President-elect Trump survived two assassination attempts. In May 2024, Slovak PM Robert Fico was severely wounded by an attacker. There is much political violence in the world. Workplace violence, protests and disruptions of annual corporate meetings are common. However, attacks on CEOs have been uncommon even in USA, a country with 393 million privately held firearms (1.2 per person).
The assassination of a globally reputed fortune company CEO in Manhattan has sent shockwaves. It has led to intense board level conversations on security of key executives – what went wrong; what could be done better?
Risk Management is a function of Asset, Threat, Vulnerability, Risk & Control.
Asset: Every organization has assets – something of value. They must be protected. A CEO is a key organizational asset.
Threats exploit vulnerabilities to create risks to assets. Threat can be natural (earthquake, tsunami) or manmade (crime, terror). Threat is a function of capability and intent (difficult to determine). Threat Assessment involves asking – who & what poses risk or hazard to us; what motivates them; how to decipher their intent; does their capability & intent combined constitute a risk?
Vulnerability refers to weakness or gap in a company’s security. Lack of intel, poor security infra, lack of guards, processes andcrisis protocols increase risks. In case of executives, vulnerability can be increased if principals are unwilling to accept a level of security necessary for their protection. Inadequate budgets universally plague corporate security.
Risk: Threats exploit vulnerabilities to create risks to assets. Risk is a function of probability & impact. Take a risk-based approach – if consequences are likely to be low, do not overcommit resources. If the impact is likely to be high (nuclear attack or CEO assassination), even if the probability is low, adequate safeguards need to be in place. Risks add up – with every employee/worker/citizen denied justice or each person denied an insurance claim. Social media presence, travel and public appearances increase risks to executives.
Control: Risks must be minimized by Controls – good intelligence, security deployment, processes & techno-infra interventions. Attackers can be dissuaded by high levels of deterrence – a function of capability & credibility.
Military, law enforcement & corporate security professionals regularly assess risks to organizational assets including key executives. Threat-vulnerability-risk assessment (TVRA) gives a picture of current state and underlines what is working & what is not. They draw up protection plans & commit resources. Identifying assets, understanding threats & vulnerabilities, anticipating security events & potential consequences is essential to prioritizing & deploying security resources.
Corporates should:
- Identify business-critical Assets
- Have an Intelligence apparatus – smart AI intel platform, Analysts & security operations center (SOC)
- Carry out TVRA – identify assets, threats, vulnerabilities, determine risks, recommend controls
- Have a good Security, Executive Protection (EP) & Emergency Response Plan & Team
- Select a good Security Leader & Team, provide Budgets & Resources
- Carry out Wargames & Scenario-planning exercises
- Build a proactive risk aware Culture (Training & Awareness)
- Liaise with law enforcement & emergency services
The tragic death of a senior corporate leader has underlined the need for strengthening corporate security, executive protection, and duty of care. By identifying assets, understanding threats, vulnerabilities & impact, organizations can anticipate and manage risks by judicious application of controls.
MitKat is trusted by world’s most respected corporation to secure their vital assets. MitKat’s AI intel platform “datasurfr” provides real-time risk alerts and human-curated advice for proactive security. MitKat’s tailored consulting, executive protection & crisis management solutions help protect your executives and critical assets.