Measuring Travel Risk

Measuring risk is a simple equation. Whether measuring financial risk, reputation risk, operational risk, or travel risk, the basic equation is the same. Risk is the measurement of threats and vulnerabilities that affect a successful outcome.  

Businesses typically do not have a problem measuring financial risk or operational risk, but when it comes to travel, there is a very noticeable lack of attention.

Measuring travel risk requires some inward focus on areas that are lacking in the organization, regarding safety. It is necessary to measure organization and traveler vulnerability. Gathering the data points to paint an accurate picture can be challenging.  

Many companies will attempt to cover the area of risk analysis by contracting a third-party intelligence or travel risk company. These organizations will provide “risk maps” that show the risk level in countries and sometimes, cities. The issue with these so-called "risk maps" is that the risk equation being used is not measuring risk but threats.

 Threat analysis is important and must be done to provide accurate risk analysis, but without specific data regarding organization and personal vulnerability, the risk picture is incomplete and often inaccurate.  

Risk Assessment Process  

To gain an accurate risk assessment, managers should follow this formula;  

1. Identify threats at a  country or city level in the following categories;  


  • Health care 

  • Transportation 

  • Crime 

  • Politics

  • Terrorism

2. Using the threat information, develop a strategic level threat assessment for anticipated or current travel locations.

This is the baseline for starting the traveler risk assessment. 

3. Identify organization vulnerabilities like crisis response gaps, lack of policy, inexperience travelers and leadership. If the organization is unable to remedy or strengthen their vulnerability, the TRM Program personnel must factor the inability to change or lack of response as an organization vulnerability.

4. Identify personnel traveling as well as general itinerary information (preferably before booking).  

5. Collect data regarding individual vulnerability including;  


  • Travel frequency: More travel can mean more experience as well as more risk exposure. Lots of travel or no travel typically means higher vulnerability levels.  

  • Training: Does the travelers have training in first aid, first responder, emergency medical technician, physician, law enforcement, military or crisis management? Any of these can lower the travelers vulnerability as well as those traveling with that individual.

  • Gender: Regardless of personal views, there are locations that severely discriminate against individuals based on gender or who an individual identifies as (transgender, gender fluid, non-binary).

  • Nationality: Many destinations will discriminate against an individual based on their nationality or even deny entry.  

  • Religion: Although the TRM Program personnel may not be able to ask for this information, a general guideline regarding religion can be disseminated to individual travelers based on their destination.  

  • LGBTQ:  Most organizations cannot collect this information unless it is voluntarily given. It is still important to cover the potential for discrimination, detention and harm to an individual based on their sexual identity.  

  • Visa: It is critical that TRM personnel know what type of visa the traveler is requesting or has already retained, to verify that it is correct, and the traveler is not going into a country on a tourist visa, to conduct business. 

6. Using a risk matrix, calculate the vulnerability and threat data to determine the over all risk level. 

7. Identify threats and vulnerabilities that can be mitigated. For example, hire a driver service in a location that taxi services and public transportation are deemed to be high threat.  

8. Recalculate the risk level to determine the residual risk based on what was mitigated.  

9. Determine the benefit of the trip compared to the potential for crisis.    

This risk assessment process given is just one way to determine risk, although this model has been used in numerous organizations from small businesses to fortune 100 companies. It is a proven method that will leave very little to chance if used properly.