6 Months After Brian Thompson’s Murder, What’s Changed About Executive Protection?

When UnitedHealthcare CEO Brian Thompson was killed in a targeted attack on 4 December 2024, company leaders and board members in health insurance and other sectors scrambled to understand and address security risks to their leadership. Beyond the obvious, what troubles leaders and security planners alike is how to balance the accessibility of executive teams—and the need for them to be public facing on strategic issues—and the desire to reduce their risk surface by postponing speeches, limiting public commentary, and reducing their online footprint. Many companies removed leaders’ biography pages from websites and LinkedIn.

Thankfully, despite the canonization of Thompson’s alleged murderer by a fairly significant portion of the population (one poll shortly after the murder showed a shocking 41 percent of 18- to 29-year-olds polled found Thompson’s murder “acceptable”), suspected copycat attacks are limited. In early March, a fire at a Bayer Pharmaceutical executive’s home in New Jersey occurred and is being investigated as arson; in February the residence of the president and CEO of State Accident Insurance Fund Corporation in Oregon was shot; and in mid-December 2024, an employee at a staff meeting in Muskegon, Michigan, stabbed and killed the company’s president.

Additional incidents were thwarted, including one involving a North Carolina man who, according to the indictment, allegedly vowed that he was an expert sniper and would “hunt down [the] entire executive board [of Advance Auto Parts] and put bullets in their FAMILIES.” According to an internal U.S. Department of Homeland Security report obtained by ABC News, “individuals mobilized by economic grievances are using the murder of a health insurance CEO as inspiration for threats and attack plotting, expanding their target set to include government and public safety officials.”

It is too early to tell whether these incidents validate the concerns executives and boards shared following Thompson’s murder. Many suspected copycat incidents are still under investigation without clearly defined motives, and despite the increase in headlines of security incidents involving corporate leaders, it is still unclear if that reflects an increase in actual incidents or an increase in reporting. Nevertheless, companies are investing more in protection of high-profile executives.

Publicly traded companies are required to detail and disclose exactly how much they spend on the personal security services provided to leaders. Those figures were steadily increasing, even before Thompson’s murder. According to The New York Times, “the median amount spent on executive security among S&P 500 companies that disclose such information doubled from 2021 to 2023.” Prior to the targeted attack on 4 December, most companies elected for smaller executive protection programs with lower reportable costs, often due to the perception of limited security risks, the desire for the CEO to be accessible, the optics of spending on executive security, or prioritizing privacy and convenience over security measures that can feel invasive to principals and their families. 

In 2025, as more company disclosures on executive security spending become available, we expect to find both an increase in the number of companies disclosing personal security costs and the amounts spent. A Security Management article in April highlighted the boost in security spending among released 2025 proxy statements, including UnitedHealth Group’s, and the increasing use of third-party executive protection services.

At least a dozen S&P 500 companies flagged an increase in security risks in their 2025 proxy statements—annual disclosures to shareholders—according to Reuters. Those rising risks bring increased security spending. https://t.co/NEOJYsiimQ

— Security Management (@SecMgmtMag) April 30, 2025

With corporate board directors often serving on multiple boards for different companies—spreading their influence across organizations and industries—point-in-time focus areas often proliferate through social diffusion in boardrooms across the Fortune 500, as is currently the case for the renewed focus on executive protection.

However, given the pace and complexity of risks, board attention sometimes shifts with the wind. Will executive protection concerns persist or be de-prioritized behind the next emerging crisis? Thompson’s murder is not the first time that companies and security leaders have had to grapple with new or novel threats to their operations.

Just one week after the 9/11 attacks, legislative offices closed because they received anthrax letters. Government agencies and companies quickly invested in chemical and biological detection capabilities to thwart a threat that ultimately injured 22 and killed five. Thankfully, those attacks proved short-lived. Nevertheless, millions of dollars spent on mail screening devices continued for years. Ultimately, the anthrax attacks proved to be an isolated event, but one that shifted how companies viewed their duty-of-care commitments to employees.

It remains to be seen if Thompson’s killing—coupled with rising political tension, economic instability and potential workforce contractions—will continue to motivate disgruntled members of society to choose violence to address real or perceived grievances. What is clear is that, for now, companies are prioritizing the safety of their executives over convenience and economy.

Ben Joelson leads security risk and resilience at The Chertoff Group, where he helps Fortune 500 companies address security and resilience.

Scott Gibson is managing director at The Chertoff Group, and he previously served as head of global security and business resilience at Lucid Motors and head of strategy and planning for global security at Uber.