The loss of life and the commercial threat posed by both incidents, however, pale in comparison to the December report from Mexico’s attorney general that 5,400 people were slain in the first 11 months of 2008 in the drug-fueled war gripping cities that are home to U.S. maquiladoras.

“Now I’m getting more calls from companies concerned about northern Mexico than Mumbai,” said Mike Ackerman, managing director of Miami-based Ackerman Group, which specializes in counterterrorism and serves 65 of America’s top 100 multinationals. “Northern Mexico is a shooting gallery.”

The State Department has issued a travel alert for both Mexico and India, and the European Union has provided new resources to combat piracy, but no initiative addresses the immediate business need to conduct global operations or the ultimate responsibility HR executives bear for protecting employees in an increasingly dangerous world.

Piracy, like kidnapping and drug running, is a profit-oriented business that operates with some predictability. The terrorists who attacked Mumbai pose a far greater challenge for corporate security.

“No one foresaw the nature of the attacks in Mumbai,” Ackerman said. “But Mumbai has a history of terrorist attacks and proper precautions could have been taken.”

In fact, any Ackerman client traveling to Mumbai would have been warned off staying at the two hotels that were targeted because they did not have strong perimeter security.

The business risk posed by global terrorism is now a permanent part of the landscape.  

“It’s not going to go away,” Ackerman said. “I don’t want to discount what happened in Mumbai, but India has larger problems, with extremists operating on a number of fronts, and a separate problem with ransom kidnappings. There are both criminal risks and terrorist risks in India and beyond.”

HR executives must be aware of both criminal and terrorist activity but also understand that the countermeasures are different. In high-risk areas for kidnappings in India, incidents involving executives for Adobe, Expedian Solutions and Satyam Computer Services have occurred when the executives or family members were walking or driving. Proper precautions and training to avoid kidnappings are now part of standard corporate security offerings.

With terrorists, however, the dangers lie in hotels, commercial aircraft and government facilities such as train stations. “In Mumbai, the focus was on the hotels where Westerners stay because the terrorists wanted to strike at the economy, which they did with huge success,” Ackerman noted.

The fatal mistake, Ackerman said, is that companies undervalue risk analysis. The first step in risk mitigation is to use at least one intelligence service that also suggests preventive strategies.

“Companies can purchase intelligence services for $6,000 to $10,000 a year for two sources,” he noted. “But then you’ve got to read the stuff. The corporate security director may be the first line of defense, but ultimately the HR director is responsible for gauging the risk to employees.”

A 2008 survey of 600 large multinational companies conducted by iJET Intelligence Risk Systems found that less than half track terrorism as part of their risk monitoring process. HR executives will also need to step up their screening procedures for employees.

The Ackerman Group’s assessment of the Mumbai attacks cites an Indian police report that a software engineer for the local division of U.S.-based Yahoo was responsible for putting out the Mumbai terrorists’ e-mail claiming credit for the attacks. 

Ackerman advises HR executives to not only conduct a formal screening during the hiring process, but also continue screening employees every two years for indications of criminal or terrorist behavior.

“In addition, local managers and HR staff should constantly monitor employees for any attitudinal changes, lifestyle changes or signs of intensified religious beliefs or disaffection,” he said.

Besides terrorism, piracy remains a significant risk not only for the shipping industry but for any company that relies on commercial cargoes. In the first nine months of 2008, 199 acts of piracy occurred, including 115 vessels boarded, 31 hijacked and 23 fired on, according to the International Maritime Bureau’s Piracy Reporting Center.

Worldwide, 581 crew members were taken hostage, nine were kidnapped, nine were killed and seven are missing and presumed dead. As of December 1, 14 vessels with more than 250 crew members remained in the hands of Somali pirates.

In 2008, pirates collected more than $30 million in ransom money from their work in the Gulf of Aden, according to BGN Risk, the London-based business security and anti-piracy firm. The special risk insurance levy for crossing the Gulf of Aden jumped from an average of $500 per vessel per voyage in 2007 to $20,000 in 2008.

Proper insurance coverage for all commercial ships crossing the Gulf of Aden would add $400 million a year in insurance and transport costs, according to BGN Risk, with these costs passed on to commercial customers.

—Fay Hansen

Workforce Management’s online news feed is now available via Twitter.