On the morning of December 4th, 2024, Brian Thompson, the CEO of UnitedHealthcare, was fatally shot outside the New York Hilton Midtown hotel in Manhattan, New York City; presenting a tragic loss to his family as well as the business.
This article aims to highlight the importance of proactive executive security measures for executives and organizations in today’s volatile climate. With a growing wave of anti-executive sentiment, it is essential for leaders to explore ways to enhance their personal protection while organizations adopt best practices to safeguard their people. While the specifics of Mr. Thompson’s security arrangements are unknown and beyond the scope of this blog, the focus here is on fostering awareness and offering practical insights to promote safety and resilience.
The attack, described as “premeditated” by police, has reminded organizations of the need for executive security amidst an increasingly polarized and radical political and social reality, both in the United States, and more broadly across the globe.
Increased risk to executives’ security from radical online sentiment
The shooting of UnitedHealthcare’s CEO highlights an emerging trend of hostility extending beyond politicians to corporations and their prominent leaders, who are increasingly viewed as “lobbying against the real needs of citizens,” particularly in industries like banking and healthcare.
The murder of Mr. Thompson underscores the critical need for enhanced executive security measures. However, it may have also exacerbated the situation by fueling existing anti-capitalist and anti-executive sentiment, particularly online. While such attacks remain exceedingly rare, they can amplify public resentment toward these sectors.
In the wake of the shooting, so-called ‘hitman lists’ – with the names of board directors from medical insurance companies – have been published online; taking inspiration from this, pro-Palestine activists have subsequently released lists of high-level executives from the military industrial complex which might be activated by President Trump to address shortfalls in military stockpiles or to reflect the need for U.S. military capabilities due to growing global instabilities. The prevalence of doxing (publicly providing personal information online without the target’s consent) in online circles means that the discovery and publishing of executives’ home addresses by highly-motivated actors cannot be ruled out, further exacerbating the need for enhanced executive security.
Adding to this narrative is the almost “anti-hero” image of the perpetrator. Merchandise from online websites such as PunkWithACamera.com and OffColorDecals.com with the slogan “Delay, Deny, Depose” – the message written on bullet cartridges found at the scene – have hit the internet, as well as hats with “CEO Hunter” printed across a bullseye. An online fundraiser set up for the suspect’s legal defense in the days since he was charged with Mr. Thompson’s murder has received thousands of donations, accompanied by messages supporting him and celebrating the crime. Gatherings from the suspect’s supporters have also been reported. More details are expected to emerge in the coming weeks of investigations. A high-profile trial could follow, potentially further inflaming the ongoing rhetoric and giving the suspect a platform to air any grievances with the industry.
This increasingly radical online sentiment – including identifying individual executives by name – could potentially inspire further lone wolf or copycat actors. While, as mentioned above, these attacks remain rare, other, less extreme measures such as direct action, protests and harassment, are much more likely. These actions could target executives directly, leading to confrontations outside company premises, meeting locations, and even at their homes should these locations be discovered and disseminated. They could also target the wider organization as a whole, with protests against named companies likely to increase in the wake of this increasingly hostile climate.
Reviewing your organization’s executive security measures
In this context, organizations and those responsible for executive security should implement a review of their current systems, processes and controls, both in the design and how these measures are actually implemented.
Too often, executive security is fragmented—impacted by resource constraints, inconsistent leadership support, and organizational silos that can undermine protection efforts, exposing vulnerabilities even in the most sophisticated protection programs.
Achieving resilience demands a systems-based approach to designing and evaluating executive security. Understanding the threat to the executive is the start point of such programs. This begins with an intelligence-led process supported by a robust collection plan. Monitoring digital domains—including social media sentiment and activity on the dark web—can provide early indicators of shifts in sentiment or potential threats targeting an organization or its key personnel. This evaluation must include audits of publicly available databases and social media to establish a digital profile of the executives and, where appropriate, their close family members. Once identified, organizations can work to minimize publicly available information and establish protocols for ongoing monitoring. Disconnects between information shared on public-facing platforms and executive protection efforts remain a common and avoidable risk. According to the Center for Marketing Research at the University of Massachusetts, Dartmouth, all but one of the Fortune 500 companies are active on social media, with 54% maintaining corporate blogs. It is therefore essential that these platforms are managed in a way that avoids introducing unnecessary vulnerabilities to executive security – too often there is a disconnect between information shared on social media and the executive protection professionals responsible for keeping the executive safe.
Comprehensive executive security means addressing risks at home, in office environments, during events, and while in transit domestically or internationally. Evaluating these areas against established frameworks, such as ISO 31000:2018, ensures a methodical approach to understanding risks and implementing appropriate technical, physical, and procedural controls. The threat evaluation is the foundation of the risk assessment process and must include a review of core processes such as travel security. It is often the case that executives operate outside established travel security protocols, leaving protection teams without sufficient information or time to implement effective mitigation measures. By adhering to clear processes and leveraging technical tools to enhance situational awareness, these gaps can be addressed, significantly reducing exposure for executives.
A single negative experience can erode executive trust in protection programs, making consistency and transparency in vendor partnerships critical. No vendor has the dedicated resources to support the executive everywhere and all the time – that being said, there may be specific factors relevant to the context of the organization when it comes to selecting vendors to support executive protection programs. Effective executive security requires a transparent partnership between the executive protection professionals within an organization and their selected vendors – and aligning the vendor to the organization’s requirement through a codified set of standards can ensure that both the right security is provided and a consistently positive experience for the executives.
Training and engagement are equally important. Executives must be equipped with the knowledge and tools to act confidently, not only to safeguard themselves but also to protect the proprietary information critical to organizational success. Now is the time to ensure that the executives are provided with the knowledge and insight to ensure they can act with confidence and assume responsibility for their security and ability for the business to operate without disruption. It is always a challenge to have busy executives take time to understand the processes that are designed to keep them safe and to protect the organization, but it is a key foundation to successful programs. Training should focus on creating a collaborative environment where executives understand the processes designed to keep them—and their organizations—safe.
While this article focuses on executive protection, it is essential to recognize its intersection with broader organizational resilience. Wider consideration should be given to crisis preparedness and business continuity planning, with an objective assessment of the level of preparedness that exists today within the organization. Just as executive security should be evaluated as part of a systems-based approach, so too should wider crisis preparedness and business continuity. Codified processes and standards must be paired with practical training and regular testing to ensure readiness. Particular attention should be given to crisis communications, ensuring clear and consistent messaging for all stakeholder groups.
Resilience can only be achieved through thorough preparation, and the awful murder of Mr. Thompson is a catalyst for us all to make sure executives are able to conduct their business in safety and for organizations to be prepared.
There are a number of ways in which you can do this. Please ask the Sigma7 team for how our unique combination of experience and capabilities might strengthen your organizational resilience and executive protection program:
Five ways you can strengthen executive security within your organization:
Threat intelligence and security risk monitoring
Having access to timely, accurate threat intelligence allows for an in-depth understanding of the threat landscape facing your organization and effective monitoring of risk exposures. This, in turn, can assist your executive security and wider organizational risk team in implementing more accurate and informed threat mitigation measures.
Sigma7 provides over 40 analysts to help our clients map and measure threat exposure through our proprietary S7 ONE Platform and human led intelligence approach. We undertake baseline threat assessments and establish intelligence collection plans specific to our clients’ needs. This can be delivered through S7 ONE and includes dedicated or partial ongoing analytical support. Our team partner with our clients to stay ahead of emergent threats and ensure risk management programs remain valid and effective to a changing risk context.
Risk and resilience system evaluation
Formally evaluating the robustness and ‘fitness for purpose’ of a resilience program – within which sits the executive protection program – is critical to map strengths and weaknesses, and to address critical gaps and vulnerabilities. Auditing and assessments can be focused on just the executive security program or can capture the wider organizational resilience needs. It should clearly define prioritized goals, timelines, responsibilities, and outcomes to appropriately strengthen the measures needed to protect vulnerable high-profile individuals, family members, and groups – as well as the wider interests of the organization.
Sigma7 offers organizations with executive protection program and organizational resilience auditing and assessments to identify and appropriately remediate gaps and vulnerabilities.
Business continuity planning and crisis management
Organizational resilience should be considered at both the local and organizational levels, with the right people, teams, specialists, standards, processes, intelligence, and resources in place to address appropriate – and scalable – risk controls and incident response needs. Organizations need to plan ahead of a crisis, rather than react during one. They should form communicated, structured, resourced and confident teams to identify and react to threats – ideally based on real-time and verified intelligence – in a consistent and standards-based manner. An effective security program supported by Emergency Action Plans (EAP), thematically based Business Continuity Management Plans and Guides (BCPs and BCGs), and an organizational level Crisis Aide Memoire (CAM) will help form a professional, confident, and effective strategy to address, react to, manage, and recover from a crisis. It also evidences to internal and external stakeholders the maturity and professionalism of the organization. Effective intelligence is critical in prioritizing finite resources, tracking known or emergent threats, and acting in a timely manner to targeting.
Sigma7 offers supports organizations with resilience consulting services and defines EAPs, BCPs / BCGs and CAMs to ISO, BSI, COOP, and COSO standards. Our team can support the rapid, effective, and standards-based approach to strengthening management teams, specialists, and document systems.
Accredited training and exercising
Knowledge forms the foundation from which effective executive security and broader organizational resilience, business continuity, and crisis management capacity is based. Organizations should not only consider raising the personal security awareness of executives and high-net worth individuals (and their family members) who might be targeted; but also those who are responsible at every level for their safety and security. Wider threats to the organization, including death threats, intimidation, harassment, workplace violence, civil disorder, physical attacks, and cyberattacks should also be part of a wider educational approach. Past this, the threats presented to the organization before, during, or after an attack should be considered; with functional leaders being trained and critically exercised on wider resilience, business continuity and crisis management topics. The mechanism for training should also be considered, including instructor-led (class-based or immersive), eLearning, videogame, or tabletop leadership simulations. Accreditation and formal 3rd party recognition should also be considered.
Sigma7 offers over 500 modules of accredited eLearning, videogame, and leadership tabletop simulations focused on resilience, business continuity, security risk management, incident and crisis management, and personal safety and security. Our team also deploys instructor-led and exercise-facilitator-run training programs tailorable to meet the unique needs of an organization.
Operational support
Organizations need to evaluate the risks to their people at work, when travelling, at home, during public events, and during recreational or social activities. Security measures may be part-time or full-time and may be required domestically, internationally – or both. Measures may be triggered or elevated where intelligence indicates an escalation in risk, where an activity is deemed to pass a defined risk threshold, where board, investor or insurance demands dictate it, or where specific targeting has been identified. Operational support may range from a security-trained driver to a fully armed close protection team. It may include organic and external personnel and resources, as well as specialist services such as medics, police escorts, interpreters, government liaison officers, and counter surveillance teams. Operational support may also incorporate a range of technologies to secure residences and office spaces, or to track the movement of vulnerable people.
Sigma7 offers organizations executive protection services for facilities and residences, and for travel and events. Our services include activity and program risk audits, stakeholder engagement teams (including for law enforcement and government liaison), security and emergency policies and plans, event risk management planning and support, and security advisors, escorts, protection teams (including contracted law enforcement), fleet and driver services, and medics. We provide these services in over 50 countries.
