The shocking assassination of UnitedHealthcare CEO Brian Thompson has sent ripples of concern through corporate America. The attack, carried out in broad daylight as Thompson made his way to an investor meeting in midtown Manhattan, highlights a new and unsettling reality. In its aftermath, boards of directors have convened emergency sessions, family offices are reassessing security protocols, and the C-suite is questioning its preparedness for emerging threats.

What makes this incident even more alarming is the apparent motivation of the alleged shooter, Luigi Mangione. Unlike traditional threat actors such as political extremists, habitual criminals, or single-issue radicals, Mangione appears to represent a new, grievance-driven form of anticorporatism. This category of threat actor is challenging to define but undeniably dangerous, driven by perceived injustices rather than ideology or profit. The groundswell of public support for Mangione in certain circles—coupled with indignation over executive decisions perceived as cavalier—has amplified the concern.

This evolving threat landscape has left many corporate leaders scrambling for answers. Questions about the necessity of close protection teams, security drivers, and other hallmarks of executive protection (EP) abound. While the instinct to act quickly is natural, reacting without a clear strategy risks compounding vulnerabilities and wasting resources. Instead, organizations must approach this moment with focus and care, adopting a risk-based methodology to assess and enhance their executive protection frameworks.

The following five-step process offers a structured and practical framework for evaluating and strengthening EP programs. This approach ensures that corporate leaders can address vulnerabilities effectively, without succumbing to fear or overreaction.

Step 1: Mapping the Threat Landscape: The First Step in Executive Protection

An effective executive protection strategy begins with a clear understanding of the current threat landscape. This foundational step identifies and analyzes potential risks, enabling organizations to tailor their security measures appropriately. Consider the following elements:

• Geography: Analyze locations where executives live, work, and travel. Identify high-risk areas due to crime, political instability, or other factors.
• Profiles: Assess the public visibility and industry-specific threats executives may face. Personal vulnerabilities, such as controversial affiliations or public roles, must also be taken into account.
• Historical Incidents: Review any previous threats or attacks targeting your organization, industry, or executives. Patterns of behavior can often illuminate emerging risks.

Engage stakeholders, including security teams, risk management personnel, and executives themselves, to build a collaborative and thorough evaluation. This holistic approach lays the groundwork for an effective EP program.

Incorporating an Independent Security Study (ISS) at this stage can provide invaluable insights. Unlike the tactical threat assessments conducted daily by the EP team, an ISS offers a broader, long-term perspective. It evaluates systemic vulnerabilities, industry trends, and blind spots, giving organizations a comprehensive view of risks that might otherwise go unnoticed. This complementary analysis ensures a well-rounded risk assessment process.

Step 2: Measuring Readiness: Evaluating Your EP Program’s Current State

With risks identified, it’s critical to assess how well your existing EP framework aligns with these threats. This involves a detailed review of current policies, practices, and resources:

• Policies and Procedures: Examine whether policies are up-to-date, clearly documented, and actionable. Gaps in procedural clarity can leave organizations vulnerable during crises.
• Personnel: Assess the skills, training, and readiness of your EP team. Are they adequately equipped to handle the identified threats?
• Technology and Resources: Evaluate the sufficiency of surveillance systems, communication tools, and access controls. Technology should be modern, effective, and well-integrated.
• Integration: Ensure the EP program works cohesively with other departments such as HR, legal, and corporate communications. Cross-departmental collaboration is essential for a unified response to threats.

An independent maturity assessment can be highly valuable here. It evaluates the readiness of the EP team to fulfill its responsibilities, identifying strengths and gaps in the program’s current capacity to address identified risks effectively. It can be additionally useful in understanding how your program measures up against industry standards to provide leadership with insight into how EP programs are being managed and executed.

Step 3: Focus Where It Counts: Prioritizing Risks in EP Programs

Not all risks demand equal attention, and attempting to address every potential threat can overwhelm teams and budgets. A risk-based methodology allows organizations to focus their efforts where they matter most:

• Risk Ranking: Categorize threats by their likelihood and potential impact. High-impact, high-likelihood risks should take precedence.
• Mission-Critical Gaps: Identify gaps that pose immediate risks to executive safety and prioritize addressing these vulnerabilities.
• Resource Allocation: Align personnel, budget, and technology investments with prioritized risks to ensure resources are used efficiently.

The insights from an ISS can significantly enhance this process by providing a strategic view of risks and enabling informed decision-making about resource allocation.

Step 4: Strengthening Skills: Training as the Backbone of EP Programs

Training is the backbone of any EP program. Without well-prepared personnel, even the best strategies and resources fall short. Organizations should prioritize the development and refinement of their training programs to:

• Skill Development: Equip EP teams with advanced skills to address evolving threats, including de-escalation techniques and emergency response protocols.
• Policy Alignment: Ensure training programs are closely aligned with organizational policies and industry best practices.
• Confidence Building: Regular training boosts the confidence of both security teams and executives, reinforcing trust in the program.

External training programs can be particularly valuable in aligning team operations with best practices. Accredited programs ensure that the team is operating from a consistent playbook and provide validation of their skills and preparedness. Scenario-based exercises and certifications from reputable organizations like IADLEST are excellent ways to maintain high standards.

Step 5: Staying Ahead: Continuous Improvement in EP Programs

Executive protection is not a static endeavor. Continuous monitoring and improvement are essential to keep pace with an ever-changing threat landscape. Implement mechanisms to:

• Review and Update Risk Assessments: Regularly revisit risk analyses to address emerging threats and adjust strategies accordingly.
• Feedback Loops: Create channels for receiving feedback from executives and EP teams to identify strengths and weaknesses.
• Benchmarking: Compare your program against industry standards and evolving best practices to ensure it remains effective and relevant.

The recent tragedy in New York City underscores the importance of well-designed and thoughtfully executed executive protection programs. By following these five steps, organizations can evaluate their current state, address critical vulnerabilities, and build a resilient, effective framework for executive security. Whether undertaken independently or with the guidance of professional services, this approach ensures that actions are deliberate, impactful, and sustainable—providing peace of mind for executives and their teams alike.