Built Environment & Infrastructure Risk Management
-
Search
On December 4, 2024, the murder of UnitedHealthcare’s CEO, Brian Thompson, marked a turning point for corporate America. Beyond the tragedy, it exposed how vulnerable executives are - even those who aren’t household names - and how unprepared many organizations are to protect them. Thompson’s murder wasn’t random. He wasn’t in the wrong place at the wrong time. It was a planned assassination intended to send a message.
Across industries, as our clients absorbed the news that spread across screens and social feeds, Control Risks drew on 50 years of experience in critical incident response to help our clients stabilize and reassess their duty of care. From emerging businesses to Fortune 500 companies, leadership teams recalibrated, asking the same urgent questions: Are we safe? And then, for companies with no capabilities in place: where do we start? For companies with capabilities in place: how do we know if we have enough?
The calls and emails were nonstop, highlighting the urgency that our clients felt. Working around the clock, our immediate focus was on reassurance and guiding clients toward practical, actionable next steps: gaining a clear picture of individual executives’ risk profiles, including their digital and physical exposure; coaching on their digital hygiene and presence; reviewing event security and travel plans; and reinforcing personal protection. But those were only the first layers of response.
As the dust settled, one thing became clear: executive risk is not a niche security issue; it’s a governance priority that is not well understood. The consequences of a viable threat to a single leader can cascade into reputational, operational and financial risk for an entire organization. Executive security sits at the center of responsible governance and enterprise resilience. It’s no longer optional: it’s a board-level imperative. Ignoring these risks is a strategic leadership failure – one with consequences.
Today’s executives live in an age of public exposure, where social media turns them into public figures whose movements, opinions and personal routines are visible to anyone. Those intent on causing harm no longer need specialist skills or insider access; they have unprecedented visibility and reach. The same platforms that elevate an executive’s presence and brand often provide sensitive information that could turn that executive into a target.
In a climate of political polarization, economic uncertainty and online echo chambers that reinforce grievances combined with misinformation, the risk equation becomes a volatile mix. Within the noise on social media, signals of intent emerge, grievances harden into convictions and ill-informed beliefs can quickly escalate into violent action.
For corporate America, December 4th was a wake-up call: security fundamentals remain essential but are no longer sufficient. Security now requires greater rigor, organizational integration and a proactive mindset. Many organizations continue to overestimate their preparedness and underestimate the complexity of the threat environment. That gap fosters reactive responses instead of building true resilience. Among the companies we advise, those that stand out are those developing integrated, intelligence-led security programs rather than relying solely on reactive executive protection and event security.
Just as threat actors exploit online platforms, so must companies. Cutting through the noise to extract actionable intelligence is essential. But insight alone isn’t enough, and threat management cannot be reduced to a checklist. The gaps we see, even in mature organizations, reflect a deeper misunderstanding of risk and resilience, particularly the need to bridge digital and physical domains. Too often, intelligence fails to transition across that divide, where it could prevent or deter aggressive or violent action.
Intelligence must move quickly and translate into action, flowing seamlessly to HR, Legal and operational security teams. For security leaders, this means ensuring information moves from monitoring to mitigation, aligning insight to enterprise risk priorities. For boards and executive teams, it means demanding visibility and assurance that those connections exist and that governance supports a coordinated response. Coordination across business units is non-negotiable, and engagement at the highest level – the board – is expected.
Security must be elevated to the boardroom. Cyber and physical security teams cannot carry this responsibility alone; they need a balanced approach where business leadership drives requirements for regular reporting on key risk metrics across the physical-digital divide and shares accountability for reducing identified risks.
Direct engagement from business leadership is also essential to ensure the right level of investment in security capabilities. Leadership must own the governance of security because when an incident occurs, the board will own the fallout: financial, reputational and operational. In an era where polarization, activism and outrage can escalate into physical harm, protecting leadership and employees is about safeguarding trust in institutions and ensuring continuity in a volatile world.
Over the past year, we’ve seen progress. Boards are asking harder questions: What’s our duty of care? Where are our blind spots? How do we adequately protect leadership without alienating employees? These are the right questions. But questions aren’t actions. Too many organizations still operate in silos – cyber here, physical there – as if threats respect those boundaries. They don’t.
Security cannot be treated as an operational afterthought; it must be addressed as a strategic responsibility that requires ongoing preparedness. Preparedness cannot be episodic, something revisited only after a crisis. It must be a living discipline, sustained through investment, clear communication protocols and regular scenario-based exercises. Governance frameworks and policies must be explicit. Grey areas like duty of care should be black and white. Above all, security should sit alongside growth and innovation as a permanent item on the board agenda.
In the aftermath of December 4th, calls from clients were constant, urgent and anxious. Control Risks helped our clients calm those fears in the moment, but the greater value came later, as we helped them move from triage to a more resilient, preparedness-led posture. Preparedness requires consistent investment, integrated threat monitoring, clear governance, and scenario-based planning that considers both physical and digital disruption – all of which should be underpinned by a culture of continuous improvement.
We have seen the difference this approach makes. When organizations invest in integrated programs, combining intelligence, executive protection, governance frameworks and proactive planning around both physical and digital security, they are not just safer; they are more resilient. They protect leadership, safeguard reputation and maintain continuity.
At Control Risks, we help boards and security leaders close the gap between awareness and action, embedding executive security into a wider strategy that embraces the holistic management of risk. In an era where polarization, activism and outrage can escalate into physical harm, protecting leadership and employees is about safeguarding trust in institutions and ensuring continuity in a volatile world.
Speak to our team about our Board Advisory Services at [email protected]