How Activism and Executive Risk Converge Today
In December 2024, the corporate security community was shaken by the murder of UnitedHealthcare CEO Brian Thompson. The response in some corners of the internet was chilling. The alleged killer was celebrated as a hero on social media, with thousands rallying online to fund his legal defense. For many corporate leaders, it went beyond tragic, serving as a wake-up call that marked the moment when executive risk became real.
Thompson’s death was not an isolated incident. In the past 12 months, the volume and velocity of threats to executives have surged, especially when those threats are tied to protest, political dissent, and other activist movements. Executives are no longer just corporate decision makers; they are public figures and symbolic targets. The result? A new era of executive protection is emerging, one that demands more than bodyguards and encrypted phones. It requires a reimagined, intelligence-driven, and socially aware approach to protection.
The Convergence of Activism and Executive Risk
According to the Clarity Factory’s Annual Chief Security Officer (CSO) Survey 2025, 46 percent of corporate security officers (CSOs) now rank activism, protest, and civil unrest as critical or high-impact threats to their organizations, making it one of the most pressing issues of today’s risk landscape.
These disruptions are notably less predictable than traditional security threats. They emerge quickly, are fueled by digital mobilization, and can escalate rapidly from a social narrative to real-world action.
Executives find themselves at the center of this storm. Increasingly, today’s CEOs are expected to take public stances on controversial social, environmental, and political issues. In fact, at least 76 percent of global investors believe that CEOs have permission to address a societal issue if it would have a significant impact, according to the 2025 Edelman Trust Barometer. That expectation brings even more attention to already visible leaders.
In this context, activism becomes a driver of executive risk in three main ways:
- Online amplification of discontent toward an executive, including campaigns that escalate into threats or calls for direct action
- Physical protest targeting corporate leaders, offices, or homes, which can sometimes turn violent
- Hybrid threats that blur digital and physical boundaries, like doxxing, deepfakes, and flash protests coordinated via encrypted apps
These dynamics require a fundamental reevaluation of how protection is structured, where intelligence is gathered, and who should be in the room when risks are assessed.
The Executive Protection Reality Check
Recent incidents show how quickly activism can put executives both in the spotlight and at risk. In 2025, several Fortune 500 companies dealt with targeted protests during investor meetings, following high-profile layoffs, or after company executives made public statements about political or global issues. Protesters didn’t just show up outside corporate headquarters—they livestreamed from executives’ homes, posted personal family information online, and even threatened coordinated disruptions at public events.
While most protests remain peaceful, corporate security teams can no longer treat them as routine, low-priority events. Activism has become more sophisticated, far-reaching, and unpredictable. Disinformation, content generated by artificial intelligence (AI), and rapid online organizing mean that a small spark—such as a viral video or a misleading narrative—can escalate into a serious security event within hours.
Despite this shifting threat environment, many executive protection programs still operate in silos, disconnected from communications, human resources, cyber, or brand departments. Yet, according to the Annual CSO Survey 2025, 86 percent of executive protection programs now span both physical and digital domains, also including executives’ personal and professional exposure. More than half of CSOs have increased their executive protection budgets in the past year, signaling growing concern and a willingness to modernize. But budget alone isn’t enough.
Too often, security teams are stuck in a reactive mode. They miss early warning signs from fringe online communities or simply lack the tools or access to monitor the digital ecosystems that fuel protest activity. Without proactive, intelligence-led insight, executive protection ends up scrambling to catch up instead of taking the lead.
Some companies are starting to bridge that gap. For example, ahead of a recent public earnings call, one security team for a Fortune 500 technology company integrated feeds from their global security operations center (GSOC), brand protection team, and third-party intelligence vendors. The team picked up early indicators of planned protest activity targeting the company’s CEO. With time to act, security adjusted the executive’s travel plans, provided guidance to the comms team on social messaging, and positioned a low-profile security presence. The event went off without disruption because the security team anticipated the risks.
Rethinking Executive Protection
To stay ahead of threats fueled by activism and social volatility, CSOs must redesign their executive protection programs with three key shifts.
Integrate threat intelligence across functions. Intelligence-led protection can detect early signals of activism-related risks. This requires connecting dots across disparate systems: social media monitoring, brand sentiment analysis, threat intelligence platforms, HR data, and crisis communications plans. The Annual CSO Survey 2025 found that many security leaders still struggle with fragmented data, and 77 percent of respondents said organizational silos hinder their effectiveness.
Breaking these silos is essential. Corporate security cannot operate independently. Teams must partner with communications, HR, legal, cyber, and other departments to monitor narratives and digital targeting, as well as understand employee sentiment. Establishing a task force or working group that meets regularly to debrief and plan ahead is also crucial.
Shift from guns, guards, and gates. While having close protection is still important, the real advantage today comes from spotting trouble before it starts. That means moving away from rigid risk scores and toward a more flexible, real-time understanding of what’s happening on the ground and online. CSOs should be paying attention to factors such as:
- What social or political issues are heating up
- How the public is talking about their company, industry, or executives
- Whether any activist groups are planning actions
- What high-profile events or statements might draw unwanted attention, especially if known persons of interest are showing increased activity or proximity to protectees
Using AI to sift through multiple signals and monitor shifts in online sentiment can give CSOs a critical edge in timing interventions, reallocating resources, or even advising executives on public engagement strategies.
Protect the brand, protect the person. In the age of activism, a company’s brand and its leadership are inseparable, and reputational risk can quickly translate into physical threat. Executive protection teams must understand not only the individual’s risk exposure but also how brand controversies, corporate policies, or business decisions may escalate threat levels.
As noted in the Clarity Factory report, CSOs must learn to communicate in the unique business vernacular to earn influence. That includes telling stories that connect executive risk to brand resilience, shareholder trust, and business continuity.
What CSOs Can Do Now
The nature of executive protection has undergone a profound transformation. Protest, politics, and online movements are now integral to the risk picture. CSOs must act now to ensure their executive protection strategies reflect the current challenges rather than an outdated worldview.
Here are some tips:
- Build or upgrade protective intelligence capabilities with dedicated resources for monitoring activism-related threats.
- Break down silos by creating cross-functional playbooks and shared situational awareness platforms, and processes.
- Train executive leadership on the risk implications of public commentary, social media presence, and brand activism.
- Use executive protection programs as a strategic lever to position corporate security as a business-critical function.
- Establish a working relationship and information-sharing protocol with your community relations and government affairs teams to create a shared understanding of corporate and executive reputation and their connections to risk.
We are living in a time when a CEO’s public statement can trigger a stock sell-off, a coordinated protest, or even a targeted threat. Executive protection can no longer be limited to logistics and the presence of guns, guards, and gates. It must become an integrated, intelligence-led discipline that sees risk in its full social, digital, and physical complexity. As activism evolves, so must the security industry.
Cynthia Marble serves as senior director of the executive protection practice at Ontic, where she partners with clients to operationalize modern executive protection programs, advises those building new capabilities, and brings a practitioner’s perspective to Ontic’s protective intelligence solutions. She previously served as senior director of threat assessment and management at Ontic and is a nationally recognized leader in executive protection, threat management, national security, and global security operations. Prior to joining Ontic, Marble served as a special agent in charge for the U.S. Secret Service.
Rachel Briggs OBE is the founder and CEO of The Clarity Factory and a leading expert on hostage situations. The Clarity Factor advises Fortune and FTSE 100 companies on security strategies and best practices, generating data and thought leadership for the security community. It also publishes the Annual CSO Survey.
