Skip to content
Menu
menu

Illustration by iStock; Security Management

EP Trends: Residential Risks, Extremist Influencers, Shifting Tactics

Concerns over executive safety remain high at the start of 2025. Not only was UnitedHealthcare CEO Brian Thompson killed on 4 December 2024, but there were multiple other incidents of threats against business executives in late 2024. In addition, social media influencers and other sources have called for similar attacks.

“I am very concerned about the impact that assassination will have for security teams moving forward,” says Scott Stewart, vice president of intelligence with TorchStone Global. “First, it demonstrated that a principal who does not have an executive protection team can be murdered by a focused individual with very little in the way of training and resources.

“Second, it has served to spark an outpouring of anti-corporate, anti-capitalist, vitriol that has showed up in things like the CEO wanted posters and the CEO target playing cards,” he continues. “Finally, I am concerned with the way a small segment of the population considers Thompson’s murderer to be some sort of celebrity or antihero role model. I fear that this will lead to a contagion effect similar to that caused by the lionization of the Columbine attackers, which has led to scores of attacks across the globe over many years.”

In late January, a Massachusetts woman was arrested after she allegedly went to the U.S. Capitol in Washington, D.C., with a folding knife and two homemade firebombs to kill members of President Donald Trump’s cabinet. She told police that she was influenced by the man charged by fatally shooting the UnitedHealthcare CEO, NBC News reported.

The heightened emotional state around politics and public figures makes executive protection (EP) all the more challenging and necessary.

According to TorchStone Global’s annual review of trends in EP threats, there were 462 publicly reported incidents threatening high-profile individuals due to their status in 2024, with an average of 39 incidents per month. This is fairly consistent with the rate of threats in the second half of 2023, which had an average of 38 incidents per month.

Celebrities were the most common targets (32 percent of threats), followed by federal government officials (30 percent).

Politically linked threats were notably higher in 2024, driven by a large number of elections. In December, U.S. Capitol Police Chief J. Thomas Manger testified to the Senate that more than 50 members of Congress had been victims of swatting attacks and 700 members had faced threats in the previous month. (Many of the threats were not publicly reported so they are not included in TorchStone’s count of threats.)

“We have seen an increase in threats against elected officials the past few years as political divisiveness has increased in the U.S. and this trend intensified in 2024, with increases in threats and incidents directed against political figures, everything from assassination attempts and plots such as those against Donald Trump to swatting,” Stewart tells Security Management. “But the U.S. was not alone—we saw an even more dramatic increase in Mexico in 2024 due to the election there with over 100 political assassinations.”

Election observers recorded 129 political violence events in Mexico last year, according to data from the Armed Conflict Location and Event Data Project (ACLED). The violence included 102 assassinations, plus kidnappings, disappearances, attempted murders, and attacks on family members, campaign staff, and election infrastructure, InSight Crime reported.

Tactics are also evolving. TorchStone organizes incidents into different categories, including verbal or written threats; harassment; stalking; attacks; and other crime, which can include financially motivated crimes such as robberies, home invasion, and property crime.

Attacks were the most common tactic measured by TorchStone, but the report notes that “this is likely due to the nature of reporting threats: most incidents of verbal/written threats, harassment, or stalking either go unnoticed or are not widely reported. Attacks, on the other hand, are much more noticeable and demand more public attention, and are therefore most often reported.”

Although those “other” crimes were some of the least reported overall, they were the most common threats targeting celebrities last year—especially after a wave of high-profile robberies of celebrity athletes’ homes while the sports stars were on the road.

“Property crime often targets a high-profile individual due to the expectation of a higher payout and because their schedules are typically more publicly available,” the report said.

TorchStone also broke down threats by venue, including communication channels (social media, email, postal mail, etc.); public areas; restricted areas; homes; and offices. In 2024, the home was still the most common place where high-profile individuals were targeted.

“One of the things we are watching is a continuing trend of personalizing the cause and taking harassment actions at the homes of targeted individuals,” Stewart says. “This ranges from protests outside the homes of political and academic figures by pro-Palestinian groups, to swatting and sending items to the homes of targets as a means of harassment.

“As far as the impact of the online environment, we are definitely seeing more ‘extremist influencers’ use social media platforms to air grievances and denounce people they consider to be enemies of their extremist movement,” he continues. “In some cases, the extremist influencers and their followers will dox those being denounced, and we have even seen them directly call for harassment or attacks against the individuals they denounce.”

This continuum of events—grievance, denouncement, doxing, harassment, and attack—puts the influencer’s role in context and helps identify proactive next steps for security, he adds.

“I believe security teams can use an understanding of the model to get ahead of problems by removing or obfuscating sensitive information on the Internet pertaining to where their principal lives, where their children go to school, etc.,” Stewart says. “Performing a thorough assessment of the principal’s online profile can reveal where information vulnerabilities are and provide some guidance on how to close any self-inflicted information leaks. Briefing the principal on their information vulnerabilities can also help immunize them against information shock if they are doxed.    

“Secondly, based on the findings regarding targeting principals at their homes, they can conduct a thorough residential security assessment to ensure there are no security vulnerabilities that can be exploited by bad actors. Robust residential security is a must. 

“Third, EP and protective intelligence teams need to take note, and action, when they see extremist influencers denouncing their principal,” he concludes. “Actions can include contacting the local police department to warn them about the possibility of a swatting attempt against the principal. Teams with more resources can also begin to watch for preoperational surveillance directed against the principal and their residence.”

Executive Protection Resources

Learn more about executive protection, including residential security, in these resources from ASIS International and our partners:

ASIS International Resources

ASIS International has a robust set of resources and educational tools for security professionals across all fields, including executive protection.

International Protective Security Board (IPSB)

ASIS International and the IPSB signed a Memorandum of Understanding in November 2024 to promote collaboration and information-sharing. Read more about the MOU here.

Read peer-reviewed research and articles from the field of close protection in the IPSB’s Close Protection and Security Journal.

Security Management Coverage

Security Management covers a wide variety of security topics, including close protection and threat assessments. We have collected a few related articles below for additional insights:

 

arrow_upward