What Comes After Executive Protection?

By Matt Hinton and Justin Cruz

The tragic killing of the UnitedHealthcare (UHC) Chief Executive Officer on December 4, 2024, marked a pivotal moment for corporate security. In the aftermath, boards of directors across industries moved swiftly, asking tough questions about the safety of executives. Organizations responded with urgency, deploying protective measures to safeguard their leadership in the office, at home and everywhere in between. For many organizations, this swift mobilization underscored a long-overdue recognition of the vulnerabilities faced by high-profile executives and the strategic imperative to address them at the highest levels of governance.

Now, with foundational executive security protocols in place, critical questions emerge: What should organizations prioritize to ensure long-term resilience and executive safety? How can responsive measures evolve into new or enhanced executive security programs with a clear vision for protecting the organization? The answer lies in transitioning from reactive protection to proactive preparedness—an evolution that demands strategic foresight, cross-functional collaboration and a holistic approach to risk management.

(Re)establishing the Protective Foundation

In the immediate wake of December 4, organizations acted decisively to fortify their executive protection capabilities. This initial phase focused predominantly on physical security: evaluating threats to key executives, standing up or enhancing executive protection programs and protocols, deploying close protection personnel, and upgrading office and residential security infrastructure.

These measures, while essential, were largely reactive. Now is the opportunity for organizations to go beyond the initial reactive measures and reassess the broader threat landscape not only to their executives, but to their people, buildings, intellectual property, and brand. This means (re)establishing sustainable physical security capabilities that are commensurate with their risk exposures. Core areas such as access control systems, enhanced visitor management, travel security protocols, intel, and incident response planning must be evaluated and incorporated into an organization’s security foundation to protect the enterprise as a whole.

Expanding the Definition of Protection: Digital and Psychological Dimensions

In an increasingly interconnected world, executive exposure extends far beyond physical proximity. Digital footprints, social media activity and publicly accessible personal information have become vectors for harassment, impersonation and reputational harm. Moreover, the psychological toll of persistent threat awareness can impair executive performance and decision-making. It is no longer sufficient to focus only on physical security – companies must take a holistic approach to identifying and managing threats to executives.

To address these challenges, organizations must broaden their executive security strategies to include:

1. Digital hygiene protocols, including regular audits of online presence and the removal of sensitive personal data (where possible).
2. Training on secure communication practices and social media risk mitigation for executives and, importantly, their family members.
3. Access to psychological support services, resilience coaching and stress management resources for executives and family members.
4. Training on principles of personal security and self-defense should executives or their family fear for their physical safety.
5. Comprehensive protective intelligence including digital risk and threat monitoring to scan for and detect threats on social media and deep and dark web venues, as well as continual assessment of the threat landscape and the executive’s evolving profile.
6. Coordination over public communications and executive visibility to ensure that teams, such as investor relations and marketing, work closely with security to avoid unintentionally increasing an executive’s exposure.

Comprehensive protection must encompass an executive’s digital identity and mental well-being, recognizing that threats to reputation and psychological safety can be as damaging as physical harm. Similarly, effective protection measures need to be integrated throughout the business and take a strategic, enterprise-wide approach led by proactive intelligence and risk assessments.

Addressing Insider Threats and Workplace Violence

Many executive protection programs are designed to address external threats such as activists, stalkers and aggrieved individuals. However, many serious threats emerge internally, including disgruntled employees, insider sabotage and workplace violence. These threats are often underestimated but have the potential to cause tremendous harm.

Organizations should prioritize designing and implementing formal workplace violence prevention and response programs featuring:

• Behavioral threat assessment and crisis management teams trained to identify early warning signs of internal risk and equipped to coordinate with key functions from across the organization, such as HR, legal and security.
• Clear and accessible reporting mechanisms and escalation protocols for concerning behavior, as well as frequent reminders to employees about these measures.
• Workplace violence awareness training for all employees to understand how to recognize concerning behavior and understand the channels available to them to escalate concerns safely.
• Specific governance, planning and training for HR professionals who are often on the front lines of contentious interactions and high-risk terminations, among other conflict management scenarios.
• Confidential mental health and well-being support resources for employees experiencing stress, conflict or crisis.

More formal and holistic insider risk capabilities can be developed that incorporate these workplace violence prevention and response capabilities as an organization matures. Programs can leverage these capabilities to look at other sources of insider threat (e.g., fraud, IP theft, etc.) in an integrated and comprehensive way.

By expanding their scope to include internal as well as external threats, organizations can build real resilience and ensure a systemic and coordinated approach to both executive and enterprise security.

Reinforcing Crisis Management Capabilities

As organizations reassess their executive protection strategies, it is imperative that they also revisit and modernize their crisis management frameworks. The threats facing today’s enterprises—ranging from targeted violence and cyberattacks to reputational crises and geopolitical disruptions—require a coordinated, agile and well-rehearsed response.

Many crisis management plans were designed for a different era, and often focused on natural disasters or operational failures. In the current environment, these plans must be refreshed and stress-tested to ensure they are fit for purpose. Plans should be all-hazards in nature and align to the organization’s culture and business-as-usual operating models.

A critical component of this refresh is the regular exercising of crisis response teams against high-impact, plausible scenarios. These exercises—whether tabletop simulations or full-scale drills—are essential for:

• Validating roles and responsibilities under pressure.
• Testing communication protocols and decision-making workflows.
• Identifying operational gaps and areas for improvement.
• Building team cohesion and confidence in high-stakes environments.

Reinvigorating Enterprise Risk Management

Protective efforts must be grounded in a strong enterprise risk management (ERM) foundation. In many organizations, ERM functions have become fragmented or under-resourced, if they even existed in the first place. Without a clear, enterprise-wide view of risk, it becomes difficult to determine what threats are being monitored, prioritized or even acknowledged. This lack of visibility undermines both executive security and crisis preparedness.

Reinvigorating ERM—ensuring it is integrated, data-informed and aligned with strategic objectives—is critical to identifying blind spots, allocating resources effectively and ensuring that protection efforts move from reactive to forward-looking. ERM should be the unifying framework that brings together otherwise siloed risk management efforts across an enterprise…if done correctly. For ERM to guide protection meaningfully, it cannot be a “check-the-box” exercise or based on historical points of view. In order to add value, it must be strategic in nature and closely tied to the organization’s core business objectives and growth.

For organizations not sure where to begin, ERM can start with:

• Refreshing the enterprise risk register to reflect the current threat landscape and the organization’s current business priorities.
• Re-engaging department leaders to reassess what they consider mission-critical and ensure alignment with business priorities.
• Mapping existing risk mitigation efforts across departments (e.g., corporate security, business resilience) and identifying overlaps and opportunities to integrate efforts.
• Establishing well-defined risk tolerance levels to give security teams a clear picture of how much risk leadership is willing to accept.
• Tying ERM to assurance and strategic planning mechanisms to enable continuous improvement for the ERM model and ensuring it is fit-for-purpose through the organization’s evolution.
• Leveraging top risks identified in ERM efforts as the basis for crisis exercise scenarios to increase preparedness across the organization.

The Strategic Imperative: Advancing Threat & Protective Intelligence

Enterprise and executive security capabilities are drastically augmented when supported by mature threat and protective intelligence operations. To move beyond a reactive footing, organizations must invest in these intelligence disciplines and shift them from niche capabilities to a key corporate function integrated throughout the organization. Modern threat and protective intelligence functions should work side-by-side and integrate behavioral threat assessment, open-source intelligence (OSINT), and continuous monitoring of online venues to provide a comprehensive view of an organization’s current threat landscape. This allows an organization to identify, assess and manage potential threats to executives and assets before they materialize, and enables security teams to make risk-based decisions.

Key components of an integrated threat and protective intelligence program include:

• Behavioral threat analysis to identify individuals exhibiting patterns of grievance, fixation or escalation.
• Digital monitoring of social media platforms, forums, and dark web activity to detect early indicators of intent, assess the credibility of potential threat actors and identify escalation chains to enable quick action.
• Contextual risk modeling and strategic analysis that considers societal, political and economic factors influencing threat dynamics.
• Modern tooling to process, manage, store and disseminate threat data in a way that is efficient and compliant with privacy requirements.
• Processes to systematically surface threat signals from all parts of an organization.

However, protective intelligence is not merely a conglomerate of technology solutions. It requires skilled analysts capable of interpreting nuanced data and collaborating cross-functionally with human resources, legal, corporate security and information security to ensure timely and effective intervention.

When deployed correctly, threat and protective intelligence become decision-making filters that allow an organization to intervene early while also reducing blind spots, breaking down silos between departments, and ensuring that teams are positioned to anticipate risk scenarios rather than responding to them.

Conclusion: From Protection to Strategic Preparedness

The events of December 2024 serve as a stark reminder of the evolving threat landscape facing corporate leaders. While the rapid deployment of executive protection measures was both necessary and commendable, it represents only the first step.

To ensure enduring safety and organizational resilience, organizations must now pivot toward strategic preparedness—a forward-looking approach that integrates intelligence, digital security, psychological support, crisis readiness and cultural transformation. In doing so, they will not only safeguard their executives but also fortify their institutions against the complex risks of the modern era.

Matt Hinton is a Partner at Control Risks. He heads the North American Crisis and Security Consulting practice. He assists organizations with key risk and resilience matters, including crisis management and corporate security.

Justin Cruz is a Senior Consultant in Control Risks’ Crisis and Security Consulting practice, based in New York City. Justin focuses on establishing and growing physical security, executive protection, and threat intelligence programs.