Latest news with #executivesecurity
Forbes
15-07-2025
- Business
- Forbes
From Reaction To Resilience: What Comes After Executive Protection?
By Matt Hinton and Justin Cruz The tragic killing of the UnitedHealthcare (UHC) Chief Executive Officer on December 4, 2024, marked a pivotal moment for corporate security. In the aftermath, boards of directors across industries moved swiftly, asking tough questions about the safety of executives. Organizations responded with urgency, deploying protective measures to safeguard their leadership in the office, at home and everywhere in between. For many organizations, this swift mobilization underscored a long-overdue recognition of the vulnerabilities faced by high-profile executives and the strategic imperative to address them at the highest levels of governance. Now, with foundational executive security protocols in place, critical questions emerge: What should organizations prioritize to ensure long-term resilience and executive safety? How can responsive measures evolve into new or enhanced executive security programs with a clear vision for protecting the organization? The answer lies in transitioning from reactive protection to proactive preparedness—an evolution that demands strategic foresight, cross-functional collaboration and a holistic approach to risk management. (Re)establishing the Protective Foundation In the immediate wake of December 4, organizations acted decisively to fortify their executive protection capabilities. This initial phase focused predominantly on physical security: evaluating threats to key executives, standing up or enhancing executive protection programs and protocols, deploying close protection personnel, and upgrading office and residential security infrastructure. These measures, while essential, were largely reactive. Now is the opportunity for organizations to go beyond the initial reactive measures and reassess the broader threat landscape not only to their executives, but to their people, buildings, intellectual property, and brand. This means (re)establishing sustainable physical security capabilities that are commensurate with their risk exposures. Core areas such as access control systems, enhanced visitor management, travel security protocols, intel, and incident response planning must be evaluated and incorporated into an organization's security foundation to protect the enterprise as a whole. Executive protection Expanding the Definition of Protection: Digital and Psychological Dimensions In an increasingly interconnected world, executive exposure extends far beyond physical proximity. Digital footprints, social media activity and publicly accessible personal information have become vectors for harassment, impersonation and reputational harm. Moreover, the psychological toll of persistent threat awareness can impair executive performance and decision-making. It is no longer sufficient to focus only on physical security – companies must take a holistic approach to identifying and managing threats to executives. To address these challenges, organizations must broaden their executive security strategies to include: Comprehensive protection must encompass an executive's digital identity and mental well-being, recognizing that threats to reputation and psychological safety can be as damaging as physical harm. Similarly, effective protection measures need to be integrated throughout the business and take a strategic, enterprise-wide approach led by proactive intelligence and risk assessments. Addressing Insider Threats and Workplace Violence Many executive protection programs are designed to address external threats such as activists, stalkers and aggrieved individuals. However, many serious threats emerge internally, including disgruntled employees, insider sabotage and workplace violence. These threats are often underestimated but have the potential to cause tremendous harm. Organizations should prioritize designing and implementing formal workplace violence prevention and response programs featuring: More formal and holistic insider risk capabilities can be developed that incorporate these workplace violence prevention and response capabilities as an organization matures. Programs can leverage these capabilities to look at other sources of insider threat (e.g., fraud, IP theft, etc.) in an integrated and comprehensive way. By expanding their scope to include internal as well as external threats, organizations can build real resilience and ensure a systemic and coordinated approach to both executive and enterprise security. Reinforcing Crisis Management Capabilities As organizations reassess their executive protection strategies, it is imperative that they also revisit and modernize their crisis management frameworks. The threats facing today's enterprises—ranging from targeted violence and cyberattacks to reputational crises and geopolitical disruptions—require a coordinated, agile and well-rehearsed response. Many crisis management plans were designed for a different era, and often focused on natural disasters or operational failures. In the current environment, these plans must be refreshed and stress-tested to ensure they are fit for purpose. Plans should be all-hazards in nature and align to the organization's culture and business-as-usual operating models. A critical component of this refresh is the regular exercising of crisis response teams against high-impact, plausible scenarios. These exercises—whether tabletop simulations or full-scale drills—are essential for: Reinvigorating Enterprise Risk Management Protective efforts must be grounded in a strong enterprise risk management (ERM) foundation. In many organizations, ERM functions have become fragmented or under-resourced, if they even existed in the first place. Without a clear, enterprise-wide view of risk, it becomes difficult to determine what threats are being monitored, prioritized or even acknowledged. This lack of visibility undermines both executive security and crisis preparedness. Reinvigorating ERM—ensuring it is integrated, data-informed and aligned with strategic objectives—is critical to identifying blind spots, allocating resources effectively and ensuring that protection efforts move from reactive to forward-looking. ERM should be the unifying framework that brings together otherwise siloed risk management efforts across an enterprise…if done correctly. For ERM to guide protection meaningfully, it cannot be a 'check-the-box' exercise or based on historical points of view. In order to add value, it must be strategic in nature and closely tied to the organization's core business objectives and growth. For organizations not sure where to begin, ERM can start with: The Strategic Imperative: Advancing Threat & Protective Intelligence Enterprise and executive security capabilities are drastically augmented when supported by mature threat and protective intelligence operations. To move beyond a reactive footing, organizations must invest in these intelligence disciplines and shift them from niche capabilities to a key corporate function integrated throughout the organization. Modern threat and protective intelligence functions should work side-by-side and integrate behavioral threat assessment, open-source intelligence (OSINT), and continuous monitoring of online venues to provide a comprehensive view of an organization's current threat landscape. This allows an organization to identify, assess and manage potential threats to executives and assets before they materialize, and enables security teams to make risk-based decisions. Key components of an integrated threat and protective intelligence program include: However, protective intelligence is not merely a conglomerate of technology solutions. It requires skilled analysts capable of interpreting nuanced data and collaborating cross-functionally with human resources, legal, corporate security and information security to ensure timely and effective intervention. When deployed correctly, threat and protective intelligence become decision-making filters that allow an organization to intervene early while also reducing blind spots, breaking down silos between departments, and ensuring that teams are positioned to anticipate risk scenarios rather than responding to them. Conclusion: From Protection to Strategic Preparedness The events of December 2024 serve as a stark reminder of the evolving threat landscape facing corporate leaders. While the rapid deployment of executive protection measures was both necessary and commendable, it represents only the first step. To ensure enduring safety and organizational resilience, organizations must now pivot toward strategic preparedness—a forward-looking approach that integrates intelligence, digital security, psychological support, crisis readiness and cultural transformation. In doing so, they will not only safeguard their executives but also fortify their institutions against the complex risks of the modern era. Matt Hinton is a Partner at Control Risks. He heads the North American Crisis and Security Consulting practice. He assists organizations with key risk and resilience matters, including crisis management and corporate security. Justin Cruz is a Senior Consultant in Control Risks' Crisis and Security Consulting practice, based in New York City. Justin focuses on establishing and growing physical security, executive protection, and threat intelligence programs.
Fast Company
14-07-2025
- Business
- Fast Company
CEO security is on the rise. What does it take to keep company leaders safe?
Hello and welcome to Modern CEO! I'm Stephanie Mehta, CEO and chief content officer of Mansueto Ventures. Each week this newsletter explores inclusive approaches to leadership drawn from conversations with executives and entrepreneurs, and from the pages of Inc. and Fast Company. If you received this newsletter from a friend, you can sign up to get it yourself every Monday morning. Prominent CEOs and high-net-worth individuals have long had security details, but in recent months executive security feels like it has become a more conspicuous part of the corporate landscape. It is no longer unusual to see a CEO's protection officer standing nearby during lunch in a restaurant. I've had a growing number of companies request a 'sweep' of our office before a CEO visits Fast Company or Inc., and I've seen leaders arrive at meetings in bulletproof vehicles, even after traveling just a few blocks. This rise in CEO security isn't just anecdotal: More than a third (34.4%) of S&P 500 companies offered executive security in 2024, according to a fresh analysis of 2025 proxy statements by intelligence firm Equilar, up from 28.2% in 2023. Median security spending last year increased to $105,749, up 6% from a year earlier, with some companies, such as Intel, boosting security spending more than 8,000%, to $250,000 from just $3,000 in 2023. And security spending is likely to climb in 2025 following the fatal shooting of UnitedHealthcare CEO Brian Thompson in December 2024. Experts say heightened security resources correlate to a rise in credible threats against executives, fomented by political rhetoric, social media, and antibusiness sentiment. Bodyguards for the top boss Even for public company CEOs, the level and visibility of their security operations vary wildly based on their fame and circumstances. Meta provides CEO Mark Zuckerberg with a $14 million annual pretax allowance to protect him and his family, up from $10 million in 2018. 'We believe that Mr. Zuckerberg's role puts him in a unique position: He is synonymous with Meta and, as a result, negative sentiment regarding our company is directly associated with, and often transferred to, Mr. Zuckerberg,' the company says in its 2025 proxy statement. In contrast, Berkshire Hathaway last year spent $305,111 on in-home and personal security services for its equally high-profile but relatively unprovocative CEO, Warren Buffett. Most CEOs are initially reluctant to embrace protection. 'Usually, CEOs think everything's fine,' says Paul Donahue, president, global security services at Constellis, which provides security services and support. When they do concede to security, chief executives can be very selective about the professionals who guard them. 'We tell all of our executive protection folks, 'CEOs operate at a very high speed, they're highly demanding, and they're as particular in picking security as they are in picking a plane they're buying,' so we've had a lot of turnover,' he says. Constellis recruits ex-military, ex-law enforcement, and career security professionals to work in its executive protection unit. Donahue says those careers instill people with the skills, including discipline and an understanding of chain of command, needed to succeed in the field. Protecting a CEO can be a balancing act: Security professionals need to be able to say no to clients, especially when a seemingly simple request, like running out to pick up a pint of ice cream, might require Constellis to put together a patrol team and mobilize several cars. 'But if they insist, we'll go to Häagen-Dazs at 11 p.m.,' Donanue says. 'It's as personal a service as I think there is.' Should companies invest in CEO security? While the odds of an incident are fairly low, Donahue argues (self-servingly) that it is money well spent. He notes that the Thompson killing unleashed a wave of negative sentiment about United Healthcare and the health insurance industry, damaging the company's reputation and hurting employee morale. Furthermore, he says, if companies spend millions of dollars guarding intellectual property, products, and brands, they should feel comfortable earmarking a couple hundred thousand dollars for CEO protection. 'If you truly believe your most important asset is your people, which we hear over and over, you probably should spend a little more on protecting that important asset,' he says. How do you protect yourself? CTOs outearn founders at tech startups
