With America’s central focus on the violent murders of Iryna Zarutska and the assassination of Charlie Kirk, the industry conversation of “threats” has once again taken over professional Executive Protection (EP) forums. I use the word “professional” loosely because in the case of the shooting of Charlie Kirk, every self-proclaimed expert with a LinkedIn profile or Facebook account had an opinion or theory, and not surprisingly, most were wrong.
Recently, I spoke at a large corporate security seminar hosted by the Department of Homeland Security, where several three-letter federal agencies provided briefings on the threats facing corporations and their senior leadership. As I listened to the presentations before mine, I was struck by a sense of familiarity across all presenters despite their backgrounds. The threat landscape being described was identical to the one I was trained on more than twenty years ago.
After the seminar, I checked my old training manuals and confirmed that the core categories of threats have, in fact, remained consistent over time. Criminals, terrorists, social activists, nation states/geopolitical, and the mentally ill have always, and continue to pose a risk of harm to protected persons and organizations. These threats have historically manifested in shootings, stabbings, kidnappings, and other physical attacks. There is nothing new in the physicality of the tattacks or the attackers. Regardless of modernization, a rifle remains a long-range threat and a knife remains a close-range threat, fundamental realities that every protector must anticipate and plan for.
What has changed, however, is not the categories of these threats but how they manifest and coalesce. Today, the threats themselves have overlapped, and the modality is the only differentiator. Two decades ago, physical security and personal confrontations dominated risk assessments and considerations. Threat actors are now empowered by technology, using cyber tools, digital platforms, and networked systems to amplify their reach, obscure their identities, and attack in ways that were unimaginable when I first entered the profession.
The role of contemporary CEO’s has itself also significantly evolved beyond the traditional boundaries of business leadership. Executives are high-value targets, not only because of their personal wealth but also due to their influence on global markets, national economies, and geopolitical affairs. The modern threat landscape demands that protectors prioritize fundamental, proactive security measures while recognizing how adversaries blend threats and tactics across both digital and physical domains. The convergence of these threats, amplified by online influence and fueled by activist mobilization, elevates executive protection to a mission-critical function for enterprises worldwide.
This article is not meant to analyze recent attacks, their methods, or the tactics employed by adversaries. Instead, its purpose is to provide a broader analysis of the categories of threats and their implications for protective operations as a whole. Intelligence remains the foundation of every protection program, and without it, teams operate blindly and often reactively. However, intelligence alone is insufficient. The true measure of an effective protective operation lies in how well that information is translated into proactive countermeasures and physical coverage. Ultimately, the identification of a threat is only the first step; neutralizing, mitigating, or otherwise countering that threat is the core responsibility of protection professionals. Put simply, intelligence without a protector is of little value.
Criminal Threats
In a recent Gallup poll, Americans were asked: Do you feel safe walking alone at night in the city or area where you live? As expected, 72% of the respondents stated they did. This percentage reflects rising concern for criminal attacks and is down from a 2006 survey in which 76% responded positively. While not threat-specific, it can be inferred that the immediate danger posed to the public is criminal in nature.
Opportunistic criminals also remain a persistent threat to corporate executives. Criminal organizations and bad actors often target CEOs and corporations for financial gain. This can take the form of kidnapping for ransom (K&R), extortion, or cyber-enabled fraud. While there are numerous historical cases of these crimes, they continue to be persistent and impact current protection methodology and the intelligence landscapes.
Recent Case Studies:
In a K&R scheme (France, 2025), armed attackers attempted to abduct the daughter and grandson of Pierre Noizat, CEO of Paymium. Similar incidents targeting crypto executives have included torture and mutilation, underscoring the brutality of financially motivated actors.
In a Home Invasion (Illinois, 2025) Ty Warner, founder of Beanie Babies, was attacked in his residence. The perpetrator reportedly accessed doxxed executive data online, blurring the line between traditional burglaries and targeted corporate violence.
Cyber extortions in 2020 targeted several Fortune 500 executives who received spear-phishing emails (also known as whaling) that tricked assistants into transferring large sums of money. The perpetrators specifically targeted individuals at the top of the corporate ladder, knowing their authority often bypasses normal safeguards.
Criminal targeting has unique corporate sector considerations, including the targeting of Finance and Crypto executives with high liquidity and publicly reported personal wealth. The Retail and Consumer Goods sectors also present a greater risk of opportunistic crimes, including robbery and home invasions, due to lifestyle visibility.
EP Sector Considerations:
Kidnap-resistance and K&R training for families and EP, hardened residential security, and protective intelligence monitoring of doxxing forums are becoming as important as corporate cyber hygiene.
Protective Implications:
Unlike many other threat actors whose tactics continually evolve, criminal threats have remained largely consistent in their methods, relying on time-tested approaches. What has shifted, however, is the delivery of these threats and the environment in which they occur. Modern criminals are increasingly leveraging digital platforms, social engineering, and online reconnaissance to enable or amplify traditional crimes.
For protection teams, this requires more than just a focus on the direct, physical danger posed by criminals. While vigilance against in-person assaults or opportunistic attacks remains critical, practitioners must now account for how criminals exploit technology to gather intelligence, target executives, or disrupt operations. Effective protective operations must adopt a dual-lens approach, incorporating strong physical security protocols while also integrating cyber awareness, digital monitoring, and proactive threat intelligence into their protective planning and posture.
Terrorist Threats
Although CEO’s are less targeted in Western environments, terrorism remains a credible risk, especially when companies intersect with political, defense, or energy sectors. Given the global nature of business operations, corporate leaders frequently travel to countries where credible terrorist networks are active. For terrorist groups, CEOs represent symbols of economic and political power. Attacking an executive can generate media attention for a cause and even temporarily disrupt financial markets and corporate value.
Recent Case Studies:
The Tesla Infrastructure Attacks (Europe, 2024–2025), which involved fire bombings of Tesla dealerships and charging stations, were likely ideologically motivated, reflecting anti-globalization, anti-government, and/or anti-technology sentiment tied directly to Elon Musk’s brand identity.
Historic Precedent (Mumbai Attack, 2008), business hotels hosting corporate leaders became primary targets of terrorism, illustrating how CEOs abroad are collateral high-value targets during large-scale attacks. While not targeting one specific CEO, terrorists deliberately struck hotels known for housing international business executives. Several high-ranking corporate leaders were among the hostages and casualties, underscoring the vulnerability of CEOs when traveling abroad.
Oil & gas executives have been the target of terrorist organizations in the Middle East and North Africa. Energy company leaders have been targeted because they are viewed as enablers of Western policy. Executives in this sector often require military style protective measures (PSDs) when traveling to high-risk regions.
EP Sector Considerations:
Energy & Infrastructure Companies have a perceived alignment with national governments, making executives symbolic targets.
Defense & Tech Companies executives are vulnerable to ideologically motivated actors aiming for maximum media impact.
Protective Implications:
Layered travel security programs, including secure lodging assessments and detailed RON surveys, rapid extraction coordination and protocols, and liaison with host-nation resources, are standard operating procedures for most corporate teams in elevated-threat regions.
The Mentally Ill and Fixated Individuals
The United States continues to provide tragic examples of mental health failures manifesting in violent attacks against the public. The recent murder of Ukrainian citizen Iryna Zarutska and the assassination of Charlie Kirk have once again drawn America’s attention to the ongoing mental health crisis. While these incidents are undeniably criminal in nature, the deliberate intent to take a life reflects deeper psychotic or psychopathic dispositions. At their core, these pathologies represent a complete breakdown in rational thought, moral boundaries, and lawful behavior.
This category of threat actors, driven by fixation, delusion, or untreated psychological illness, is among the most unpredictable and difficult to detect. Their persistence, coupled with the often-random nature of their attacks, means they can appear invisible within traditional monitoring frameworks. The cases in South Carolina and Utah illustrate how quickly such individuals can escalate from being unnoticed to lethal. Fixated individuals represent a growing risk to corporate leaders and other protected persons, requiring protective teams to integrate behavioral threat assessment and advanced intelligence monitoring into their operations.
Equally concerning is the rise of insider threats. Unlike external attackers, insiders exploit their legitimate access, knowledge, or trust to cause harm—whether through violence, sabotage, or information leaks. When combined with mental health struggles, grievances, or personal fixation, insiders become uniquely dangerous because they already operate within the perimeter of trust. Executives and organizations must therefore consider insider threat awareness as part of a holistic protection strategy, recognizing that risks do not always come from outside the walls.
Collectively, this group of threat actors is the most unpredictable, persistent, and can often be invisible until an attack occurs (as seen in South Carolina and Utah).
Recent Case Studies:
Prior to the Zarutska and Kirk incidents, the most widely reported physical attack was that of United Healthcare CEO Brian Thompson (NYC, 2024), who was fatally shot outside his Manhattan hotel by a lone actor. The absence of protective resources and the presence of publicly available logistical information made Thompson vulnerable. This crime also represents the blurred lines between mental health issues, activist attacks, and criminal activity.
Other lesser-known incidents, like the attack of SAIF CEO Chip Terhune (Oregon, 2025), who survived a shooting at his residence, highlight how residential targeting by unstable actors is increasing in frequency.
EP Sector Considerations:
Healthcare & Insurance: Negative public sentiment towards CEOs who are often blamed directly for systemic issues (e.g., medical costs, denied claims) has brought significant attention and reciprocal protective coverage to this sector.
Tech Executives: The celebrity surrounding Silicon Valley leaders attracts unusual obsessions, both positive and negative.
Celebrity and Government: This group is the most vulnerable to these attacks and often receives projected targeting because of their public persona.
Protective Implications:
Collaboration with behavioral threat assessment teams, proactive monitoring of fixated individual databases, and law enforcement partnerships are essential to deter these threats. Security programs must be prepared for escalation from harassment to lethal action and have established and documented Use of Force guidelines for EP professionals.
Nation-State/Geopolitical Threats
In the realm of government protective services, protection teams routinely consider operational planning for nation-state threats when protecting elected officials. Due to the international reach of large corporations, CEOs also now wield significant political influence globally. Corporate leaders, like politicians, can also find themselves in the crosshairs of hostile nation-states. CEOs of major technology, defense, and critical infrastructure companies often hold knowledge and influence that adversarial governments covet. This power dynamic has resulted in nation-states and their surrogates targeting them through coercion, cyber-enabled espionage, and, in some rare cases, physical detention.
Every corporation should have a comprehensive travel safety program in place to address evolving geopolitical threats. The sophistication and scope of these threats have grown significantly in recent years, with executives, employees, and contractors frequently traveling to regions marked by political instability, organized crime, terrorism, and even targeted kidnappings. Companies can no longer afford to treat travel safety as a routine box-checking exercise, and travel safety programs often include pre-visit intelligence briefings, real-time threat monitoring of global events, emergency response protocols, and partnerships with specialized in-country security providers. These programs are designed not only to safeguard personnel during international travel but also to protect the corporation’s reputation, ensure business continuity, and fulfill the organization’s duty of care obligations.
Recent Case Studies:
Huawei and global tech rivalry resulted in the detention of Huawei CFO Meng Wanzhou in Canada (at the request of the U.S.), which led to retaliatory arrests of foreign executives in China, showing how corporate leaders can become pawns in geopolitical disputes.
Cyber targeting by nation-state hackers has resulted in sophisticated phishing/whaling campaigns against CEOs to gain direct access to sensitive communications, bypassing corporate cybersecurity systems that usually protect employees.
Pavel Durov (Telegram CEO, 2024–2025) was arrested in France for charges tied to user-generated content on Telegram. His continued legal restrictions reflect how states can use judicial tools to immobilize executives.
Ilya Sachkov (Group-IB CEO, 2021) was detained in Russia on treason charges, and the incident was widely viewed as politically motivated.
Exit bans in authoritarian states for executives have increased, causing legal entanglements to pressure corporate negotiations.
Executives visiting Hong Kong in 2019 found themselves unexpectedly exposed to mass protests, transportation shutdowns, and police confrontations that severely disrupted business travel and created serious personal safety concerns.
In Western Europe, sudden demonstrations over economic, political, or social issues have turned violent, catching travelers off guard. The 2018–2019 “Yellow Vest” protests in France disrupted major transportation hubs and devolved into clashes with police, placing visiting executives at direct risk despite Paris traditionally being seen as a stable business environment.
EP Sector Considerations:
Tech & Cybersecurity: CEOs with access to sensitive data are prime state-level targets.
Energy & Extractives: Executives may be detained to influence contract terms or political leverage.
This threat class also applies to all executive groups travelling abroad, regardless of their position. Because of the random nature of these threats, everyone is at risk, including the protective detail.
Protective Implications
EP teams must integrate geopolitical risk analysis, legal contingency planning, K&R considerations, and protective intelligence into pre-travel advisories. Engagement with friendly government agencies and resources, including OSAC and the U.S. State Department, is critical when deploying executives into overseas or hostile jurisdictions.
Monitoring online protest mobilization and maintaining a responsive protective intelligence notification system is necessary to deter this type of threat. Local coordination should extend to contracted security resources, hotel security, and any sponsors for invitational travel.
Focused Issue Groups & Activists
Activist groups and single-issue organizations can also pose real threats to protected persons. This is evident in the activist (and blended mental health) attempt on the life of Charlie Kirk and Brian Thompson. These groups may be motivated by environmental, social, or political agendas and may see a CEO as the embodiment of corporate wrongdoing. Activism against corporations is escalating and includes reputational campaigns meant to damage corporate image through confrontations with executives.
Recent Case Studies:
The widely seen YouTube recording of an activist harassing BlackRock CEO Larry Fink in Davos, Switzerland, in 2025 reflects the exceptional professionalism of executive protection details involved in focused issue activity.
During the Microsoft Protests (2025), the employee-driven “No Azure for Apartheid” demonstrations targeted CEO Satya Nadella and President Brad Smith at both corporate HQ’s and private residences.
The Tesla Takedown Campaign (2025) was an international movement that urged divestment from Tesla, mobilizing both digital and physical protests, directly linking corporate policies to Elon Musk as an individual.
Animal Rights Activism (Biotech/Pharma), where senior executives have faced protests at homes, vandalism, and personal harassment.
EP Sector Considerations:
Tech: Tied to ethical concerns (AI bias, censorship, surveillance).
Energy/Automotive: Climate activism consistently elevates risk.
Healthcare: Bioethics and animal rights activism drive targeting.
Finance and Banking: Anti-globalist activist groups routinely target this sector.
Protective Implications:
Monitoring online activists’ mobilization, conducting detailed protective advances and surveys at visit sites, executive residences, and family offices, and preparing for protests during publicly scheduled meetings or events are critical to deter focused issue group disruptions.
Cyber and Emerging Threats and Their Influence
The rapid expansion of digital platforms has created new and complex vulnerabilities for corporate leaders, particularly CEOs. Although the threat type remains unchanged, the delivery method has evolved in response to technological advancements. Executives now face a growing threat landscape where cyberattacks, disinformation campaigns, and personal data leaks can directly translate into both financial loss and physical harm.
Recent Case Studies:
Corporate security analysts have documented a sharp increase in attacks leveraging deepfake technology and voice cloning. In a recent Ponemon Institute’s 2025 Digital Executive Protection Report, 40% of respondents reported that senior executives within their organizations had been targeted by deepfake schemes, many created to mimic authority figures and trick employees into transferring funds or releasing sensitive data. Overall, impersonation attempts against executives have risen dramatically, climbing from 43% to over 50% in just two years. These attacks not only threaten financial stability but also erode trust within organizations when employees can no longer confidently verify leadership communications.
Hybrid Threats: Cyber to Physical
The threat environment is no longer confined to the digital sphere. Doxxing, or publicly releasing personal details such as home addresses or family information, and the leaking of geolocation data from personal devices, have already been linked to real-world physical attacks. When adversaries can track, expose, and exploit an executive’s digital footprint, the distinction between online harassment and physical security risks effectively disappears.
Protective Implications:
For today’s executive protection professionals, the line between cybersecurity and physical security has effectively disappeared. Protecting an executive’s digital identity is now inseparable from safeguarding their physical well-being. This shift requires tighter collaboration between siloed corporate security teams, IT departments, and protective intelligence units. It also calls for proactive strategies, including monitoring for online impersonation, securing personal devices, managing digital exposure, and educating both executives and protection personnel on the dangers of oversharing via social media. The digital environment has become the new battleground where familiar threats manifest in modern ways, and protectors must be equally comfortable at countering these risks in the virtual arena as they are in the physical world.
In Summary
Corporate leaders today face a threat landscape that is both familiar and complex. While the core categories of adversaries, criminals, terrorists, nation-states/geopolitical, social activists, and the mentally ill have remained consistent for decades, the methods by which these threats manifest have evolved. Modern threats no longer fit neatly into isolated categories; rather, they overlap and blend across physical, digital, and psychological domains. From kidnappings and home invasions to ideologically driven terrorist attacks, politically motivated detentions, and the actions of unstable individuals, CEOs are increasingly viewed as high-value targets whose influence extends beyond the boardroom.
The convergence of digital and physical risks has further amplified these vulnerabilities. Deepfakes, voice-cloning schemes, and cyber-enabled fraud now target executives at alarming rates, while doxxing and geolocation leaks have translated directly into physical attacks. Activist groups and issue-driven movements exploit digital platforms to mobilize against CEOs personally, blurring the line between reputational and physical threats. In this environment, executive protection must evolve to safeguard CEO’s by integrating cybersecurity, physical security, and protective intelligence into a unified protective strategy. As adversaries adapt and blend tactics, enterprises must treat executive protection as a mission-critical function essential to corporate resilience and continuity.
