High-profile private and public-sector leaders have been at an elevated risk of targeted violence in the past several years. Although physical attacks on corporate executives are rare, recent events demonstrate how these public figures may be targeted due to their notoriety, perpetrators’ grievances, or their perceived wealth.
In July 2020, Fahim Saleh, entrepreneur and founder of Manhattan venture capital firm Adventure Capital, was stabbed, beheaded, and dismembered in his New York home by a former personal assistant. The former assistant reportedly owed Saleh tens of thousands of dollars.
In October 2021, a possibly armed stalker whom Apple accused of “erratic, threatening, and bizarre behavior” appeared at the home of Apple Chief Executive Officer (CEO) Tim Cook in Palo Alto, California, on two separate occasions. Between late October and mid-November 2020, she emailed Cook roughly 200 times. The messages significantly escalated “in tone, becoming threatening and highly disturbing,” according to Apple’s application for a restraining order. Some messages contained photos of a snub-nosed revolver and cartridges. One message in January 2022 involved an incoherent statement about burning down Cook’s property.
Also in October 2021, the CEO of pharmaceutical company Aurex Laboratories, Sree Aravapalli, was killed in a home invasion and attempted robbery. The suspect had seen Aravapalli cash out $10,000 at a casino in Pennsylvania, followed him 30 miles to his home in New Jersey, and broke into his house. Aravapalli died from multiple gunshots.
In February 2022, a man rammed his truck through a closed gate at CEO Michael Bloomberg’s ranch in western Colorado and kidnapped a housekeeper at gunpoint. He forced her to drive to other locations in Colorado in an unsuccessful effort to find and kill another media mogul. According to the abductee, the perpetrator had attempted to find Bloomberg at the Meeker, Colorado, airport in July 2021 and wanted to make “an international scene.” Prosecutors claimed he was “intent” on killing the billionaire.
On December 4, 2024, a man fatally shot UnitedHealthcare CEO Brian Thompson in front of the Hilton Midtown hotel, host of UnitedHealthcare’s annual investors conference. Thompson had just walked from his hotel across the street, unaccompanied by security. Police in Pennsylvania arrested the suspect on December 9. He was carrying a notebook that mentioned killing a CEO at an annual meeting.
Implications for the Private Sector
Corporate security’s response to Thompson’s murder has varied. Many large, publicly held companies already have vigilant executive security practices. The boards of some of these companies even require their executives to receive executive protection. Twenty percent of S&P 500 companies disclose some type of security for chief executives, according to a CNBC analysis of recent proxy statements. At one extreme, Meta spends by far the most among U.S. technology companies for the security of its chief executive, with security for Mark Zuckerberg costing $23.4 million in 2023.
Some companies are more proactive than others. Under the spotlight caused by pivoting to COVID-19 vaccine research and development, in addition to related sales and marketing, pharmaceutical and biotechnology company Moderna “authorized the provision of personal and home security services to certain” executives, according to its 2021 proxy statement.
Based on the 2024 and older company proxy statements, it appears former and current UnitedHealth Group executives did not previously receive regular, company-funded personal protection (UnitedHealthcare and Optum are UnitedHealth Group’s two subsidiaries). Reporting varies on whether Thompson, who lived in a Minneapolis suburb, was assigned a security detail for his fateful trip to New York. Some sources, including the New York Police Department, claim he did not have a security detail. Other sources report that he had a security detail during his trip but that the protection was not with him when he was attacked.
However, for some chief executives—especially those in the health insurance industry—this incident has already resulted in a greater appreciation for personal security practices. Immediately after Thompson’s murder, owners of some security companies claimed that corporate executives have been contacting them for security services. However, the permanency of increased security policies for security companies and internal security departments is undetermined.
Other measures vital to the security of most public and private organizations include behavioral threat assessment, intelligence analysis, and understanding risks to the organization.
Behavioral Threat Assessment and Intelligence
Behavioral threat assessment is the systematic process of investigating and assessing concerning behaviors. The murder of Brian Thompson created an opportunity for many organizations to professionalize and institutionalize behavioral threat assessments within their security teams or establish relationships with external threat assessment experts. Familiarity with and training in behavioral threat assessment has increased within and outside of the security field over the past several years, but a significant portion of security professionals are not sufficiently familiar with its basic concepts such as warning behaviors.
Thompson’s alleged murderer was reportedly inspired by Ted Kaczynski, the “Unabomber” who killed 3 people and injured 23 during a 17-year bombing campaign of random targets, including universities and airlines. The suspect reportedly disapproved of the Unabomber’s actions but was fascinated by his ideology. This inspiration is possibly an aspect of a warning behavior referred to as “identification,” when a person identifies with or wants to imitate or surmount previous attackers or assassins.
Often, a security intelligence team conducts or assists with behavioral threat assessments or some version of it—if the organization has an intelligence team. Over the past few decades, the corporate world has seen an increase in the use and professionalization of security intelligence—sometimes referred to as protective intelligence, threat intelligence, or risk intelligence (there is little standardization of intelligence terms and titles in the private sector). Among other responsibilities and depending on the organization, security intelligence
- supports decision-making and provides insight to the organization’s leaders;
- identifies current and emerging risks and opportunities facing the organization;
- identifies, analyzes, and evaluates risks—including ascertaining the sources and nature of risks, impact (consequence) analysis, threat analysis, and vulnerability and capability analysis;
- conducts travel risk assessments; and
- provides recommendations that enable the mitigation of risk and assist in focusing security resources.
Thompson’s wife told news media that her husband had received recent threats but had not been altering his travel routine. A security intelligence team assesses these communicated threats—whether prolific letter writing, emails, or voicemails—and could provide recommendations based on the assessment, such as varying or not varying travel routines or plans.
Despite an overall increase in the number of private-sector intelligence teams, the recent trend in many organizations has been to reduce or cut these teams. Presumably, this most often occurs when leaders have perceived these intelligence teams as primarily cost centers with little to no value beyond the tactical level (such as primarily or only supporting executive protection teams). In the wake of the Thompson murder, there will likely be a greater emphasis on security intelligence support for personal protection operations. However, these intelligence professionals will be most successful when they also provide strategic value—to help the organization take risks rather than attempt to eliminate them. For example, a corporate intelligence team could use sound analytic tradecraft to recommend a locale where the company can establish operations, contrary to prevailing fears among the company’s competitors.
Asset Identification and Characterization
This often-neglected risk-identification step includes the characterization of the organization’s brand, image, and reputation. It should also include an analysis of a leader’s behaviors, associations, and relationships that could be problematic. This process can identify the potential for negative consequences related to the organization’s or leader’s activities and functions.
News coverage of the UnitedHealthcare CEO’s murder and the practices of the health insurance industry, in addition to social media, have increased the public’s scrutiny of healthcare insurance companies, especially those with high denial rates. While UnitedHealthcare reportedly has the highest claim denial rate among healthcare insurers, Medica, Anthem, Aetna, and CareSource have the next highest denial rates.
In 2018, a YouTube influencer shot three people at YouTube’s headquarters in San Bruno, California, before killing herself. Her motivation for the violence appeared to be the company’s moderation and filtering of her YouTube channel, highlighting how a company’s inherent activities could create extreme grievances.
Threats
Males armed with a gun who are between the ages of 18 and 37 and who have a criminal history are the most likely threat to public figures. Privately made firearms, or “ghost guns,” could pose an increasing threat to all public figures. And mornings (6:00 a.m. to noon) are the most likely time for such attacks. The accused murderer of Thompson is a 26-year-old male who allegedly shot the CEO with a ghost gun at 6:46 a.m.
This threat information is based on more than six decades of empirical data resulting from two independent studies. The U.S. Secret Service Exceptional Case Study Project and a more recent study revealed that business executives are among the least attacked public figures (politicians were the most targeted). Of the 130 attacks on public figures (including approaching with an intent to harm) between 1949 and 2015, business executives were targeted in five attacks. With at least five more physical attacks on business leaders in the five years from 2020 to 2024 (as indicated in the above list of attacks), the rate of attacks against this category of public figures (and possibly all public figures) is clearly increasing. The public’s increased use of the internet and social media likely influenced this increase in attacks.
Public figures also face cyberespionage and phishing (when malicious actors use email to lure victims to visit a malicious site or deceive them into providing login credentials). During the COVID-19 pandemic, IBM reported that CEOs, other executives, and various managers in the COVID-19 cold chain—the transport, warehousing, storage, and distribution of vaccines—were targeted by cyber adversaries. During the operation, spear-phishing emails targeted over 40 companies in 14 countries, including the U.S.
Cyberespionage and cyberattacks can also threaten reputations, the protection of which is a security responsibility. The 2014 cyberattack on Sony Pictures, which the Federal Bureau of Investigation (FBI) attributed to North Korea, resulted in the leak of unsavory and embarrassing emails belonging to Sony executives. The incident likely contributed to the studio chief’s resignation two months later.
In late 2020, a cyberthreat actor in an underground forum for Russian-speaking hackers was selling email passwords of CEOs and other executives around the world. Prices for the account information ranged from $100 to $1,500, depending on the company size and user’s role. Purchasers likely bought the compromised emails to facilitate executive scams, also known as business email compromise (BEC). BEC frequently compromises legitimate business email accounts to conduct unauthorized transfers of funds and comprised almost $3 billion in losses in 2023, according to the FBI.
Vulnerabilities
Protective Details
As exemplified by Thompson’s murder, the most vulnerable public figures are those who are not assigned protective services or who have temporarily dispensed with their protectors (e.g., due to privacy concerns or empathy for their protectors due to the time of day or night). However, due to the potential high consequence of failure, organizations (including family offices) must ensure their executive protection agents are specifically trained and experienced in executive protection. Backgrounds that usually have limited transferable skills to executive protection, such as the military or law enforcement professions, often serve as recruiting pools for personal protection details.
Locations
The most vulnerable locations for most public figures are likely their homes and in and around their vehicles. The aforementioned U.S. Secret Service Exceptional Case Study Project and the more recent 2016 study on public figure attacks—encompassing attacks from 1945 to 2015—had remarkably similar results in finding that just over half of attacks occurred at a residence or at work. Periodic security risk assessments of protectees’ residence(s) and workplace is a best practice that should inform any security upgrades at these locations. Fortunately, the workplaces of many corporate executives are generally less vulnerable than the workplaces of other categories of public figures (e.g., religious figures). But all VIPs are highly vulnerable in and around their vehicles. The study of public figure attacks from 1995 to 2015 found that after residences and workplaces, vehicles and then open spaces (e.g., street or sidewalk) were the most common places of attacks. As assassination attempts against even U.S. presidents have indicated, protectees are particularly vulnerable in the space between their vehicle and the facility they are entering or departing.
Proper advance surveys (an on-site survey that precedes the arrival of the protectee), trained security drivers, hypervigilance in and around the protectee’s vehicle, and parking as close as possible to the facility’s entrance and exit can mitigate threats to protectees who are in transit. In April 1998, an infamous pie thrower and his colleagues ambushed Microsoft Chairman Bill Gates with pies to his face as the software mogul arrived for a meeting in Brussels. A security advance team likely would have detected the assailant.
Online Information
UnitedHealth Group and its subsidiaries UnitedHealthcare and Optum have removed leadership pages from their websites, apparently since the day of Thompson’s murder. The websites of other healthcare insurers now list no leadership information. However, due to regulatory requirements and the nature of the internet, information on corporate executives will likely remain available to the public:
- Regulatory statements and filings that contain the names, compensation, and in some cases pictures of executives are available on the website of some companies or on the U.S. Securities and Exchange Commission’s website.
- Social media websites host recordings of video interviews and news reports that feature public figures. After Thompson’s murder, viral social media posts listed the names and salaries of health insurance executives.
- After health insurance companies scrubbed their websites of leadership information, “wanted” posters in Manhattan, New York, featured the pictures and names of their executives.
While corporations have little control over regulatory requirements and the public’s social media posts, executives have responsibility for their personal cybersecurity and cyber hygiene and that of their immediate family. The organization’s IT or security personnel can and should assist executives with this cyberprotection. Best practices include the executive’s family refraining from posting certain personal details on social media (e.g., real-time vacation updates), conducting a residential cyberthreat assessment, and basic cyber awareness for the executive and family (e.g., recognizing phishing attempts).
Impacts
The hospitalization or death of a chief executive takes a terrible emotional toll on that executive’s family, colleagues, and employees. It can also have significant financial impacts, however temporary, on the company. When United Airlines CEO Oscar Munoz suffered a heart attack and was hospitalized in October 2015, the company’s stock dropped 3.4% the same day the company announced the incident. A week after Brian Thompson’s murder, UnitedHealthcare’s stock had tumbled 13%. Even other health insurance companies lost value. Health insurers CVS Health Corp and Cigna, the third and fourth largest health insurers by market share, respectively, experienced declines in their stocks almost as much as UnitedHealthcare. Centene’s and Humana’s stocks also dropped.
Despite the rarity of targeted violence against corporate executives and other public figures, the list of attacks above shows they have been targeted more frequently in the past five years than they were in the preceding six decades. New or improved security measures such as behavioral threat assessment, security intelligence, competent executive protection teams, and security risk assessments are vital for public figures to mitigate against physical and virtual threats. A failure to assess and mitigate risks can result in worst-case harm to an organization’s executives, the emotional toll on employees, and the loss of organization value.

Kole (KC) Campbell
Kole Campbell, CBCP, CPP®, is a security and intelligence professional with experience and training in intelligence; risk, threat, and vulnerability assessments; security management; and business continuity. He is a Certified Protection Professional (CPP), board certified in security management by ASIS International. He has also earned his Certified Business Continuity Professional (CBCP) certificate from DRI International. During his prior career as a U.S. military intelligence officer, his responsibilities included classified and protective intelligence operations, counter-WMD and counterterrorism recommendations, war and contingency planning, and leading highly sensitive intelligence and other planning efforts against Iran and North Korea. He has led security risk assessments for the U.S. government, private industry, and nonprofits. Mr. Campbell has training in behavioral threat assessment with various structured professional judgment tools. His executive protection experience includes a foreign government dignitary, a corporate client at both 2016 presidential conventions, national and local news media personalities, workplace violence details, and a Fortune 500 CEO. He has training and experience in behavioral threat assessment and management with various structured professional judgment tools. He has presented three times at the Global Security Exchange, the 20,000-attendee flagship conference for the international security industry. He obtained an M.A. in global risk from Johns Hopkins University’s School of Advanced International Studies, an M.A. in military operational art and science from the Air Command & Staff College at the U.S. Air Force’s Air University, and a B.A. in political science from Virginia Tech.
- Kole (KC) Campbell#molongui-disabled-link
- Kole (KC) Campbell#molongui-disabled-link
- Kole (KC) Campbell#molongui-disabled-link
- Kole (KC) Campbell#molongui-disabled-link