Contact Us
Hugh O’Rourke
Allied Universal® Enhanced Protection Services, Vice President Consulting
The fatal shooting of UnitedHealthcare CEO Brian Thompson in Midtown Manhattan on December 4, 2024, sparked urgent discussions among organizations about the safety of their executives. Rising anti-capitalist sentiment, amplified rhetoric and increasing protest activity against corporate America continue to heighten the risks for high-profile leaders, especially within the healthcare, pharmaceutical and financial industries.
For many organizations, this tragic incident served as a wake-up call—a stark reminder that threats can emerge without early indicators. In today’s heightened threat environment, reassessing and strengthening executive security programs is not just prudent but essential. The following five key pillars of an effective assessment framework are designed to identify risk and establish a resilient executive security program.
1. Ambient and Specific Threat Assessments
The starting point of any executive security program is to establish the current threat environment. Organizations must assess both ambient threats and specific threats:
- Ambient Threats: Where is the organization’s headquarters? Where do executives live? What are their paths of travel, commute routines and points of exposure?
- Specific Threats: Are there any direct threats communicated through social media, emails, or other channels? Once identified, security teams can investigate these threats, analyzing the severity and geographic implications to determine their acuteness.
This foundational understanding provides the intelligence needed to shape protective measures, including physical security, communication protocols and daily routines.
2. Public Information Exposure Report (PIER)
A growing vulnerability for executives lies in the vast amount of personal information available online. A Public Information Exposure Report (PIER) helps organizations understand how much sensitive data about their executives is accessible by the public.
Many are shocked to learn how easily details like home addresses, family connections, and even itineraries can be uncovered through a simple internet search. Armed with this knowledge, organizations can take proactive steps to reduce their executives’ online footprint, limiting the amount of exploitable information available to potential bad actors.
3. Physical and Procedural Security Assessments
Robust physical and procedural security measures are another critical component of deterrence and should be evaluated within a risk assessment. These measures should be reviewed for corporate facilities and executives’ private residences, which are often overlooked as key areas of vulnerability.
Physical security assessments should focus on intrusion detection systems, surveillance cameras and perimeter access controls. Additionally, procedural security reviews should consider secure transportation protocols, armed drivers, public appearances and a robust screening and vetting process for anyone with direct access to the high-profile individual.
Establishing and regularly testing these measures can significantly enhance security while reinforcing a strong deterrence posture that discourages hostile activity.
4. Mailroom Security Assessments
Often overlooked, an organization’s mailroom can be one of the most vulnerable access points for bad actors intent on harming executives. An unsecured mailroom creates opportunities for a multitude of threats ranging from threatening letters to suspicious packages carrying Chemical, Biological, Radiological and Explosives (CBRE) contents. Evaluations must consider screening technology and processes, screener training, the physical mailroom location and response protocols for handling potential threats.
Properly securing the mailroom is critical to creating a comprehensive executive protection strategy, as the consequences of neglect in this area can extend far beyond inconvenience to serious safety and operational risks.
5. Recommendations for Engaging Local and Federal Resources
Comprehensive risk assessments should include recommendations for engaging external law enforcement and intelligence resources, which are critical for supporting enhanced threat awareness. These may include the following entities:
- Local Law Enforcement: By establishing a liaison between executive protection personnel and law enforcement, organizations can gain important insight into current and potential threats which will assist with preparedness and response efforts.
- State Fusion Centers: These information-sharing hubs were established after 9/11 to help local, state and federal law enforcement agencies collaborate on threats. For organizations, fusion centers provide valuable intelligence on a broad spectrum of evolving protest activity, industry-specific threats and other emerging risks.
- Information Security Advisory Committees: At the federal level, these industry-specific groups help businesses stay informed about specific threats targeting their unique industry sector.
Adapting to a Constantly Changing Threat Landscape
The shooting of the UnitedHealthcare CEO is just one example of how today’s threat environment is increasingly complex and unpredictable. Bad actors, emboldened by societal tensions, a desire for notoriety and a wide variety of vocal anti-capitalist groups, are targeting high-profile organizations with more frequency.
As these risks evolve, so must the strategies organizations use to protect their executives. Deterrence remains the cornerstone of any effective security program. By conducting regular risk and vulnerability assessments, organizations can identify and address gaps before they are exploited. This proactive approach is not only a safeguard but also an investment in resilience and operational continuity.
Learn More About Risk and Vulnerability Consulting
As vice president of Consulting for Allied Universal® Enhanced Protection Services, Hugh O’Rourke brings more than three decades of experience in law enforcement, counterterrorism and high-consequence threat protection to support global clients navigating the complexities of today’s evolving threat landscape. His extensive leadership background provides a unique perspective on risk mitigation, security consulting, and threat assessment.
O’Rourke previously served as a deputy inspector with the New York City Police Department (NYPD), where he spent more than 21 years in key leadership roles, including the Office of the Chief of Patrol and as the executive officer for the NYPD’s first Counterterrorism Division. In this capacity, he worked closely with the federal government as a liaison on intelligence, counterterrorism and critical infrastructure protection.
In addition to his law enforcement career, O’Rourke is a retired colonel with the United States Air Force Reserves. Over a 23-year military career, he served as a force protection officer with the Air Force Office of Special Investigations, completing deployments in Southwest Asia, the Middle East and East Africa.
