Chertoff Group Principal and Head of Security Risk & Resilience Ben Joelson spoke with CNBC reporter Bertha Coombs about how corporate security leaders are reconsidering their priorities in the wake of the shooting of United Healthcare CEO Brian Thompson. In a related LinkedIn post, Joelson shared the following observations on Executive Protection:
Executive Protection requires balance
Effective close protection requires a continuous balancing of the principal’s quality of life and personal preferences (where to stay, how close to walk, etc.); triaging aspirational chatter online and trying to determine if it’s real or not–or could escalate; and keeping a close protection team motivated through long periods of non-events to fight complacency. Professionals in these challenging protection roles deserve our respect.
Black swan not sea change event
This event should serve as a wake-up call to ensure that Executive Protection programs are properly tuned. If you’re in the health insurance or an adjacent industry, the program likely warrants some recalibration. However, at this stage, The Chertoff Group is viewing this more as a black swan vs. sea-change event–recognizing that may be a nuanced message to convey to concerned executives.
Risk is managed not eliminated
Security risk – as with any risk – can only be managed, never fully eliminated, and will always require expert human judgement. This is sometimes difficult for data-driven executives to accept, particularly if they’re accustomed to managing financial risk in quantitative ways. The Chertoff Group always recommends using data to support decisions, but the threats are as creative as the adversaries, and this creates infinite attack scenarios where modeling and data analytics still fall short. The most effective programs rely on a deep and intuitive relationship between detail leaders and their executive protectees.
Motivated adversaries conduct significant pre-attack planning and are nuanced in target selection
Many programs understandably prioritize the protection of their top executive. This attack demonstrates that certain positions within companies can carry a higher inherent risk and, with the availability of online information and echo chambers, can lead to more nuanced targeting of Tier-2 executives in potentially controversial roles.
More on the CNBC interview
Along these same themes, Joelson told CNBC that leaders in large corporations are expanding their thought process beyond the chief executive to others in high profile positions, in terms of who may be a target and in need of security protection.
Insurers and other companies removing images of their executives and board members is “a prudent step,” Joelson said.
“What they’re trying to do is basically reduce the online risk surface and what’s out there in terms of available digital dust around their executives,” Joelson said. “I do think as we learn more about this specific motive, and obviously, there’s some clues that this was … clearly targeted based on the executive’s position, companies will react and kind of adjust their protection profiles accordingly.”
He also said his company is “helping several clients in the Fortune 500 right now re-evaluate their approach to investor meetings, shareholder meetings, and making sure they have that protective bubble around their key decision makers.”
“When you pre-announce an event at a location and you identify who’s going to be there, you increase the risk of that event, and you have to plan for that accordingly,” Joelson said. Joelson said that the Chertoff Group saw an increase in queries from companies about their security since the two attempted assassinations of President-elect Donald Trump.
“There have been certain clients and boards that have been asking, ‘Are we doing what’s best for our executives?” Joelson said. “Are we doing what an ordinary, reasonably prudent company should be doing?”
Read the full story on CNBC.
