Client Alert: Steps Large Organizations Should Consider Taking to Protect the Safety of Their Executives

By Ashley Barnes and Timothy P. Van Dyck  •  December 6, 2024

With the jarring news this week that Brian Thompson, the CEO of UnitedHealthcare, was fatally shot outside a Midtown Manhattan hotel, many Fortune 500 and other large companies are suddenly finding themselves in the unenviable position of having to review, critique and beef up their approaches to how to protect their senior executives from such brazen attacks. Mr. Thompson evidently had been walking towards the hotel in the early morning, unaccompanied, to attend the company’s annual investors day meeting when the assassination occurred. According to reports, Mr. Thompson had been the subject of a number of serious threats shortly before the shooting took place. Further, shell casings bearing the words “deny,” “defend,” and “depose” were reportedly found at the scene of the shooting, suggesting that this was a targeted attack due to Mr. Thompson’s position at a health insurance company.

Executives of large organizations are often targeted with messaging from the public, ranging from general disapproval to overt threats of violence. Earlier this year, activists from a climate movement organization confronted Bank of America CEO, Brian Moynihan, while he was speaking at a country club in Massachusetts about the economy and the finance industry.  Further, in January, a Tesla employee was reportedly arrested after, among other things, allegedly tweeting about his plan to kill Elon Musk on X. As with the increasing link between social media and violence such as mass shootings, the continued, widespread use and reach of social media and other internet platforms has likely increased the frequency of violent or threatening behavior toward business executives.

While it is obviously impossible to provide guarantees that senior executives (or anyone, for that matter) can be insulated from wanton violence, there are certain concrete steps that both large organizations and their executives should consider taking, if they have not done so already, given what appears to be the corporate climate:

Assess the Risk Associated with the Executive

• How well known is the executive? Is he or she a public figure? Are they easily recognizable?
• Is the company itself vulnerable to public ire (e.g., vaccine manufacturers, healthcare providers, insurance companies, financial institutions)?
• Is the company vulnerable to criticism that it is contributing to climate change or otherwise adversely affecting the environment?
• Is the company vulnerable to criticism that it is treating its stockholders, employees, customers, or the public at large, unfairly?
• Is the company subject to possible threats from foreign actors because of the way in which it conducts business in foreign countries (e.g., use of child labor, unfair labor standards) or because of any positions the company has taken on hot-button political issues (e.g., voicing support for Israel or Palestine)?
• Is the company frequently sued and, if so, on what basis? Are the plaintiffs in any of those suits more likely than not to have the potential to carry out a violent attack?
• Has the executive been subject to threats in the past? What is the nature and frequency of the threats?
• Has the company been the subject of bad press?
• Is the executive required to be the “face” of the company (e.g., speaking at various events)?
• Is the executive required to travel as part of his or her job duties and responsibilities? If so, where? Who are the people the executive is likely to encounter as part of such travel?

Mitigate the Risk by Adding or Amplifying Safety and Security Provisions in Employment Agreements and Policies

• Require executives to have personal protection (e.g., bodyguard(s)) in place in specific locations and/or while performing specific activities (e.g., while commuting to and from work or work events, while traveling, while at home). Identify what kind of protection is needed and who will pay for it. Additionally, put in place guardrails such that the executive’s privacy is not unduly impinged as a result of such protection.
• Require all employees with access to executive(s) to submit to periodic background checks.
• Assess whether executives should only be flying on private planes. Should such private travel be required just for business trips or personal trips/vacations as well?
• Prohibit executives (and/or their families) from traveling to areas that are considered unsafe.
• Require the executive to immediately notify the company if he or she becomes aware of a threat to the safety of themselves or their family.
• Require the company to immediately notify the executive if it becomes aware of any threat to the safety of the executive or his or her family.

Mitigate the Risk by Adding or Amplifying Safety and Security Provisions in Company Protocols and Procedures

• Formulate a plan for notifying specific company personnel and law enforcement of any imminent threat to the safety of an executive.
• Monitor for data breaches involving executives’ credentials.
• Have in place a lockdown plan and perform regular trainings and drills to ensure all employees are familiar with the plan and can execute it properly.
• Provide for increased security at headquarters in response to potential threats.
• Have in place specific and clear succession plan(s). Have a concrete and detailed understanding of who will take over job duties if an executive suddenly becomes incapacitated so that the organization can continue to run its day-to-day operations as seamlessly as possible during the crisis.
• Require daily internet and press monitoring to assess any possible threats.
• Have in place a social media best practices policy that advises against sharing sensitive information online (e.g., vicinity of home address, travel itinerary, location of hotel while traveling, names of children’s schools).
• Consider providing senior executives with mandatory training, taught by experienced professionals, on how they can more readily identify potential threats and avoid becoming targets.

As set forth above, no attempt to protect the safety of a large organization’s executives is going to be foolproof; however, by taking a comprehensive and proactive approach to risk mitigation, tragedies like the one that took place earlier this week might be avoided. By proactively and honestly assessing the risks of harm associated with a particular executive, and taking affirmative steps to mitigate such risks by adding or amplifying safety and security provisions in employment agreements and policies, and in company protocols and procedures, organizations will be better positioned to keep their executives safe – and their organizations running smoothly.