Travel risk management is now a boardroom issue. It’s baked into duty of care, risk registers, and compliance strategies. The pandemic brought it into sharp relief. ISO 31030 gave it structure. And global events – from conflict to climate – keep it firmly on the agenda. But there’s a problem.
New research shows a disconnect between the existence of policies and their adoption. Our survey last year of 500 risk and security managers asked how often their workforce follows travel risk advice. The majority – 72% – said it happens only “quite often” or “sometimes”. And a small but telling 7% said it “rarely” or “never” happens.
That’s not just a gap. That’s risk, hiding in plain sight. So why does this happen? If the structures are in place, the policies written, the risk teams engaged – why aren’t travellers following the advice? The answer lies in the messy space between policy and people. And it’s here that real travel risk leadership needs to focus.
Three causes of the gap: Clarity, ownership, and design
Clarity: The message gets lost
Many organisations have good intentions, thorough documentation, and detailed processes. But that’s not the same as clear communication. In many cases, travellers simply don’t know what’s expected of them – or why. Policies are long. Language is legalistic. Risk guidance often gets bundled with broader travel information or lost in pre-trip admin.
Travellers may see it, but they don’t absorb it. Or worse, they dismiss it as irrelevant because the risk feels abstract or low.
Ownership: Misplaced confidence and the illusion of control
Business travellers often see themselves as capable, worldly, and self-reliant. For many, following detailed risk guidance feels unnecessary – especially if they’re going to a familiar destination or have travelled extensively before.
There’s a strong element of overconfidence at play. Travellers think they’ll handle problems if they arise. That nothing serious will happen. That “common sense” will do. This illusion of control leads to disengagement – especially when the policy feels like a hurdle rather than a help.
Design: When systems make it hard to do the right thing
Sometimes, travel risk processes are simply too cumbersome. They’re bolt-ons, not built-ins. If it takes three extra steps to access risk advice, or if the advice feels out of date, vague or overly generic, travellers will ignore it.
Risk advice also often sits outside the core travel booking experience. It’s not embedded into tools people already use. That separation creates friction – and friction leads to drop-off.
Put simply: the system’s not designed for adoption. It’s designed for compliance. And that’s not enough.
The influence of ISO 31030: Setting the standard, but not the solution
ISO 31030 has made a clear contribution to this conversation. It provides a consistent, structured approach to travel risk management. It helps organisations identify risks, define responsibilities, and set expectations.
But while ISO 31030 lays out what to do, it can’t guarantee how it’s done. It’s a framework – not a fix.
For businesses that treat it as a compliance checklist, the policy-practice gap remains. For those that use it as a foundation to build smarter, more human systems, it’s a powerful tool for change.
To make that shift, organisations need to rethink the way they engage travellers.
Turning policy into practice: Four ways to close the gap
Simplify the message
Strip guidance down to essentials. Focus on relevance, not volume. Use plain language. Tailor messaging to trip type, location, and traveller profile. Make it timely – delivered when decisions are being made, not buried in pre-trip PDFs. Think less about “informing” and more about “arming” travellers with what they need, when they need it.
Reframe risk as support
Risk advice isn’t a barrier – it’s a safety net. But it doesn’t always feel that way. Instead of mandating compliance, shift the narrative. Show how travel risk systems protect people and enable fast response when things go wrong. Build trust, not just rules. Make it easy to ask questions, report concerns, and adapt plans without fear of delay or reprimand.
Design for adoption, not just control
Embed risk checks into the tools travellers already use – booking platforms, itineraries, expense apps. Use nudges, not nags. Make it the path of least resistance. This is where good UX and behavioural science matter. People are more likely to follow the process if it’s easy, intuitive, and feels designed with them in mind.
Measure what matters
Don’t just track policy existence – track engagement. Who’s opening pre-trip emails? Who’s using the app? Who’s opting into alerts or reading destination briefings? Use that data to spot drop-offs, iterate messaging, and show ROI. If adoption is low, treat it as a system failure – not a people failure.
Culture shift: From compliance to readiness
The ultimate goal of travel risk management isn’t just to reduce incidents. It’s to build readiness – the mindset and muscle memory that helps travellers act decisively and safely when something does go wrong. That can’t be achieved by policy alone. It takes culture – one that treats risk not as red tape, but as real-world preparedness.
That’s where leadership comes in. Not just from risk teams, but from HR, operations, travel, and the C-suite. A culture of readiness needs to be modelled, enabled, and rewarded. Because when the next disruption hits – whether it’s political unrest, a natural disaster, or something more personal – the question won’t be whether you had a policy in place. The question will be: were your people ready?
Photo copyright: clickerhappy on Pexels.
