Coffee Break Chat: What 7 Security Managers Wish They’d Known Before Their First Crisis

No amount of training quite prepares you for that first major crisis. Whether it’s a natural disaster affecting your international offices, a security incident abroad, or a global pandemic (who had that on their 2020 bingo card?), there’s always something they don’t cover in the handbook.

We recently caught up with seven seasoned security managers over virtual coffees to discuss what they wish someone had told them before they faced their first major incident. These aren’t theoretical best practices or textbook strategies – they’re honest reflections from people who’ve been in the trenches and lived to tell the tale.

Grab your favourite brew and join our coffee break chat. You might just find some wisdom that saves you a sleepless night (or ten) when your time comes.

Your emergency communication plan will fail in ways you never imagined

Mark, security director for a global manufacturing company with sites in 14 countries, learned this lesson during a factory emergency in Malaysia:

“We had this robust emergency communication plan that looked brilliant on paper. Multiple channels, clear escalation protocols, the works. Then during an actual crisis – a chemical spill that forced evacuation – we discovered half our staff had never downloaded the emergency app, our SMS gateway was throttling mass messages as potential spam, and the local management team was communicating on WhatsApp groups we didn’t even know existed.”

What Mark wishes he’d known: Test your communication systems regularly under realistic conditions, not just theoretical drills. And always, always have multiple backups that don’t rely on the same infrastructure.

People forget their training the moment adrenaline kicks in

Emma, who oversees traveller safety for a UK consulting firm, shared her experience during a terrorist incident in a European capital:

“We’d done all the right training. Everyone had completed the e-learning modules, we’d sent travel advisories, and they had the emergency numbers on cards in their wallets. But when the actual incident happened near our conference venue, what did they do? Most people called their spouses first, not our emergency line. Several tried to return to their hotels despite our shelter-in-place instructions. The training just went out the window.”

What Emma wishes she’d known: Crisis response needs to be intuitive and align with natural human behaviour. The more steps or complex instructions you give, the less likely they’ll be followed under stress. Design your systems around how people behave when frightened, not how you want them to behave.

The data you need most will be hardest to find exactly when you need it

Raj, security operations manager for a technology firm, faced this reality during a natural disaster:

“When an earthquake hit Mexico City where we had a small office, the first question from leadership was simply ‘Who do we have there right now?’ It should have been straightforward, but it became a nightmare scenario. Our HR database wasn’t updated with recent business travellers, the travel booking system was separate from our employee database, and three people were on assignment from other countries that weren’t properly recorded. It took us nearly six hours just to compile an accurate list of potentially affected staff.”

What Raj wishes he’d known: Maintaining an accurate, real-time picture of your people’s locations isn’t bureaucracy – it’s the foundation of effective crisis response. Invest in systems that automatically keep this information current without relying on manual updates.

Your biggest vulnerability is probably sitting outside your security planning

Helen, head of risk for a retail chain, discovered this blind spot during civil unrest:

“We had comprehensive plans for our stores and staff, but we’d completely overlooked our supply chain. When protests blocked key transportation routes, we couldn’t get merchandise or supplies to several locations. What started as a security issue quickly became a business continuity crisis. We were so focused on protecting people and property that we missed the broader operational impacts.”

What Helen wishes she’d known: Map your entire ecosystem, not just your obvious assets. Suppliers, partners, key routes, utilities – they’re all part of your vulnerability landscape. A truly effective security plan looks at the entire operational picture.

The aftermath lasts longer than the crisis

David, security manager for an international school network, reflected on his experience following a campus security breach:

“We handled the immediate incident effectively – followed protocols, kept everyone safe, coordinated with authorities. I thought that once the all-clear was given, we’d return to normal operations. I was completely unprepared for the weeks of parent concerns, media inquiries, trauma responses from staff and students, and the regulatory reviews that followed. The incident lasted hours; the aftermath consumed months.”

What David wishes he’d known: Plan for recovery with the same detail you plan for response. The psychological, reputational, and operational recovery often requires more resources than the initial crisis management.

Your team’s well-being is your most overlooked critical resource

James, crisis manager for a global financial institution, shared a personal reflection:

“After coordinating our response to a major cyber incident that required round-the-clock management for nearly two weeks, half my team was effectively burned out. I was so focused on the technical response that I failed to rotate people adequately, ensure rest periods, or monitor stress levels. Just when we needed experienced hands to manage the recovery phase, I had a team running on fumes.”

What James wishes he’d known: Build team resilience and wellbeing into your crisis plans. The people managing your response need clear schedules, defined breaks, and well-being check-ins. A burned-out team makes compromised decisions.

The Common Thread: Integration Makes All the Difference

As we wrapped up our coffee chats, a common theme emerged across all these lessons: Siloed approaches to crisis management inevitably create vulnerabilities. The security managers who had transitioned to integrated platforms consistently reported smoother crisis responses than those working with multiple disconnected systems.

Mark, who experienced the communication failures in Malaysia, summarised it well:

“After that incident, we moved to a single platform that integrated location data, communication tools, and response protocols. The difference was night and day. During our next crisis, we had real-time visibility of our people, could communicate through multiple channels from one interface, and could track who needed assistance. The technology itself wasn’t revolutionary – the integration was.”

Putting These Lessons into Practice

What struck us most about these conversations wasn’t just the specific lessons but how these experienced professionals all emphasised the same point: Crisis management is fundamentally about integrating people, processes, and information in real time.

At Locate Global, this insight drives our approach. Rather than offering point solutions that address isolated aspects of crisis management, our platform integrates real-time location intelligence, multi-channel communication, response coordination, and post-incident analysis in a single system that works the way security teams work during crises.

The security managers we spoke with all wished they’d understood earlier that effective crisis management isn’t about having more tools – it’s about having the right information at the right time in the right place. And that’s exactly what we’ve built our platform to deliver.

Want to learn more about how Locate Global can transform your approach to crisis management? Let’s continue the conversation – preferably over coffee. Contact our team at info@locate.global.

This blog is based on real conversations with security professionals across various industries. Names and some details have been changed to protect confidentiality, but the lessons and experiences are authentic.