How Executive Protection is Changing One Year After UnitedHealthcare CEO Attack
One year after a gunman shot and killed UnitedHealthcare CEO Brian Thompson outside a hotel in New York City, the security industry continues to reckon with the shifting threat landscape of executive protection.
In the immediate aftermath of 4 December 2024, many warned of the potential for copycat attacks and a rise in violence targeting CEOs of healthcare and insurance companies. Those concerns intensified as hatred of UnitedHealthcare’s business practices spread across social media, seeming to justify the actions of the gunman and call for others to follow in his footsteps.
Many organizations responded by going into “pure panic mode,” hiring “muscle—the stereotypical guys in suits with earpieces” to accompany executives without addressing the actual problem they were trying to solve, says Kevin Palacios, CEO, HELPS Latam, and chair of the ASIS International Executive Protection Community.
“They were treating a symptom, not the disease,” he adds.
The feared string of copycat attacks never emerged in the wake of Thompson’s assassination. But a lasting shift in how corporate America views executive risk did when UnitedHealthcare’s stock value dropped nearly 20 percent and lost more than $110 billion in market value in the two weeks after Thompson’s death.
It was a “stark demonstration of how an attack on a key executive can directly impact a company’s market value and overall stability,” Palacios says. “Suddenly, many executives in leadership positions worldwide were looking over their shoulders and asking, ‘Could that be me?’ Executive protection was thrust into the spotlight, no longer just a perk for the paranoid but a genuine business continuity issue.”
Shifting Risk Perspectives
Long before Thompson was targeted, some segments of corporate America realized that their executives and talent had a strong connection to the corporate brand. If they were attacked, there would be not only harm to the individual but also to the company.
Media, gas and oil, pharmaceutical, and tobacco companies “have always been in mind’s eye in terms of protest groups and the counterculture where people want to attack them—whether verbally or in print or in person,” says Eduardo Jany, a chief security officer at a major news media organization. “They’ve been a little more proactive on making sure that they have security measures. Other companies, not so much.”
But in the year after the Thompson attack, that is changing. One example that Jany highlights is from a large, well-known food processing company that has received some public outcry about the cost of its products and its supply chain. Along with assessing risks to its facilities from protests, the food processor is also looking at executive risks from public backlash, too.
“I think that there’s been kind of a sea change in terms of how companies think about protecting their people, their executives, that goes beyond just the facilities,” Jany adds.
This change is also emerging in the creation of executive protection programs that are being mandated, instead of recommended, by boards, Palacios says.
“It’s a subtle but powerful difference,” he explains. “A recommendation is something you can debate, something you can, frankly, ignore if it’s inconvenient. A mandate? That comes down from on high. It’s a directive. It removes the optionality and frames executive protection not as a personal luxury or a negotiable security measure, but as a non-negotiable requirement of the job.”
This can become a real threat to our brand, and it could turn from the digital space keyboard bully to now people showing up and threatening my executive.
Companies are also widening the net of who is included in the executive protection program, says Caleb Gilbert, president of White Glove Protection Group and incoming chair of the ASIS Executive Protection Community.
“We’ve seen a shift allowing more continual presence with greater attention given to the direct reports of the CEO, as well as high-impact employees who travel to high-risk locations,” Gilbert adds.
An Intelligent Approach
When Thompson was killed, many people took to social media to post their dissatisfaction with his employer—UnitedHealthcare, which provides insurance benefits to more than 51 million members worldwide and more than 250,000 employers. The public rage on the Internet was palpable and led to death threats against the company’s remaining employees.
There’s always been a certain segment of the population that has idolized perpetrators of violent behavior—such as serial killers—Jany says. But after the Thompson attack, it was even more pronounced because the gunman was perceived as a Robin Hood-like figure targeting a company that was seen as harming people through its business practices.
“You’ve got mainstream people saying that this guy’s right and we need to have more of this—that there needs to be consequences for these companies that overcharge and make all this profit on the backs of people that can barely afford healthcare and are dying because of it,” Jany says. “I think social media has fomented that. And we can expect that there will be more in the future. This is not going to end. There’s going to be more of it.”
Corporate leadership has taken note. Dale Buckner, CEO of Global Guardian, says leaders realized that online, people can create groups that serve as echo chambers to share their grievances and coalesce against a brand or executive they are dissatisfied with.
“This can become a real threat to our brand, and it could turn from the digital space keyboard bully to now people showing up and threatening my executive, disrupting a conference, or people showing up at my executive’s doorstep and threatening their kids,” Buckner explains.
In response, companies are stepping up their protective intelligence functions, conducting digital threat assessments and actively analyzing executives’ digital footprints, sentiments in comments, and posts across social networks. Companies are increasingly providing intelligence functions with greater resources and collaborating with their cross functional partners to a degree not seen in the past, Gilbert adds.
These functions are also operating continuously—no longer limited to just monitoring for 48 hours before a major event for the company or a prominent executive.
“It’s about connecting the dots online before someone shows up in the parking lot,” Palacios says.
The ASIS International Executive Protection Standard, which was published in September 2025, now formally recognizes protective intelligence as part of the executive protection program. This addition is “a huge step,” Palacios adds, as “we’re trying to spot the spark before it becomes a fire.”
The effort to increase protective intelligence isn’t just coming from inside the house. Bigger companies—Fortune 500 and up—are now reaching out and looking for intelligence providers that can do timely reporting and forecasting on where an incident or something egregious might happen, Jany adds.
It's about connecting the dots online before someone shows up in the parking lot.
For some companies, this might mean reviewing hundreds of threats a day to assess if it’s coming from someone with a history and track record of making nasty comments online or if it’s from someone who posted once before disappearing. Then, they are assessing if the person would have a means to attack a corporate asset, if they have a history with weapons, or if they have been investigated previously by federal or local law enforcement.
This process is part of “putting context around the threat,” Jany says, to ensure you’re making informed judgments about next steps.
Security leaders are also tapping into government resources—like the Overseas Security Advisory Council (OSAC) and the Domestic Security Alliance Council (DSAC)—to learn more about emerging threats. Then they are sharing information with their peers through phone calls and Signal chats for their industry sector, Jany adds.
“We come together and we talk through problems or give each other calls when there’s a concern,” he says. “I always want to try to benchmark off of my colleagues to see what they are doing, what we are doing, and to keep each other appraised of potential threats, too.”
Armed with Information
In the first quarter of 2025, many companies demanded a continuous executive protection presence for executives. The practice was disruptive and, for most, completely unsustainable, Palacios says.
Besides making executives themselves uncomfortable, the practice was unsustainable because it was expensive and companies had no way of knowing if their efforts were actually effective.
“If you’re just putting security guards or protection resources on executives or their companies, that just becomes a money pit and there’s nothing to justify it,” Jany adds. “You have to have some data to justify where, when, and how.”
When invoices came due for those initial beefed-up executive protection measures and there was no clear understanding of the measurable return on investment, Palacios says many efforts were scaled back—potentially leaving executives more exposed than before.
“It’s a classic case of thinking you need a person when what you truly need is a proper, integrated program,” he says.
So, some organizations pivoted. Companies began conducting threat assessments on executives, the company itself, events, and executive residences, wrapping in information from their protective intelligence functions to determine what the threat level was to their executives and what resources were needed to address it.
There’s a new emphasis on using global security operations centers and intelligence to assess what the company is involved in at the moment, where executives are traveling to and the threat profile associated with that event, and where they are going next, Jany explains. Companies are looking at how they can better protect their people and assets with more efficacy and cost effectiveness backed up by this data.
To actually pull this off, companies are using a hybrid model of mixing in-house oversight with contracted personnel for boots-on-the-ground operations. Taking this approach allows companies to hire executive protection personnel who are fluent in the local language and licensed to carry a firearm in the jurisdiction.
“You’re seeing internal expansion of capability and dedicated security professionals being brought in the headquarters dedicated to the C-suite,” Buckner adds. “And then they’re outsourcing international security support for the capabilities they cannot provide themselves as a Brit, a Frenchman, a German, or an American.”
Key to successful implementation of this practice is proper vetting of contractors. Companies need to ensure that executive protection practitioners are licensed for the jurisdiction they are being hired for, if they have the appropriate certifications needed for the job, and the capability to actually execute in the location where they are needed, Jany says.
“There are horror stories of organizations that say they’re executive protection professionals, and then you get there, and you find out it’s just some guys and gals that happen to carry guns because they’re cops,” he adds.
If you're just putting security guards or protection resources on executives or their companies, that just becomes a money pit and there's nothing to justify it.
What’s now emerging as a result of these practices is a more nuanced model of executive protection, Palacios says.
“It’s occasional, travel-centric protection. The focus is squarely on high-risk locations and high-profile events,” he adds. “It’s a pragmatic compromise—acknowledging the elevated threat during specific activities without trying to bubble-wrap an executive’s entire life.”
Ahead of shareholder meetings and other public events, like the one Thompson was walking to on that fateful day last December, Gilbert says executive protection teams are being pushed to ensure there are advanced plans to make preparation a “priority rather than an afterthought.”
Companies are doing their due diligence by reviewing social media and threat intelligence to see if there are upticks in online rhetoric or comments about the executive or the venue where the event will be held. Then they are doing a full risk analysis of the location to inform how security should be applied, including executive protection to ensure executives are not walking around openly and potentially in harm’s way, Jany says.
“There’s definitely been a sea change in the industry in terms of providing more threat intelligence and making sure that we’re doing some due diligence before people go not just to a shareholder meeting, but anything that may be publicly exposed,” he adds.
The Outliers
While some companies are shifting their executive protection programs to better address the risk landscape, others are not. The Clarity Factory’s Annual Chief Security Officer Survey 2025 revealed that only 54 percent of respondents had increased their executive protection budget in the past year.
“That tells you that while there’s movement, a huge chunk of companies are still just paying lip service, waiting for the next headline to scare them into action,” Palacios says. “It’s reactive, not proactive.”
In another benchmarking survey of 824 security professionals, ASIS International found that just 28 percent had a formal executive protection policy with dedicated resources. Thirty-eight percent said that executive protection was addressed as a wider security plan and resources are deployed as needed.
Meanwhile, 72 percent of the ASIS survey respondents said that there has been an increase in public threats to executives in the last two years, followed by 61 percent reporting increases in direct threats to executives.
“The top challenges security professionals have implementing executive protection measures involve a lack of value placed on executive protection by executives themselves,” according to the survey. “At the same time, security professionals report that their programs are deficient in areas that could be used to show that that very value, things like setting key performance indicators and data collection to show the ROI of executive protection.”
This finding tracks with some of the feedback Buckner says he’s received from CEOs in the past year about executive protection. He’s seen a 60-40 split, with about 60 percent of client CEOs wanting executive protection and accepting it and the other 40 percent believing they could not be a target.
Some CEOs will even make the argument that the public by and large does not know who they are—that they are protected by their perceived anonymity.
“That’s true to a degree, but if I want to target you or I have an issue with you, your brand, or your service, it’s very easy for me to find you, find your home address, find your vacation home, and find where your office is and where your kids go to school,” Buckner says.
UnitedHealthcare and UnitedHealthcare Group did not return Security Management’s request for comment on this article.
For more on executive protection, revisit our coverage on “Building a Methodology for Close Protection,” “Modernizing Your Approach to Executive Digital Risk Management,” and “When Second Homes are a Primary Concern.”
