On December 4, 2024, the murder of UnitedHealthcare’s CEO, Brian Thompson, marked a turning point for corporate America. Beyond the tragedy, it exposed how vulnerable even less visible leaders are – even those who aren’t household names – and how unprepared many organizations are to protect them. Thompson’s murder wasn’t random. He wasn’t in the wrong place at the wrong time. It was a planned assassination intended to send a message.
As news spread across screens and social feeds, Control Risks drew on 50 years of experience in critical incident response to help our clients across industries stabilize and reassess their duty of care. From emerging businesses to Fortune 500 companies, leadership teams recalibrated, asking the same urgent questions: Are we safe? What do we do now?
The calls and emails were nonstop. Working around the clock, our immediate focus was on reassurance and guiding clients toward practical, actionable next steps: gaining a clear picture of individual executives’ risk profiles, including their digital and physical exposure; coaching on their digital hygiene and presence; reviewing event security and travel plans; and reinforcing personal protection. But those were only the first layers of response.
Executive risk – a misunderstood governance priority
As the dust settled, one thing became clear: executive risk is not a niche security issue; it’s a governance priority that is not well understood. The exposure of a single leader can cascade into reputational, operational and financial risk for an entire organization. Executive security sits at the center of responsible governance and enterprise resilience. It’s no longer optional: it’s a board-level imperative. Ignoring these risks is a strategic leadership failure – one with consequences.
Today’s executives live in an age of exposure. Social media has turned them into public figures, with their movements, opinions and personal routines visible to anyone. Those intent on causing harm no longer need specialist skills or insider access; they have unprecedented visibility and reach. The same platforms that elevate executive profiles also amplify their vulnerability, turning leaders into potential targets, whether because of their own public identities or their identification with their organizations.
In a climate of political polarization, economic uncertainty and online echo chambers that reinforce grievances combined with misinformation, the risk equation becomes a volatile mix. Within the noise on social media, signals of intent emerge, grievances harden into convictions and ill-informed beliefs can quickly escalate into violent action.
For corporate America, December 4th was a wake-up call: security fundamentals remain essential but are no longer sufficient. Security now requires greater rigor, integration and a proactive mindset. Many organizations continue to overestimate their preparedness and underestimate the complexity of the threat environment. That gap fosters reactive responses instead of building true resilience. Among the companies we advise, those that stand out are those developing integrated, intelligence-led security programs rather than relying solely on reactive executive protection and event security.
Coordination is non-negotiable
Just as threat actors exploit online platforms, so must companies. Cutting through the noise to extract actionable intelligence is essential. But insight alone isn’t enough, and threat management cannot be reduced to a checklist. The gaps we see, even in mature organizations, reflect a deeper misunderstanding of risk and resilience, particularly the need to bridge digital and physical domains. Too often, intelligence fails to transition across that divide, where it could prevent or deter aggressive or violent action.
Intelligence must move quickly and translate into action, flowing seamlessly to HR, Legal and operational security teams. For security leaders, this means ensuring information moves from monitoring to mitigation, aligning insight to enterprise risk priorities. For boards and executive teams, it means demanding visibility and assurance that those connections exist and that governance supports a coordinated response. Coordination across business units is non-negotiable, and engagement at the highest level – the board – is expected.
Putting security on the boardroom agenda
Security must be elevated to the boardroom. Cyber and physical security teams cannot carry this responsibility alone; they need a balanced approach where business leadership drives requirements for regular reporting on key risk metrics across the physical-digital divide and shares accountability for reducing identified risks.
Direct engagement from business leadership is also essential to ensure the right level of investment in security capabilities. Leadership must own the governance of security because when an incident occurs, the board will own the fallout: financial, reputational and operational. In an era where polarization, activism and outrage can escalate into physical harm, protecting leadership and employees is about safeguarding trust in institutions and ensuring continuity in a volatile world.
Over the past year, we’ve seen progress. Boards are asking harder questions: What’s our duty of care? Where are our blind spots? How do we adequately protect leadership without alienating employees? These are the right questions. But questions aren’t actions. Too many organizations still operate in silos – cyber here, physical there – as if threats respect those boundaries. They don’t.
Boards need to stop treating security as compliance and start treating it as strategy, one grounded in preparedness. Preparedness cannot be episodic, something revisited only after a crisis. It must be a living discipline, sustained through investment, clear communication protocols and regular scenario-based exercises. Governance frameworks and policies must be explicit. Grey areas like duty of care should be black and white. Above all, security should sit alongside growth and innovation as a permanent item on the board agenda.
Preparedness is key
In the aftermath of December 4th, calls were constant, urgent and anxious. Control Risks helped clients calm fears in the moment, but the greater value came later, as we helped them move from triage to transformation. That is what preparedness looks like: consistent investment, integrated threat monitoring, clear governance, and scenario-based planning that considers both physical and digital disruption.
We have seen the difference this approach makes. When organizations invest in integrated programs, combining protective intelligence, executive protection, governance frameworks and proactive planning around both physical and digital security, they are not just safer; they are more resilient. They protect leadership, safeguard reputation and maintain continuity in a volatile world.
In an era where outrage can metastasize into violence, preparedness is not a luxury, it is leadership. At Control Risks, we help boards and security leaders close the gap between awareness and action, embedding executive security into governance and resilience strategies to achieve holistic risk management.
Speak to our team about our Board Advisory Services at [email protected]