WASHINGTON—When kidnappers target employees of multinational companies, security experts say responsibility for their safety ultimately rests with the employer.

The best way to meet that responsibility is to make sure the kidnapping never happens. Training and preparation—with upper management buy-in—are key elements in mitigating the risk, experts say.

Understanding the exposure is key, said Richard Hildreth, managing director-crisis management planning at Falls Church, Va.-based screening and security company Altegrity Inc. The risk is “significant today depending upon where they're traveling or where they have operations,” he said.

The threat of kidnapping is particularly high in countries with a poor law enforcement infrastructure, security experts say.

“Mexico is probably about as high-risk as you can get these days,” said Mr. Hildreth, but countries with police corruption, including some in South America, as well as major oil and gas interests, such as Nigeria and the Middle East, also present kidnapping threats, he said.

“In places like Mexico and Brazil, multinational workers may be seen as richer than locals and therefore targeted,” said Francisco Quinones, operations director at Clayton Consultants in Herndon, Va. But in Nigeria, kidnappers don't care as much about how much an oil company worker makes as the fact that the worker is employed by an oil company, he said.

“Companies have a duty of care to their employees to provide them with a safe and secure working environment,” said Jonny Gray, Los Angeles-based senior vp and director of crisis security consulting for the Americas for London-based Control Risks. “The test of this is to take all reasonable steps to provide that.”

“First and foremost, preparation, preparation and preparation” is essential to deal with the exposure, said Mr. Quinones (see box). This requires due diligence to determine not only which countries present threats but specific regions that are dangerous, he said.

Executives must be a “good consumer of security,” said Neil Livingstone, chairman and CEO of ExecutiveAction L.L.C. in Washington. That means knowing whether security personnel have real-world experience and knowledge, he said.

In addition, “every executive who's in a hostile part of the world ought to be reading a book” on how to deal with security and safety issues or taking a course on the matter, Mr. Livingstone said.

Before being posted outside the United States, employees should receive a security briefing about all threats ranging from being shortchanged by a taxi driver to being robbed to being kidnapped, Mr. Quinones said.

Mr. Hildreth said employers need to have crisis plans and travel policies in place. “Have transportation arranged before you get there. Check out the hotel before you get there,” he said. Employees need to learn techniques as simple as taking different routes each day and being wary of surveillance.

“Know exactly what to do” if training and security measures fail and kidnappers seize an employee, Mr. Quinones said. Companies should establish crisis teams far in advance. The team, which would respond to any crisis, must answer questions about how the crisis arose, how it affects the company, and how it affects the victim's family, he said.

The team usually involves the CEO, chief financial officer, and representatives of human resources, legal and security units, Mr. Quinones said. Mr. Hildreth, whose company has responded to more than 500 kidnap or extortion incidents since 1993, also said the risk manager and media spokesman should be on the team.

“Most global companies will have a crisis management team, they're going to have a plan and, hopefully, will have gone through some tabletop scenarios,” Mr. Hildreth said. They “need to have scenarios where they rehearse an incident.”

“You have to have management buy into this,” he said. Team members also need backups because “these things never happen 9 to 5 Monday through Friday,” Mr. Hildreth said.

Kidnap and ransom insurance can be tapped if an employee is seized, although Mr. Livingstone said he's heard “mixed views on K&R insurance,” with some clients preferring to put the ransom together themselves. Employers that carry K&R coverage usually can call upon the services of a professional to handle the ransom drop-off, but he said there are “a lot of pitfalls unless you have real professionals” delivering the ransom, such as kidnappers trying to rob the team that brings the money, he said.

“It's ultimately the company's responsibility,” said Mr. Gray. Even if the ransom demand is made directly to the family, he said that doesn't absolve the company of responsibility.

Fortunately, the chances are “very, very good” that a victim will be released by kidnappers, whose motivation is financial.