The question used to be easy to answer, and the answer used to be no, generally. Most CEOs didn't need executive protection. The handful who did — heads of global energy and defense companies, high-profile founders, executives with active threats — were obvious cases, and the rest were fine with a good alarm system and a thoughtful travel policy.
The question is not easy to answer anymore.
Public hostility toward corporate leadership has moved from a rhetorical posture to a material risk. Social media amplifies grievances instantly and names executives personally. Protest groups research leadership home addresses as a matter of course. Healthcare, energy, pharmaceutical, financial services, and technology executives now routinely find themselves personally targeted — by name, by photo, by address — in ways that would have been unthinkable a decade ago. The December 2024 assassination of a healthcare CEO in midtown Manhattan did not create this risk environment. It crystallized it.
And yet most companies are not equipped to make a rigorous, risk-based decision about executive protection. They either do nothing, or they overreact, or they hire the person a friend recommended and hope the decision never gets tested. None of those is a defensible posture for a board that owes a duty of care to its key personnel.
This guide walks through how to make that decision properly — what risk indicators warrant executive protection, what a real EP program actually includes, and how to scale a program to the threat without overspending on theater.
What Executive Protection Actually Is (and Isn't)
Executive protection, done well, is not a person in a dark suit standing next to the CEO. It's a layered risk-management program that reduces the probability and severity of harm to a principal across the environments in which they live, work, travel, and appear in public.
The common misconceptions:
"EP means bodyguards." Close protection is one layer among many, and not always the most important. Intelligence, advance work, residential hardening, and digital monitoring often prevent incidents that close protection would only respond to.
"EP is for the ride to work." Incidents overwhelmingly cluster at transitions — arrivals, departures, predictable movements, public appearances, and the home. A program focused only on the workday ignores where the actual exposure is.
"We can handle it with a corporate driver." A driver with no protective and defensive driving training, no counter-surveillance skills, and no coordination with intelligence and advance functions is a convenience, not protection.
"If something happens, we'll call the police." Police respond. Protection prevents. The two are not substitutes.
Risk Indicators That Warrant Executive Protection
Not every executive needs a protection program. But if two or more of the following apply, a formal principal threat assessment is warranted:
1. Public profile and media exposure. Frequent media appearances, named quotes on controversial issues, an active public social presence, or a personal brand that operates independently of the company.
2. Industry exposure. Healthcare, energy, pharmaceutical, financial services during downturns, technology platforms facing regulatory backlash, and any company under active boycott or divestment pressure.
3. Documented threats or incidents. Specific threats — emailed, phoned, delivered, posted online, or surfaced through open-source intelligence. Near-miss incidents (a stranger at the residence, a car following an executive's commute, doxxing of home address) are early indicators that should not be dismissed.
4. International travel to high-risk jurisdictions. Kidnap-for-ransom risk, state-level intelligence targeting, travel to jurisdictions with active conflict or rule-of-law concerns.
5. Corporate events creating elevated exposure. Layoffs, plant closings, major litigation, contested M&A, activist campaigns, bankruptcy, and labor disputes predictably correlate with threat spikes.
6. Personal factors. Public statements on polarizing issues, high-visibility philanthropy, family members with public profiles, recent divorce or custody disputes, and geographic concentration that makes the executive predictable and findable.
What a Real Executive Protection Program Includes
A mature corporate executive protection program typically includes most or all of the following layers, tuned to the assessed threat:
Protective intelligence. Ongoing monitoring of open-source and dark-web mentions, social media threat language, doxxing indicators, and specific threat actors. This layer most often prevents incidents.
Close protection. Trained specialists — typically former federal, state, or military with specific protective training — at defined exposure points: commutes, public appearances, travel, and events.
Advance work. Survey venues, identify exits, coordinate with local law enforcement, plan arrival and departure, identify nearest trauma-capable medical facilities. For international travel, coordinate with US Embassy personnel.
Residential security. Physical hardening (access control, surveillance, intrusion detection, safe-room planning), residential staff vetting, mail and package screening. The home is where most successful attacks on executives have occurred historically.
Secure transportation. Vetted drivers with defensive driving training, route planning with alternates, counter-surveillance, and appropriate vehicle selection.
Digital and OSINT protection. Personal data removal from broker sites, monitoring of doxxing and impersonation, protection of family social media, device security.
Technical Surveillance and Counter Measures (TSCM) Survey. Often overlooked — should be conducted regularly on the principal's office, residence, and before critical board meetings. Includes RF spectrum search, wireless camera detection, thermal imaging, and physical inspection.
How to Scale a Program and Make a Defensible Board Decision
Not every indicator warrants a full detail. Common configurations:
Travel-only coverage. For executives whose domestic life is low-risk but whose travel takes them into elevated-risk jurisdictions. Relatively low cost, high return.
Event and appearance coverage. For executives whose public appearances are the primary exposure point. Cost scales with frequency.
Part-time or as-needed close protection. Coverage triggered by specific conditions — elevated threat level, corporate events, specific meetings — rather than continuous.
Full principal program. Continuous close protection, residential coverage, travel, intelligence, and family protection. Appropriate for executives whose assessed threat profile warrants it.
A well-scaled program is typically the least-expensive program that would still have worked for the most likely bad-day scenario.
The Falcon Consulting Group provides executive protection, travel risk management, residential and facility security, protective intelligence, and principal threat assessments. Our associates are former federal, state, and local law enforcement officers with protective-operations and high-threat-environment experience, including deployments in Iraq and Afghanistan.