How Much Security for Employees?

Your employer has a 'duty of care' to ensure, as far as possible, your health, safety and welfare while you're at work. – Official Health and Safety at Work, UK Health and Safety Executive

One of the overriding legacies of the Bush administration in the wake of the destruction of the World Trade Center in New York on September 11, 2001 is the often near-paranoid emphasis on security as a means of countering terrorism. That legacy is spreading across the world, with serious consequences for businesses.

Employers take note. Your costs could escalate alarmingly. Post-9/11 security measures – excluding overseas conflicts and intelligence and police operations - have consumed billions of dollars worldwide. These sums are set to keep rising in the absence of any obvious technical mechanism or political incentive to rein them in.

But while it is impossible to quantify how many terrorist attacks have been deterred by such a vast allocation of finite resources, there is less doubt over the impact the now- increasingly discredited ‘war on terror’ has had on more practical means to ensure the safety and security of millions of people. If the ‘war on terror’ was a passing political slogan intended to convey aspiration and intent - as well as justifying often extreme action - the legal implications for companies and institutions of this heightened sense of danger are now embedded and unlikely to diminish regardless of any reduction in the perceived threat.

The first major terrorist attacks on the US mainland have in particular elevated and broadened the well-established legal concept of ‘duty of care’ beyond health and safety and human resources concerns to board level. This reflects the recognition among many senior executives that failure to take measures intended to counter identifiable threats to anyone they have a corporate responsibility to protect could be far more costly than any effort to mediate the risks.

Duty of care obligations vary in detail, but the British government’s definition used in its official Health and Safety at Work documentation covers the generic points. The simple statement that started this article offers employees whose ‘health, safety and welfare’ have been compromised or threatened while at work grounds for redress and litigation against their employer. Duty of care obligations also extend to a company’s customers, clients and ‘passers-by’ who may be affected by foreseeable events that have caused them physical harm or distress within the aegis of corporate responsibility.


The principal legal defense a company or institution has when confronted with a duty of care issue is to be able to demonstrate to the highest legal standards that it has recognised the potential threat and had taken positive and realistic steps to prevent or reduce any harm.

Three areas of varying probability and consequence illustrate where duty of care issues can have a serious impact on a company, and how liability may be reduced while ensuring wider ethical and reputational corporate interests are protected.

‘Terrorism, travel and tripping’ encapsulate the range of duty of care concerns senior executives are likely to concentrate on.

Terrorism has, unsurprisingly, gained the most attention as a duty of care issue. However, terrorism by its nature is a complex and often impossible event to fully protect against. Further, there are clear differences as to how a company operating within a country or region with a known terrorist or insurgent threat perceives such threats against one that does not. However, as terrorist attacks can occur anywhere – albeit on a scale of heightened or reduced probability – their very unpredictability requires attention regardless of location if duty of care criteria is to be met.


Mediating terrorist threats in order to protect those owed a duty or care requires companies and institutions to seek professional advice on a wide range of issues. These are usually contained within a threat assessment on locations, properties and procedures and include detailed technical recommendations as to how minimise risk and reduce liability. Where warranted training in crisis management, business continuity, operating in hazardous environments and the provision of close protection may be required to ensure duty of care obligations are met.

While terrorist attacks are an extreme and rare event travel is routine. Few companies pay a great deal of attention to what they view as routine travel – a few days in a familiar nearby country or even a couple of hours in neighbouring city – concentrating on what they consider to be higher risk destinations. In duty of care terms such divisions are false as the legal issue is the extent to which a company has sought to ensure it has met its responsibilities to both its staff and its own interests.

A criminal attack, for example, on junior employee sent on a short work trip without any security advice could lead to high legal and reputational costs. Some companies, encouraged by their insurers, now require staff to read and acknowledge security-based briefings on their travel destinations. Such measures offer employees insights into potential threats and advice on behaviour intended to reduce the risk of being a crime victim while also reducing employers’ liability.

Tripping’ includes any incident leading to physical harm involving those subject to a company’s or institution’s duty of care responsibilities. This includes individuals who, literally, trip over or suffer other accidents while on a company’s property as well as more serious events, such a criminal assault. These are the most common incidents any company with properties that have free public access, such as shopping malls or hotels, can expect to face. As a result efforts to reduce such liabilities represent the main duty of care concern for senior management, with much of the risk mediation made the responsibility of in-house health and safety personnel. From a legal perspective, however, there may be an advantage in ensuring such work is routinely reviewed or matched by independent specialists operating outside an individual company’s corporate culture and career structure.

The huge amount of information now available through the Internet has encouraged at least some companies to make their own assessments as to what or where constitutes a threat or a risk. In many cases the information is appropriate in terms of offering advice and recommendations. However, in legal terms it is often worthless in support of a defence intended to limit liability. For a senior manager to admit in court that a company’s efforts to fulfill its responsibilities towards an employee involved searching the Internet would be unlikely to be seen as an acceptable definition of meeting duty of care obligations.

Such obligations could be made more complex as global economic contraction leads many legal firms that had previously ignored the ‘ambulance chasing’ aspects of duty of care cases to review their options. Duty of care’s broad and readily understood definition and limitless opportunities for contesting liability could challenge corporate interests, in some case potentially following the legal models developed to deal with the effects of asbestosis and tobacco.

GM Greenwood is a consultant with Allan & Associates, a Hong Kong–based security risk and crisis management company.