive Officer) to Austrian business leaders in Vienna, Austria.
Thank you, Mr. Ambassador, for that generous introduction.
It is a privilege for me to be here today and to have the opportunity to talk with you about a concern that we all share — the security of our people, our homeland, and our companies.
The Palais Schwarzenberg in this great city of Vienna is a most fitting place to address this subject. Evidence is all around us of the triumph of the human spirit over the darkness of human conflict. The rebuilding of this grand palace... the creation and vitality of the modern Austrian State... and your leadership in the European Union today — are testament to the hope, peace, and prosperity that come from unity and collaboration.
Indeed, unity and collaboration hold the key to addressing the challenge of security today. We need to unite nations, businesses and governments, and experts in the many disciplines that can address the world's problems.
Historically, government and the military have "owned" the problem of security. But today, business leaders like us have a new and vital role to play — in building unity and finding common ground... in collaborating on solutions... and confronting the challenges of security.
And, the challenges of security that we face as business leaders are more numerous, complex, and subtle than we might traditionally think. We face inherent risks — even in good times — because we operate in an open, global marketplace with a very high level of inter-dependence upon other people and organizations.
Back in February, I had the opportunity to participate in the World Economic Forum. I spoke at a session called, "Asymmetric Threats to Peace," which contrasted the old "symmetric" two-superpower world of the Cold War era — with the complex, unpredictable situation in which we find the world today.
Time was — in the symmetric Cold War world — that many companies and countries could be neutral in geopolitics. They could "opt out," relatively secure that the world's superpowers were focused on each other, and that they were rational players for whom the concept of deterrence had a clear meaning. In large measure, other nations and businesses had a choice of whether or not to engage — they had the option of being neutral, innocent by-standers.
Today, the world's economy, geo-politics, and information networks are so interlinked — and react with such immediacy — that everyone can be affected by an attack — or a natural disaster — befalling a member of the world community.
"Ground zero" in the 21st century — wherever on earth it may be — has the gravitational force of a dense star. It pulls all of us in. In a networked world in which space and time have collapsed, there is literally shared risk, shared vulnerability, and shared responsibility for action.
Our vulnerability is further exposed by the fact that industry is increasingly a target. Terrorists see economic strength, rather than military strength as the weapon that won the Cold War yesterday, and the weapon that so threatens their ideology today. It stands to reason that if economic strength is the source of power, industry is the target. Business leaders like us are targets — and so are our employees, our stores, our manufacturing plants, and our office buildings.
That's why business leaders need to own responsibility for security and step up to a new level of commitment to protect our people, our companies, our networks — and our organization's mission over time. Our willingness and effectiveness at doing this will contribute greatly to economic prosperity, social well-being, and freedom from fear.
So, fundamentally, we need to take responsibility: We, as business leaders, must own the problem of security. Next, we need to do something about it. I'm not suggesting that corporate leaders take up arms or assume the responsibilities that belong to elected government officials. I am suggesting that we work much more closely with government than we have in the past — that we forge and participate in public-private partnerships on issues ranging from the security of cyberspace... to the protection of transportation and border crossings... to the safety of the world's food supply.
Each of us can contribute to making the world a better and safer place. And, I believe that each of us must make a difference — using whatever talents and influence our position affords. What specifically can we do?
- First — we need to put our own house in order. We need to make security an integral part of our corporate strategy to help safeguard our company's future, our employees, and our customers.
- Second — we must go beyond. We can make a difference beyond 'our own' organization and help improve the stability and sustainability of the regional and global networks, and infrastructures that our companies are part of.
- Third — we must lead by personal example by showing openness, respect, and tolerance for those who are different. We have to lead the way in finding common ground — because we share a common fate.
Let me talk specifically about these three things: To start — we need to enhance security within our own companies. Corporate strategy today cannot exist without security. And, security cannot be achieved apart from a strategy that enhances a company's ability to transact business securely in an open, global marketplace. Defining security in the traditional sense as the protection of people and property is not sufficient. And, simply delegating security down the chain of command, or "outsourcing" it to a national or local authority, is no longer acceptable. Companies need to set the more expansive goal of developing resilience — that is, the ability to maintain effective operations in spite of damage or stress caused by attack or threats of attack. In effect, we need to move from the traditional idea of security to integrated business assurance.
This is a CEO-level responsibility that must be executed at all levels because responsibility for strategy security spans all corporate functions — from finance to operations to information systems. With separate, isolated efforts, we face unnecessary and unacceptable risks. With a truly integrated approach, we are in a position to assure employees, customers, and shareholders that our company is robust and resilient — and will be there to serve them in good times and bad.
Booz Allen has developed a model to minimize risk and maximize resilience that has three parts:
- Part 1 — Uncover interdependence risks — in operations, finance, personnel, information, market and brand, and legal areas;
- Part 2 #&151; Adapt the business strategy and operating model. This includes supply chain, product or service offerings, customer management, infrastructure, and performance measurement;
- Part 3 — Endure. Protect and grow shareholder value. This involves governance, policies and processes, controls and compliance, and scenario planning.
If we do this — uncover interdependence risks, adapt our strategy and operating model, and ensure that our organizations can endure by protecting shareholder value — we will effectively put our own house in order.
Moving on to our next responsibility, we need to go beyond — and look at the broader systems and infrastructures that our organization is part of — and work to ensure their stability and resilience. Depending on the business we're in, these networks might be the national or global financial system... telecommunication network... transportation system... or world health organization.
In our networked society, an inter-dependence has emerged that we cannot ignore. We need to understand these interdependencies — and work to ensure that physical, personnel, and cyber-security processes are aligned throughout our extended enterprise. For example, we need to conduct greater due diligence on alliance partners to identify weaknesses in areas such as data security, physical protection of facilities, and potential for supply chain disruptions. In the same vein, we need to temper the efficiencies of "just-in-time" inventory systems with "just-in-case" planning. We need to overcome our modern bias that expediency is more important than robustness.
It is no longer possible, practical, or safe to build a wall around our own company. The stability and resilience of our global transportation system, communications system, financial system, energy grid, public health and environment — depends on us.
I realize that sounds like a tall order, and I don't suggest any of us can solve these massive problems alone — but we can start: by accepting that our responsibility for security goes beyond our corporate walls... by actively looking for specific problems and opportunities... and by engaging where-ever we can.
We must believe we can make a difference in the stability and resilience of our global systems and infrastructures — and start doing something about it. I know you hosted the "Konferenz on International Security and the Fight Against Terrorism" here in Vienna two weeks ago…and there was an international security symposium in Horsching at the beginning of June attended by nearly 2,000 people. So, it's clear that business and government leaders here in Austria take their shared responsibility for security very seriously.
I've talked about our corporate responsibility to manage risk and ensure resilience in our own organization and about our broader responsibility to do the same for global networks and systems. I'd like to move now to our individual responsibility.
What we, as business leaders, can do to make a difference in global security — is to lead by personal example.
I believe that even as a private citizen leading a privately-owned firm, I exercise a public trust. Collectively, I believe that we, as business leaders, must honor and adhere to the highest standards of ethical behavior in the marketplace where our ideas and products compete. We need to conduct our business in ways that will build confidence and inspire trust. We need to think carefully about the consequences of our actions and decisions and recognize that "costs and benefits" have meaning well beyond our own balance sheets.
One of the powerful tactics used by terrorists is to "de-personalize" the other side. By failing to see us as real people with real hopes and good intentions — and, instead, seeing us as faceless enemies of their ideology, terrorists can justify attacks against our people, countries, and companies.
As business leaders, we must help to humanize democratic capitalism. We need to show empathy and compassion. We need to listen and learn. This will do much to build common ground, which is the foundation for understanding and security.
And, it's good business too: A recent survey by the Gallup Organization in the US found that companies that showed compassion and caring to workers after the September 11th terrorist attacks had a significantly higher level — 48% compared to 11% — of employees who said they felt engaged in their work.
Our personal leadership in seeking common ground should start right here — with our friends and allies. There is so much that the US and Europe can learn from each other that will make a positive difference in enhancing our collective security. Europe has the perspective of history — terrorism is far more than nine months old here... and you've learned about both the physical and emotional aspects of security through the lens of time. Europeans are more patient than Americans. You take a longer-term view. Impatient by nature, Americans tend to view inconvenience as an affront to our liberty and freedom — which is something we need to get beyond. At the same time, I believe Europeans can learn from America's tireless energy and focus on the future.
"Diverse minds. Shared values" is the headline on a Booz Allen recruiting ad, intended to attract talented men and women from around the world to come work for us. I think "Diverse minds. Shared values" applies equally well to the United States and Europe and our allies... and hopefully, in time, the rest of the world as well.
It is up to all of us working in the international business community to show that shared values can co-exist with different cultures. It is up to us to show concern, and inspire confidence. It is up to us to ask new questions and seek new understanding.
Perhaps the most important thing we learned from September 11th is how much we have to learn, and how much we stand to lose.
On September 12th, I had to deliver the news that three of Booz Allen's people — Gerald Fisher, Terence Lynch, and Ernest Willcher — were at the Pentagon briefing a client, right where the jet tore into the building, that they had not been heard from, and we feared the worst. I urged that we go forward, focus on the good, and use our talents to help make the world better and safer.
A week later, we held a memorial service at our headquarters for Geep, Terry, and Ernie and more than 2,000 people — including many of our clients — attended. It was the saddest day I ever remember at Booz Allen, but it was also the most heart-warming.
One of the most rewarding things that came from this tragedy was the personal outreach from colleagues around the world. I got hundreds of letters and e-mails — and each one was heartfelt and showed that we do indeed share a common fate and common values. We displayed a few of the letters on a poster in our office during the memorial service.
I'd like to close by reading from one of them:
All Paris office staff would like to express their very deep sorrow and compassion against this vile terrorist attack on the people of America and against all democracy. We are alarmed by the extent of these terrible and unspeakable acts and we all know that a terrible disaster like this could also happen in Europe. Despite the distance between us, let it be known that we are at your side during this terrible event.
In the last nine months, I've traveled a lot — and no matter where I go in Europe, Asia, or Latin America, I find people are concerned about security. Even in Australia — which has traditionally been spared by its remote location on our planet — our employees, our clients, and members of the press all wanted to talk about security. What this clearly says to me is we recognize that:
- we're all in this together...
- we live on common ground... and
- we share a common fate.
There's never been a more important time for us to come together — to find a solution.
Thank you.
