Organizations today are operating in an unrelenting climate of political polarization, periodic social unrest and online incivility, with the threats and targeted violence characterizing 2024 and 2025 likely to endure into 2026 and beyond.
Perceived anonymity and ease of online access have lowered barriers for conveying threats. Problematic behavior and concerning communications could emanate from both internal and external threat actors. The risks multiply when a company becomes associated with a controversial sociopolitical issue.
A threatwave is a sudden, overwhelming onslaught of threatening communications, often intertwined with a hot button issue. An effective response requires identifying, triaging, and assessing volumes of concerning communications. While the biggest concern remains violence against people or property, vulnerabilities associated with threatwaves extend to inadequate duty of care, reputational harm, resource strain and financial risk. +
For the greater part of a decade, Control Risks has provided expert advice and guidance to clients experiencing threatwaves. Targeted organizations spanned retail, media, education, research, healthcare, and the financial services industry.
Our in-depth analysis of these experiences enhanced our understanding of the phenomenon and yielded insights applicable to a broad range of corporate, educational, non-profit, and governmental entities. Our findings suggest that factors beyond the sociopolitical issue impact the duration and intensity of a threatwave experience. The discussion below highlights how threatwaves are triggered, why some become protracted and what security and threat management teams can do to manage volume, risk and escalation.
All organizations are vulnerable to threatwaves
Our experience suggests every threatwave has a catalyst. The catalyst event may be internal or external to the organization, or a combination of both. Internal catalysts often derive from public statements or actions by the organization, executives, or employees. Uncontrollable external influences, such as the actions of customers or outside incidents, may also serve as catalysts. Notably, all organizations are vulnerable to a potential catalyst event.
Visibility and controversy play critical roles. Media coverage and online attention, or “going viral,” increase the likelihood individuals will become active contributors to a threatwave. A catalyst’s association with a controversial issue contributes to a rapid escalation of concerning communications. Most threatwaves peak within days, giving organizations very little time to build capacity to respond. A downturn often coincides with dwindling energy due to an eventual shift in public attention. References to the target organization or the catalyst event in media coverage, social media commentary, or official organizational statements often trigger additional surges, but these flare-ups do not typically reach the volume of communications experienced in the initial peak.
Organizational characteristics impact the threatwave experience
Threatwaves differ in duration and intensity, ranging from approximately one week to many months. Notably, our evaluation of multiple threatwaves revealed factors beyond just sociopolitical issues significantly impact the experience. Those key factors are customer involvement and the nature of the organization’s products and services.
Analysis of a protracted threatwave, targeting an organization for over five months, highlighted how organizational context shapes both the volume and persistence of communications. In that case, customers were the primary drivers of threatwave sustainment – often framing threats through personal grievances and perceived injustices. In the context of threatwaves, to what extent and why customers are interacting with the organization matters.
Certain organizations are more vulnerable to protracted threatwaves
We observed that when products and services are considered items of necessity or perceived necessity, there is a greater likelihood of customer involvement sustaining the threatwave. Health and wealth are necessary aspects of life impacting virtually everyone. Issues related to these areas are often accompanied by strong emotional responses, such as anxiety, uncertainty, and anger. The potential for personal grievance development is heightened, which may be cojoined with larger, societal-based grievances, such as simmering anger in relation to the much-reported widening wealth gap.
Unmet expectations also appeared to impact threatwave duration. When products of necessity do not meet customer expectations, strong feelings of injustice may further fuel grievance development. Taken together, these findings suggest certain industries, such as healthcare and financial services, may be more vulnerable to protracted threatwaves.
Future implications: Protracted threatwaves and targeted violence
Looking ahead, we have identified additional business areas which might be at heightened risk for protracted threatwaves and targeted violence.
- Private equity firms: In their quest to increase financial returns for investors, private equity firms are taking on business ventures that have greater impact on the daily lives of people, such as hospitals and rental housing. With the inevitable change in ownership, any increase in costs or perceived decrease in services or product quality may generate perceptions of unfairness for consumers.
- Artificial intelligence and the technology industry: Along with the benefits AI may bring to society, it is difficult to dismiss the potential for significant disruption to the workforce and diminished career prospects for recent college graduates. Beyond these challenges, higher-level implications related to identity, purpose, and fulfillment may need to be navigated. These issues, if not addressed with timely solutions, may result in a large group of impacted individuals looking for someone to blame, particularly in the technology industry.
Preparedness and resilience
As highlighted, organizations must evaluate how their products and services impact critical areas of life or may contribute to personal grievances, as well as the ways products may not meet customer expectations. Organizations should also consider their current capabilities to:
- Anticipate the initial rush of concerning communications and understand periodic threat surges corresponding to media coverage, social media commentary, and organizational messaging are likely.
- Maintain visibility across all organizational communication nodes, as any avenue for interacting with customers and the public may be used to threaten.
- Monitor relevant social media platforms and online forums to proactively identify concerning references to the organization and personnel.
- Apply a defensible triage and assessment model grounded in behavioral threat analysis to prioritize concerning communications and trigger escalation when thresholds are met.
Control Risks’ experience suggests that any organization is susceptible to a potential threatwave and organizations in certain industries may be more vulnerable to prolonged impacts. Control Risks delivers protective intelligence to monitor, triage and assess high-volume concerning communications. We pair this with our behavioral threat assessment and management team and our operational security teams to reduce exposure across the people and channels most targeted. This builds repeatable capability to anticipate surges, coordinate cross-functional response and reduce risk.
Authors: Robyn Powell and Bill Theroux
+ Simons, A., & Tunkel, R. F. (2021). The assessment of anonymous threatening communications. In J. R. Meloy & J. Hoffmann (Eds.), International handbook of threat assessment (2nd ed., pp. 233-256). Oxford University Press. https://psycnet.apa.org/doi/10.1093/med-psych/9780190940164.001.0001