Leading Beyond Fear: Strengthening Executive Protection and Security

In a captivating (and somewhat haunting) recent opinion piece, retired General Stanley McChrystal laid plain how pervasive and invasive fear is in our society today. Moreover, he highlighted the fact that many top leaders are deliberately cultivating fear, at everyone else’s expense. All of this is made worse by the fact that fear is now so easily spread over social media and the internet at large.

This has hardened into a now palpable culture of fear where, as McChrystal put it, “Hesitation replaces confidence, cynicism replaces trust, and self-preservation replaces the courage to stand for what is right.”

How can our well-intentioned leaders do their jobs in such an environment? How can they put a stake in the ground and work to fulfill their purpose with action so restricted in this climate of outright and unnerving intimidation? And how do they do this while keeping themselves—and their teams and families—safe? In the business community, we have seen fears proliferating, especially following the murder of United Healthcare CEO Brian Thompson. Many CEOs are now prioritizing their security measures, including executive protection, when they downplayed this before. This augmented threat of personal risk may be making the already tremendously difficult job of CEO less desirable. A new Wall Street Journal article, “Why More CEOs are Heading for the Exit,” makes it clear that CEOs are stepping down (or not taking roles) because the current business climate is just too volatile. Many are choosing stable, less stressed-filled lives, where they can not only attend their child’s athletic events but do so without the need for security.

So how can CEOs—and potential CEO candidates—stand for something and lead assertively without feeling physically vulnerable? We need to ask what this climate is doing to our leaders—it seems to be punishing them rather than elevating them. How can they find greater peace of mind to lead forthrightly on the topics that matter to them and where they can have impact? Safe, timid leading is not leading (and certainly not what is required presently) —real and effective leadership requires confidence and courage. 

For CEOs, entrepreneurs, and other high-profile public and private organization leaders, there is urgency to reassess personal and organizational security strategies. "We’re seeing something unprecedented - executive protection has become a board-level topic of conversation," said Lukas Quanstrom, CEO of Texas-based Ontic. "There's an urgent scramble where boards are asking, 'Are our leaders safe?' It's suddenly a C-suite priority in a way we've never seen before. Every client we're working with is experiencing this shift."

Beyond physical threats, there is also a proliferation of sophisticated “deepfake” technology that has been targeting C-Suite executives. Using AI, for instance, to generate video or audio of CEOs doing things like asking their CFOs to withdraw significant business funds is one repeated action. Also common are threats against executives’ family members, often issued through social media. And there are many more. Living with the specter of these incidents popping up and your family members suffering as well must take a significant toll on leaders who are already stretched in deeply taxing roles.

We recommend boards create a set of questions designed to document the most pressing and emerging risks to the company, its CEO, and executive management. This list, along with related mitigation steps can identify, allay, manage and report on those risks. Organizations should then create an Operational Risk Committee of management (or a similarly named executive group). This committee would actively identify and address top internal and external risks to the CEO and the company. While this is common in banks which must manage operational risk for capital purposes, it is not common for most industries and companies. And even banks don’t necessarily focus their operational risk on the topic of CEO security and increasing emerging risks. But in today’s climate, addressing top executive security forthrightly is imperative across all industries. 

The Operational Risk Committee should annually pinpoint the key operational risks facing the company that could drive a crisis response and impact reputation. The group could be made up of the CEO’s directs (the ExCo) and a few key additional leaders (e.g., VP of Public Relations) and potentially lead outside counsel (to preserve privilege) and advisory representation from a top crisis firm. The CEO does not need to be a member of this committee, but she/he could be its escalation point and provide input on its recommendations, as needed. 

At least once annually, the committee should conduct tabletop exercises to rehearse top scenarios, such as threats to CEO and executive team driven by political or other events, debilitating cyberattack, tech outage, natural disaster, active shooter, etc. We recommend an open discussion and debate during the identification of the scenarios and the tabletop exercise, including key mitigation steps and the identification of a designated leader on point for each scenario. For example, human capital issues should be the domain of the Chief People Officer; Environmental, Social and Governance Issues could be the domain of the Chief Legal Officer. These can all be designed to shield the CEO from having to be the first line of defense and point person for issues that could be well managed by members of the CEO’s team. 

For each risk, members of the committee could be charged with keeping abreast of current trends in their area of risk. For example, geopolitical risks that could impact the company’s management and reputation could be managed by the Chief Administrative Officer or Head of Global Business. Criteria should be identified for determining if the company might need to suspend travel and business to a current country (for regulatory, or safety reasons, for example) and an operational set of steps and communications should be developed for each scenario. 

• One example could be an assessment of the company’s previous response to the invasion of Ukraine by Russia and the resulting sanctions and political responses. 
• A second example could be a potential response to an internal employee error or fraud or an external cyberattack. 
• Another could be a response to a product or company protest or boycott based on perceived or actual company social statement or business policy. For example, a response to a current news story, or company association with a client, vendor or perceived controversial industry or sanctioned nation, organization or individual.

Controversial positions taken by a company could lead to threats of attacks by nation states, criminal organizations, politically motivated activists, etc. In our highly contentious world and nation, these scenarios seem far more likely. Shielding leaders from these topics while maintaining thoughtful policies and communication plans is paramount.

While it is a sad reality that these safety measures are necessary, it is nonetheless a hard truth and should no longer be avoided. The moment we do more to directly face the real and present threat of executive safety and security and address it with everyday corporate policy and action, the more we are doing to face fear and replace it with peace of mind and courage—with proactive leadership.

As FDR famously said, “The only thing to fear is fear itself.” Ninety-two years later, this could not be more fitting. Fear is a debilitating contagion. We need to do everything we can to halt its spread and liberate our leaders. To cease the paralyzing effects of intimidation and fear, let’s find solid, organizational solutions to better protect and safeguard the leaders we so desperately need and the important interests they represent.

*We are deeply grateful for Greg Montana’s expert advice and counsel on this intricate and pressing topic.