Recent events, notably the attack on UnitedHealthcare CEO Brian Thompson, have thrust the security concerns of corporate executives into the spotlight. The incident has re-energized the debate around the health insurance market in the US, which has translated into escalated threats, harassment, and potential acts of violence not only against those in that sector, but wider ‘Corporate America’ and industry abroad. Highlighting the urgent need for companies to address a range of new and evolving security concerns.
The UnitedHealthcare shooting serves as a stark reminder that acts of violence can occur anywhere, even in seemingly secure and well-managed environments. This incident has prompted a widespread re-evaluation of corporate security protocols, with many companies now recognizing the need for a more comprehensive and proactive approach to executive risk management.
Review corporate risk management procedures: Assess and update your corporate risk management procedures, operational practices, publicity, contractual rights, and employee directives.
Evaluate insurance coverage: Review applicable insurance coverage for executives, the wider workforce, and the business’s potential liability. This could include key person insurance, active assailant coverage, corporate benefits, business travel accident (BTA) insurance, kidnap for ransom (special crime) insurance, and workers’ compensation/employer’s liability cover.
Avoid knee-jerk reactions: Formally assess the risk to your executives, organization, and industry. Use this assessment as a baseline to inform decisions on the introduction or adjustment of an Executive Protection program. Consider benchmarking or reviewing what wider industry and peers in your sector are doing.
Monitor online exposure: Consider using an in-house team or third party to evaluate the online exposure of executives' sensitive information, including their home address or upcoming travel schedule, using Open-Source Intelligence (OSINT) methods. Periodically search the clear, deep, and dark web to identify whether executives’ private or identifying information has been released (doxed) or is for sale.
Track public opinion: Consistently monitor all available reporting about your company and the wider industry to accurately understand current public opinion. Highlight the differences between how the company is perceived by its executives, staff, and the wider public, and that how might impact the risk profile.
Enhance security around assets and events: Review security measures around relevant company assets and events that your executives routinely attend, as well as their personal residences, if necessary.
Limit publicizing executive attendance: Limit publicizing executives’ attendance at events, including conferences and annual general meetings. Consider having executives attend events online, especially if concerning sentiment has been identified towards the company or industry.
While no single security measure can guarantee absolute safety, a multi-faceted framework that generates a clear picture of your organization’s executive risk landscape and addresses appropriate and proportionate physical, personnel, and information security controls can significantly reduce the risk to an organization’s c-suite and senior leaders.
