Elements of travel, business and communications came to a screeching halt last Friday during an IT outage triggered by a CrowdStrike software update - and the ripple effect remains in play a week later.
With many thousands of cancellations and delays, plenty of airline passengers were stranded last week - and many saw delays and cancellations this week, too, especially with Delta Air Lines’ sluggish recovery.
The incident made clear just how critical it has become to be prepared for managing situations like this along with other crises.
“What happened on Friday is like Y2K, and it happened, right?” said Christine Connolley, senior global crisis manager at corporate travel management company BCD Travel in an interview at the Global Business Travel Association's Convention 2024 in Atlanta. “Imagine the unimaginable … because that is what will happen.”
Bottom line, preparation and prevention remain at the core of crisis management and duty of care - protecting employees. But practices have changed over time and will continue to evolve.
What the incident reveals about crisis management
The CrowdStrike incident last week was unprecedented - and an accident, the result of a software update gone awry.
The outage made evident that no business is entirely safe from system mishaps or breakdowns, said Suzanne Sangiovese, director of travel and technology at Riskline. It’s essential, she added, to have access to timely and accurate information to help limit the consequences of incidents like these on business operations including travel.
Subscribe to our newsletter below
Technology needs to be able to accommodate technological problems, said Charlie Sultan, president of Concur Travel at SAP Concur.
“The global IT outage strongly underlined the need for automated travel technology solutions to help travelers manage disrupted travel itineraries,” Sultan said. “The ability for a travel manager to capture all of their company’s bookings in one place, regardless of whether they were booked – via a TMC [travel management company], in a booking tool or direct with suppliers – is paramount in situations like these.”
And what happened brings to the surface an element that now appears even more essential: Cybersecurity needs to be integrated into travel risk management, said Sangiovese, noting companies also need to add digital security to their duty of care responsibilities.
Technology, global security drive change
Some years ago, “duty of care” primarily referred to crisis management implemented by oil companies, gas companies and others that put employees in danger-prone work environments, according to Sultan. But things have changed. With the pandemic, the concept of crisis management went from handling an emergency “every five years or so” to making safety an “everyday and everywhere” priority.
Michael Rogers, chief security analyst at International SOS, agreed - noting a shift toward risk management strategy prioritization. “This comes at a time when the resurgence of global travel has been accompanied by an increasingly complex travel security landscape – particularly due to the impact of major geopolitical events like the conflict in Ukraine and Gaza.”
The complexity, he said, has led to the recognition of the need for timely and verified information. “International SOS has observed a 16% increase in the volume of security and medical alerts issued to clients from January to November 2023 compared to the same period in 2022,” Rogers said.
The evolving global security environment, climate change’s impact on more natural disasters and extreme weather events and more have prompted organizations to develop health and security policies.
As a result, organizations have recognized their responsibilities as growing and have invested in and improved upon systems and practices. Sultan said duty of care now starts during the trip planning process.
“They tightened controls such as ensuring travel is approved by leaders and adopted traveler-tracking technology that not only allowed the company to know where employees are geographically but informed them of restrictions and other localized concerns,” said Sultan.
BCD’s Connolley highlighted employee tracking to remote work opportunities for varying stints, saying it's become even more important after COVID.
And Rogers agreed technology has played a pivotal role in crisis management’s evolution.
“The use of data analytics and predictive modeling has become essential," he said. “Moreover, modern communication platforms have facilitated rapid and efficient communication during crises.”
And new standards have played a hand in crisis management’s evolution too. Both Connolley and Sangiovese pointed to ISO 31030, published in 2021 by International Organization for Standardization, which is meant to provide a framework for keeping travelers safe, managing risks, maintaining security and more.
It reflects “a more holistic approach to duty of care and risk management in today's volatile world,” said Sangiovese.
Crisis management practices will continue to evolve
“Crisis management will continue to evolve as companies improve their duty of care for their employees,” Sultan predicted.
Shaping those changes will be technology, Connolley said. “Crisis management will likely evolve with the adoption and development of AI and machine learning,” she said.
Sangiovese, too, said she expects a widespread adoption of AI and automation, particularly in the realms of risk detection, communication and documentation management.
On the corporate level, she anticipates a “holistic approach” that includes not just addressing immediate threats but seeking to understand causes and long-term impacts while looking to bolster resilience and preparedness.
What duty of care entails is already shifting, Connolley said. “I believe we are already seeing the aperture of duty of care expand to recognize the importance of mental health and wellness, particularly during and following a crisis.”
How AI can bolster efforts
Travel companies have been leveraging artificial intelligence to smooth processes in many circumstances. Crisis management is no different.
AI “isn’t just buzz,” said Riskline’s Sangiovese.
“It's having a real impact on technology solutions in travel risk and crisis management, and if there are suppliers who aren't already looking into adopting elements of how it can work for them - they should be,” Sangiovese said.
AI's impact during a crisis can be far-reaching, she added. AI can help synthesize and analyze vast amounts of data to turn up predictive patterns that can be used in simulating crisis scenarios. She added the technology can also help plan emergency responses and the guidance issued to to travelers.
Sultan agreed. “As generative AI becomes more embedded in travel solutions and adopted by customers, travelers and travel managers will be able to respond more quickly in emergencies with automated information.”
And there are some tangible examples, too, in the wake of Friday’s IT outage.
Hopper, for instance, shared Tuesday it saw a surge in demand for its Disruption Assistance product after Friday’s IT meltdown. The AI-driven rebooking tool provided something of a fallback solution for travelers dealing with the consequences of CrowdStrike’s mishap - without airline intervention.
And some startups such as Travelin.AI have incorporated duty of care as a priority in their new, AI-powered global business travel platforms.
Like all technological advancements, some risk is included with the advances.
“The reliance on AI also introduces challenges, such as the risk of algorithmic biases and potential security vulnerabilities, highlighting the need for a balanced approach that incorporates both advanced technology and human oversight,” said Sangiovese.